net.shibboleth.idp.authn.duo.impl

Class ValidateDuoAuthAPI

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractValidationAction

net.shibboleth.idp.authn.duo.impl.ValidateDuoAuthAPI

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class ValidateDuoAuthAPI
extends AbstractValidationAction

An action that checks for a DuoAuthenticationContext and directly produces an AuthenticationResult based on that identity by authenticating against the Duo AuthAPI.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.AUTHN_EXCEPTION, AuthnEventIds.ACCOUNT_LOCKED, AuthnEventIds.ACCOUNT_WARNING, AuthnEventIds.ACCOUNT_ERROR, AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS

Precondition:

      ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null
      

Postcondition:

If AuthenticationContext.getSubcontext(DuoAuthenticationContext.class) != null, then an AuthenticationResult is saved to the AuthenticationContext on a successful login. On a failed login, the AbstractValidationAction.handleError(ProfileRequestContext, AuthenticationContext, String, String) method is called.

Field Summary

Fields

Modifier and Type	Field and Description
private DuoAuthAuthenticator	authAuthenticator Implementation of Duo AuthApi /auth endpoint.
private static String	DEFAULT_METRIC_NAME Default prefix for metrics.
private DuoAuthenticationContext	duoContext DuoApi context for tokens.
private DuoIntegration	duoIntegration Duo integration to use.
private com.google.common.base.Function<ProfileRequestContext,DuoIntegration>	duoIntegrationLookupStrategy Lookp strategy for Duo integration.
private org.slf4j.Logger	log Class logger.
private DuoPreauthAuthenticator	preauthAuthenticator Implementation of Duo AuthApi /preauth enpoint.
private String	username Attempted username.
private com.google.common.base.Function<ProfileRequestContext,String>	usernameLookupStrategy Lookup strategy for username to match against Duo identity.

Constructor Summary

Constructors

Constructor and Description
ValidateDuoAuthAPI() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	buildAuthenticationResult(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected Subject	populateSubject(Subject subject)
void	setAuthAuthenticator(DuoAuthAuthenticator authenticator) Set the DuoAuthAuthenticator.
void	setDuoIntegration(DuoIntegration duo) Set DuoIntegration details to use directly.
void	setDuoIntegrationLookupStrategy(com.google.common.base.Function<ProfileRequestContext,DuoIntegration> strategy) Set DuoIntegration lookup strategy to use.
void	setPreauthAuthenticator(DuoPreauthAuthenticator authenticator) Set the DuoPreauthAuthenticator.
void	setUsernameLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy) Set the lookup strategy to use for the username to match against Duo identity.

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

addDefaultPrincipals, getClassifiedErrors, getMetricName, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

DEFAULT_METRIC_NAME

@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME

Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
@NotEmpty
private final org.slf4j.Logger log

Class logger.

duoIntegrationLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,DuoIntegration> duoIntegrationLookupStrategy

Lookp strategy for Duo integration.

usernameLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,String> usernameLookupStrategy

Lookup strategy for username to match against Duo identity.

authAuthenticator

@Nonnull
private DuoAuthAuthenticator authAuthenticator

Implementation of Duo AuthApi /auth endpoint.

preauthAuthenticator

@Nonnull
private DuoPreauthAuthenticator preauthAuthenticator

Implementation of Duo AuthApi /preauth enpoint.

duoContext

@Nonnull
@NotEmpty
private DuoAuthenticationContext duoContext

DuoApi context for tokens.

duoIntegration

@Nullable
private DuoIntegration duoIntegration

Duo integration to use.

username

@Nullable
@NotEmpty
private String username

Attempted username.

Constructor Detail

ValidateDuoAuthAPI

public ValidateDuoAuthAPI()

Constructor.

Method Detail

setDuoIntegrationLookupStrategy

public void setDuoIntegrationLookupStrategy(@Nonnull
                                   com.google.common.base.Function<ProfileRequestContext,DuoIntegration> strategy)

Set DuoIntegration lookup strategy to use.

Parameters:

strategy - lookup strategy

setDuoIntegration

public void setDuoIntegration(@Nonnull
                     DuoIntegration duo)

Set DuoIntegration details to use directly.

Parameters:

duo - Duo integration details

setUsernameLookupStrategy

public void setUsernameLookupStrategy(@Nonnull
                             com.google.common.base.Function<ProfileRequestContext,String> strategy)

Set the lookup strategy to use for the username to match against Duo identity.

Parameters:

strategy - lookup strategy

setAuthAuthenticator

public void setAuthAuthenticator(@Nonnull
                        DuoAuthAuthenticator authenticator)

Set the DuoAuthAuthenticator.

Parameters:

authenticator - a Duo AuthAPI /auth endpoint implementation

setPreauthAuthenticator

public void setPreauthAuthenticator(@Nonnull
                           DuoPreauthAuthenticator authenticator)

Set the DuoPreauthAuthenticator.

Parameters:

authenticator - a Duo AuthAPI /preauth endpoint implementation

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext,
                   @Nonnull
                   AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class AbstractValidationAction

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

populateSubject

protected Subject populateSubject(@Nonnull
                      Subject subject)

Specified by:

populateSubject in class AbstractValidationAction

buildAuthenticationResult

protected void buildAuthenticationResult(@Nonnull
                             ProfileRequestContext profileRequestContext,
                             @Nonnull
                             AuthenticationContext authenticationContext)

Overrides:

buildAuthenticationResult in class AbstractValidationAction