All Classes

Class Summary

Class	Description
AbstractDuoAuthenticator	A base class for authentication actions which call a Duo AuthAPI endpont.
AttributeSourcedSubjectCanonicalization	An action that extracts a resolved IdPAttribute value from an AttributeContext child obtained via lookup function (by default a child of the SubjectCanonicalizationContext), and uses it as the result of subject canonicalization.
AuthenticationFlowAuditExtractor	Function that returns the authentication flow ID used to satisfy a request.
AuthenticationFlowDescriptorManager	Manager of AuthenticationFlowDescriptor objects.
AuthenticationResultPrincipalSerializer	Principal serializer for AuthenticationResultPrincipal.
DefaultAuthenticationResultSerializer	Handles serialization of results, delegating handling of Principal objects to one or more PrincipalSerializer plugins.
DiscoveryProfileRequestFunction	A Function that produces a discovery request URL using the protocol defined in https://wiki.oasis-open.org/security/IdpDiscoSvcProtonProfile
DoLockoutManagerOperation	Action that implements a JSON REST API for the AccountLockoutManager interface.
DuoAuthAPIResponse	Describes the results of a Duo AuthAPI call, intended for use with a jackson ObjectMapper.
DuoAuthAuthenticator	Implementation of the the Duo AuthApi /v2/auth endpoint.
DuoAuthResponse	Describes the results of an authentication attempt via the Duo AuthAPI, intended for use with a jackson ObjectMapper.
DuoDevice	Represents a Duo device, intended for use with a jackson ObjectMapper.
DuoFailureResponse	Describes the failure of a Duo AuthAPI call.
DuoPreauthAuthenticator	Implementation of the the Duo AuthAPI /v2/preauth endpoint.
DuoPreauthResponse	Describes the results of an pre-authentication attempt via the Duo AuthAPI.
DuoResponseWrapper<T extends DuoAuthAPIResponse>	Handle a generic object returned from the response that will come from the Duo AuthAPI.
DuoSupport	Helpers for DuoWeb and Duo AuthAPI operations.
ExactPrincipalEvalPredicateFactory	PrincipalEvalPredicateFactory that implements exact matching of principals, and works for any type.
ExternalAuthenticationImpl	Implementation of the ExternalAuthentication API that handles moving information in and out of request attributes.
ExtractDiscoveryResponse	An action that extracts a discovery service result and copies it to the AuthenticationContext.
ExtractDuoAuthenticationFromHeaders	An action that extracts the Duo factor and device or passcode from HTTP request headers into a DuoAuthenticationContext, and attaches it to the AuthenticationContext.
ExtractKerberosTicketFromWSSToken	TODO.
ExtractRemoteUser	An action that extracts an asserted user identity from the incoming request, creates a UsernameContext, and attaches it to the AuthenticationContext.
ExtractUserAgentAddress	An action that extracts the user-agent's IP address from the incoming request, creates a UserAgentContext, and attaches it to the AuthenticationContext.
ExtractUserAgentIdentifier	An action that extracts the user-agent's identifier from the incoming request, creates a UserAgentContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromBasicAuth	/** An action that extracts a username and password from the HTTP HttpHeaders.AUTHORIZATION header, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromFormRequest	An action that extracts a username and password from an HTTP form body or query string, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromWSSToken	An authentication stage that extracts a username/password from the WSS Username/Password attached to a SOAP message.
ExtractX509CertificateFromRequest	An action that extracts an X.509 certificate from the standard servlet request attribute, creates a CertificateContext, and attaches it to the AuthenticationContext.
FilterFlowsByForcedAuthn	An authentication action that filters out potential authentication flows if the request requires forced authentication or max age behavior and the flows don't support forced authentication.
FilterFlowsByNonBrowserSupport	An authentication action that filters out potential authentication flows if the request requires non-browser support and the flows require a browser.
FinalizeAuthentication	An authentication action that runs after a completed authentication flow (or the reuse of an active result) and transfers information from other contexts into a SubjectContext child of the ProfileRequestContext.
FinalizeMultiFactorAuthentication	An authentication action that completes MFA by producing a final AuthenticationResult out of whatever constituent parts and pieces exist, by means of an overridable function, storing it in the AuthenticationContext and preparing a fresh SubjectCanonicalizationContext to operate on.
FinalizeMultiFactorAuthentication.DefaultResultMergingStrategy	Default merging strategy to combine individual AuthenticationResult objects into a single result.
GSSAcceptorLoginModule	Kerberos login utility for the context acceptor, encapsulates a number of special options used to create a security context for the GSS acceptor, usually based on a keytab file.
GSSContextAcceptor	Helper class that manages context establishment for the SPNEGO GSS-API mechanism.
HTPasswdCredentialValidator	A password validator that authenticates against Apache htpasswd files.
IdPAttributePrincipalSerializer	Principal serializer for IdPAttributePrincipal.
InexactPrincipalEvalPredicateFactory	PrincipalEvalPredicateFactory that implements inexact matching of principals, based on an arbitrary set of "matches" configured at runtime.
InitializeProxyProfileRequestContext	Action that creates a new ProfileRequestContext via a creation strategy, and sets the profile and logging IDs, if provided.
InitializeRequestedPrincipalContext	An action that creates an RequestedPrincipalContext and attaches it to the current AuthenticationContext, if the profile request context contains a RelyingPartyContext with an AuthenticationProfileConfiguration containing one or more default authentication methods.
JAASCredentialValidator	A password validator that authenticates against JAAS.
KerberosCredentialValidator	A password validator that authenticates against Kerberos natively, with optional service ticket verification.
KerberosRealmSettings	Kerberos realm settings for the SPNEGO authentication flow.
KerberosSettings	Kerberos settings for the SPNEGO authentication flow.
KeystoreResourceCredentialConfig	Implementation of CredentialConfig that loads keystore and truststore data using a Resource.
LDAPCredentialValidator	A password validator that authenticates against LDAP natively.
LDAPPrincipalSerializer	Principal serializer for LdapPrincipal.
PopulateAuthenticationContext	An action that populates an AuthenticationContext with the AuthenticationFlowDescriptor objects configured into the IdP, potential flows filtered by flow IDs from a lookup function.
PopulateMultiFactorAuthenticationContext	An action that creates and populates a MultiFactorAuthenticationContext with the set of transition rules to use for coordinating activity, the executing AuthenticationFlowDescriptor and with any active "factors" found, if an active result from the MFA flow is present in the AuthenticationContext.
PopulateSubjectCanonicalizationContext	An action that populates a SubjectCanonicalizationContext with the SubjectCanonicalizationFlowDescriptor objects configured into the IdP.
PreserveAuthenticationFlowState	An action that extracts configured parameters from a servlet request and populates AuthenticationContext.getAuthenticationStateMap() with the data.
ProxyAuthenticationPrincipalSerializer	Principal serializer for ProxyAuthenticationPrincipal.
RelyingPartyMapJAASLoginConfigStrategy	An implementation of the loginConfigStrategy for JAASCredentialValidator which uses a supplied map to resolve the JAAS config to use.
RemoteUserAuthServlet	Extracts authentication information from the request and returns it via the IdP's external authentication interface.
SelectAuthenticationFlow	An authentication action that selects an authentication flow to invoke, or re-uses an existing result for SSO.
SelectSubjectCanonicalizationFlow	A canonicalization action that selects a canonicalization flow to invoke.
SimpleSubjectCanonicalization	An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one UsernamePrincipal custom principal.
SimpleSubjectCanonicalization.ActivationCondition	A predicate that determines if this action can run or not.
SPNEGOAuthnController	MVC controller for managing the SPNEGO exchanges implemented as an ExternalAuthentication mechanism.
SPNEGOAutoLoginManager	Component managing the auto-login state via cookie.
SPNEGOContext	Context, usually attached to AuthenticationContext, that carries configuration data and request state for SPNEGO authentication.
StorageBackedAccountLockoutManager	Implementation of AccountLockoutManager interface that relies on a StorageService to track lockout state.
StorageBackedAccountLockoutManager.UsernameIPLockoutKeyStrategy	A function to generate a key for lockout storage.
TransitionMultiFactorAuthentication	An authentication action that acts as the driver regulating execution of transitions between MFA stages.
ValidateCredentials	An action that processes a list of CredentialValidator objects to produce an AuthenticationResult.
ValidateCredentials.UsernamePasswordCleanupHook	A default cleanup hook that removes the UsernamePasswordContext from the tree.
ValidateDuoAuthAPI	An action that checks for a DuoAuthenticationContext and directly produces an AuthenticationResult based on that identity by authenticating against the Duo AuthAPI.
ValidateDuoWebResponse	An action that validates a DuoWeb response message and produces an AuthenticationResult or records error state.
ValidateExternalAuthentication	An action that checks for an ExternalAuthenticationContext and directly produces an AuthenticationResult or records error state based on the contents.
ValidateFunctionResult	An action that executes a deployer-supplied function and produces an AuthenticationResult based on the function result.
ValidateRemoteUser	An action that checks for a UsernameContext and directly produces an AuthenticationResult based on that identity.
ValidateUserAgentAddress	An action that ensures that a user-agent address found within a UserAgentContext is within a given range and generates an AuthenticationResult.
X500PrincipalSerializer	Principal serializer for X500Principal.
X500SubjectCanonicalization	An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one X509Certificate public credential, or in its absence one and only one X500Principal.
X500SubjectCanonicalization.ActivationCondition	A predicate that determines if this action can run or not.
X509AuthServlet	Servlet compatible with the ExternalAuthentication interface that extracts and validates an X.509 client certificate for user authentication.
X509CertificateCredentialValidator	A credential validator that validates an X.509 certificate.
X509ProxyFilter	Servlet filter to translate Apache mod_ssl certificate variables into Java servlet attributes.
X509ResourceCredentialConfig	Implementation of CredentialConfig that loads trust and key material using a Resource.