See: Description
| Class | Description |
|---|---|
| AttributeSourcedSubjectCanonicalization |
An action that extracts a resolved
IdPAttribute value from an AttributeContext child obtained via
lookup function (by default a child of the SubjectCanonicalizationContext), and uses it as the result
of subject canonicalization. |
| DefaultAuthenticationResultSerializer |
Handles serialization of results, delegating handling of
Principal objects to one or more
PrincipalSerializer plugins. |
| DoLockoutManagerOperation |
Action that implements a JSON REST API for the
AccountLockoutManager interface. |
| ExternalAuthenticationImpl |
Implementation of the
ExternalAuthentication API that handles moving information in and out
of request attributes. |
| ExtractKerberosTicketFromWSSToken |
TODO.
|
| ExtractRemoteUser |
An action that extracts an asserted user identity from the incoming request, creates a
UsernameContext, and attaches it to the AuthenticationContext. |
| ExtractUserAgentAddress |
An action that extracts the user-agent's IP address from the incoming request, creates a
UserAgentContext, and attaches it to the AuthenticationContext. |
| ExtractUserAgentIdentifier |
An action that extracts the user-agent's identifier from the incoming request, creates a
UserAgentContext, and attaches it to the AuthenticationContext. |
| ExtractUsernamePasswordFromBasicAuth |
/**
An action that extracts a username and password from the HTTP
HttpHeaders.AUTHORIZATION header,
creates a UsernamePasswordContext, and attaches it to the AuthenticationContext. |
| ExtractUsernamePasswordFromFormRequest |
An action that extracts a username and password from an HTTP form body or query string,
creates a
UsernamePasswordContext, and attaches it to the AuthenticationContext. |
| ExtractUsernamePasswordFromWSSToken |
An authentication stage that extracts a username/password from the WSS Username/Password attached to a SOAP message.
|
| ExtractX509CertificateFromRequest |
An action that extracts an X.509 certificate from the standard servlet request attribute,
creates a
CertificateContext, and attaches it to the AuthenticationContext. |
| FilterFlowsByAttribute |
An authentication action that filters out potential authentication flows by comparing an
IdPAttribute's
values to the custom principals supported by each flow. |
| FilterFlowsByForcedAuthn |
An authentication action that filters out potential authentication flows if the request requires
forced authentication or max age behavior and the flows don't support forced authentication.
|
| FilterFlowsByNonBrowserSupport |
An authentication action that filters out potential authentication flows if the request requires
non-browser support and the flows require a browser.
|
| FilterFlowsByPassivity |
An authentication action that filters out potential authentication flows if the request requires
passive behavior and the flows don't support passive authentication.
|
| FinalizeAuthentication |
An authentication action that runs after a completed authentication flow (or the reuse
of an active result) and transfers information from other contexts into a
SubjectContext
child of the ProfileRequestContext. |
| FinalizeMultiFactorAuthentication |
An authentication action that completes MFA by producing a final
AuthenticationResult
out of whatever constituent parts and pieces exist, by means of an overridable function,
storing it in the AuthenticationContext and preparing a fresh SubjectCanonicalizationContext
to operate on. |
| FinalizeMultiFactorAuthentication.DefaultResultMergingStrategy |
Default merging strategy to combine individual
AuthenticationResult objects into a
single result. |
| InitializeRequestedPrincipalContext |
An action that creates an
RequestedPrincipalContext and attaches it to the current
AuthenticationContext, if the profile request context contains a RelyingPartyContext
with an AuthenticationProfileConfiguration containing one or more default authentication
methods. |
| KeystoreResourceCredentialConfig |
Implementation of
CredentialConfig that loads keystore and truststore data using a Resource. |
| PopulateAuthenticationContext |
An action that populates an
AuthenticationContext with the AuthenticationFlowDescriptor
objects configured into the IdP, potential flows filtered by flow IDs from a lookup function. |
| PopulateMultiFactorAuthenticationContext |
An action that creates and populates a
MultiFactorAuthenticationContext with the set of
transition rules to use for coordinating activity, the executing AuthenticationFlowDescriptor
and with any active "factors" found, if an active result from the MFA flow is present in the
AuthenticationContext. |
| PopulateSubjectCanonicalizationContext |
An action that populates a
SubjectCanonicalizationContext with the
SubjectCanonicalizationFlowDescriptor objects configured into the IdP. |
| PreserveAuthenticationFlowState |
An action that extracts configured parameters from a servlet request and populates
AuthenticationContext.getAuthenticationStateMap() with the data. |
| RemoteUserAuthServlet |
Extracts authentication information from the request and returns it via the IdP's external authentication
interface.
|
| SelectAuthenticationFlow |
An authentication action that selects an authentication flow to invoke, or re-uses an
existing result for SSO.
|
| SelectSubjectCanonicalizationFlow |
A canonicalization action that selects a canonicalization flow to invoke.
|
| SimpleSubjectCanonicalization |
An action that operates on a
SubjectCanonicalizationContext child of the current
ProfileRequestContext, and transforms the input Subject
into a principal name by searching for one and only one UsernamePrincipal custom principal. |
| SimpleSubjectCanonicalization.ActivationCondition |
A predicate that determines if this action can run or not.
|
| StorageBackedAccountLockoutManager |
Implementation of
AccountLockoutManager interface that relies on a StorageService
to track lockout state. |
| StorageBackedAccountLockoutManager.UsernameIPLockoutKeyStrategy |
A function to generate a key for lockout storage.
|
| TransitionMultiFactorAuthentication |
An authentication action that acts as the master evaluation step regulating execution
of transitions between MFA stages.
|
| ValidateExternalAuthentication |
An action that checks for an
ExternalAuthenticationContext and directly produces an
AuthenticationResult or records error state based on the
contents. |
| ValidateFunctionResult |
An action that executes a deployer-supplied function and produces an
AuthenticationResult based on the function result. |
| ValidateRemoteUser |
An action that checks for a
UsernameContext and directly produces an
AuthenticationResult based on that identity. |
| ValidateUserAgentAddress |
An action that ensures that a user-agent address found within a
UserAgentContext
is within a given range and generates an AuthenticationResult. |
| ValidateUsernamePasswordAgainstJAAS |
An action that checks for a
UsernamePasswordContext and directly produces an
AuthenticationResult based on that identity by invoking a JAAS configuration. |
| ValidateUsernamePasswordAgainstKerberos |
An action that checks for a
UsernamePasswordContext and directly produces an
AuthenticationResult based on that identity by acquiring
a TGT and optional service ticket from Kerberos. |
| ValidateUsernamePasswordAgainstLDAP |
An action that checks for a
UsernamePasswordContext and directly produces an
AuthenticationResult based on that identity by authenticating against an LDAP. |
| ValidateX509Certificate |
An action that checks for a
CertificateContext containing X509Certificate objects, and
directly produces an AuthenticationResult based on that identity, after
optionally validating the certificate(s) against a TrustEngine. |
| X500SubjectCanonicalization |
An action that operates on a
SubjectCanonicalizationContext child of the current
ProfileRequestContext, and transforms the input Subject
into a principal name by searching for one and only one X509Certificate public credential,
or in its absence one and only one X500Principal. |
| X500SubjectCanonicalization.ActivationCondition |
A predicate that determines if this action can run or not.
|
| X509AuthServlet |
Servlet compatible with the
ExternalAuthentication interface that extracts and validates
an X.509 client certificate for user authentication. |
| X509ProxyFilter |
Servlet filter to translate Apache mod_ssl certificate variables into Java servlet attributes.
|
| X509ResourceCredentialConfig |
Implementation of
CredentialConfig that loads trust and key material using a Resource. |
Copyright © 1999–2018 Shibboleth Consortium. All rights reserved.