net.shibboleth.idp.authn.duo.impl

Class ExtractDuoAuthenticationFromHeaders<InboundMessageType,OutboundMessageType>

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.duo.impl.ExtractDuoAuthenticationFromHeaders<InboundMessageType,OutboundMessageType>

Type Parameters:

InboundMessageType - type of in-bound message

OutboundMessageType - type of out-bound message

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction<InboundMessageType,OutboundMessageType>, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class ExtractDuoAuthenticationFromHeaders<InboundMessageType,OutboundMessageType>
extends AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>

An action that extracts the Duo factor and device or passcode from HTTP request headers into a DuoAuthenticationContext, and attaches it to the AuthenticationContext.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.NO_CREDENTIALS

Precondition:

      ProfileRequestContext.getSubcontext(AuthenticationContext.class) != null
      

Postcondition:

If getHttpServletRequest() != null, the content of the headers are checked. The information found will be attached via a DuoAuthenticationContext.

Field Summary

Fields

Modifier and Type	Field and Description
private boolean	autoAuthenticationSupported Whether "auto" should be the default for factor and device.
private boolean	clientAddressTrusted Whether to trust, and extract, the client address.
private String	deviceHeaderName Header name for device.
private String	factorHeaderName Header name for factor.
private org.slf4j.Logger	log Class logger.
private String	passcodeHeaderName Header name for passcode.
private com.google.common.base.Function<ProfileRequestContext,Map<String,String>>	pushInfoLookupStrategy Strategy function for populating pushinfo AuthAPI parameter.

Constructor Summary

Constructors

Constructor and Description
ExtractDuoAuthenticationFromHeaders() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	doExecute(ProfileRequestContext<InboundMessageType,OutboundMessageType> profileRequestContext, AuthenticationContext authenticationContext)
protected void	extractHeaders(DuoAuthenticationContext context) Extracts the Duo API arguments passed in via the request headers.
boolean	isAutoAuthenticationSupported() Get whether "auto" is the default setting.
boolean	isClientAddressTrusted() Get whether the client address should be trusted for use in API calls.
void	setAutoAuthenticationSupported(boolean flag) Set whether "auto" is the default setting.
void	setClientAdddressTrusted(boolean flag) Set whether the client address should be trusted for use in API calls.
void	setDeviceHeader(String headerName) Set the device header name.
void	setFactorHeader(String headerName) Set the factor header name.
void	setPasscodeHeader(String headerName) Set the passcode header name.
void	setPushInfoLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Map<String,String>> strategy) Set lookup strategy for AuthAPI pushinfo parameter.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

autoAuthenticationSupported

private boolean autoAuthenticationSupported

Whether "auto" should be the default for factor and device.

clientAddressTrusted

private boolean clientAddressTrusted

Whether to trust, and extract, the client address.

factorHeaderName

@Nonnull
@NotEmpty
private String factorHeaderName

Header name for factor.

deviceHeaderName

@Nonnull
@NotEmpty
private String deviceHeaderName

Header name for device.

passcodeHeaderName

@Nonnull
@NotEmpty
private String passcodeHeaderName

Header name for passcode.

pushInfoLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Map<String,String>> pushInfoLookupStrategy

Strategy function for populating pushinfo AuthAPI parameter.

Constructor Detail

ExtractDuoAuthenticationFromHeaders

ExtractDuoAuthenticationFromHeaders()

Constructor.

Method Detail

setFactorHeader

public void setFactorHeader(@Nonnull@NotEmpty
                   String headerName)

Set the factor header name.

Parameters:

headerName - the factor header name

setDeviceHeader

public void setDeviceHeader(@Nonnull@NotEmpty
                   String headerName)

Set the device header name.

Parameters:

headerName - the factor header name

setPasscodeHeader

public void setPasscodeHeader(@Nonnull@NotEmpty
                     String headerName)

Set the passcode header name.

Parameters:

headerName - the factor header name

isClientAddressTrusted

public boolean isClientAddressTrusted()

Get whether the client address should be trusted for use in API calls.

Returns:

whether client address should be trusted

setClientAdddressTrusted

public void setClientAdddressTrusted(boolean flag)

Set whether the client address should be trusted for use in API calls.

Parameters:

flag - flag to set

isAutoAuthenticationSupported

public boolean isAutoAuthenticationSupported()

Get whether "auto" is the default setting.

Returns:

whether "auto" is the default setting

setAutoAuthenticationSupported

public void setAutoAuthenticationSupported(boolean flag)

Set whether "auto" is the default setting.

Parameters:

flag - flag to set

setPushInfoLookupStrategy

public void setPushInfoLookupStrategy(@Nullable
                             com.google.common.base.Function<ProfileRequestContext,Map<String,String>> strategy)

Set lookup strategy for AuthAPI pushinfo parameter.

Parameters:

strategy - lookup strategy

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext<InboundMessageType,OutboundMessageType> profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>

extractHeaders

protected void extractHeaders(@Nonnull
                  DuoAuthenticationContext context)

Extracts the Duo API arguments passed in via the request headers.

Parameters:

context - the DuoApiAuthContext to store the parameters in