java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction
  - - org.opensaml.profile.action.AbstractConditionalProfileAction
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.authn.AbstractAuthenticationAction
        
        net.shibboleth.idp.authn.AbstractValidationAction
        
        net.shibboleth.idp.authn.duo.impl.ValidateDuoAuthAPI

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
```
public class ValidateDuoAuthAPI
extends AbstractValidationAction
```
An action that checks for a DuoAuthenticationContext and directly produces an AuthenticationResult based on that identity by authenticating against the Duo AuthAPI.
Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.AUTHN_EXCEPTION, AuthnEventIds.ACCOUNT_LOCKED, AuthnEventIds.ACCOUNT_WARNING, AuthnEventIds.ACCOUNT_ERROR, AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS

Precondition:
```
      ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null
      
```
Postcondition:

If AuthenticationContext.getSubcontext(DuoAuthenticationContext.class) != null, then an AuthenticationResult is saved to the AuthenticationContext on a successful login. On a failed login, the AbstractValidationAction.handleError(ProfileRequestContext, AuthenticationContext, String, String) method is called.

Field Summary

Fields
Modifier and Type	Field	Description
`private DuoAuthAuthenticator`	`authAuthenticator`	Implementation of Duo AuthApi /auth endpoint.
`private static String`	`DEFAULT_METRIC_NAME`	Default prefix for metrics.
`private DuoAuthenticationContext`	`duoContext`	DuoApi context for tokens.
`private DuoIntegration`	`duoIntegration`	Duo integration to use.
`private Function<ProfileRequestContext,DuoIntegration>`	`duoIntegrationLookupStrategy`	Lookp strategy for Duo integration.
`private org.slf4j.Logger`	`log`	Class logger.
`private DuoPreauthAuthenticator`	`preauthAuthenticator`	Implementation of Duo AuthApi /preauth enpoint.
`private String`	`username`	Attempted username.
`private Function<ProfileRequestContext,String>`	`usernameLookupStrategy`	Lookup strategy for username to match against Duo identity.

Constructor Summary

Constructors
Constructor Description

ValidateDuoAuthAPI()
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`buildAuthenticationResult(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected void`	`doInitialize()`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected Subject`	`populateSubject(Subject subject)`
`void`	`setAuthAuthenticator(DuoAuthAuthenticator authenticator)`	Set the `DuoAuthAuthenticator`.
`void`	`setDuoIntegration(DuoIntegration duo)`	Set DuoIntegration details to use directly.
`void`	`setDuoIntegrationLookupStrategy(Function<ProfileRequestContext,DuoIntegration> strategy)`	Set DuoIntegration lookup strategy to use.
`void`	`setPreauthAuthenticator(DuoPreauthAuthenticator authenticator)`	Set the `DuoPreauthAuthenticator`.
`void`	`setUsernameLookupStrategy(Function<ProfileRequestContext,String> strategy)`	Set the lookup strategy to use for the username to match against Duo identity.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

DEFAULT_METRIC_NAME
```
@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME
```
Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
@NotEmpty
private final org.slf4j.Logger log

Class logger.

duoIntegrationLookupStrategy

@Nonnull
private Function<ProfileRequestContext,DuoIntegration> duoIntegrationLookupStrategy

Lookp strategy for Duo integration.

usernameLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> usernameLookupStrategy

Lookup strategy for username to match against Duo identity.

authAuthenticator
```
@Nonnull
private DuoAuthAuthenticator authAuthenticator
```
Implementation of Duo AuthApi /auth endpoint.

preauthAuthenticator
```
@Nonnull
private DuoPreauthAuthenticator preauthAuthenticator
```
Implementation of Duo AuthApi /preauth enpoint.

duoContext

@Nonnull
@NotEmpty
private DuoAuthenticationContext duoContext

DuoApi context for tokens.

duoIntegration

@Nullable
private DuoIntegration duoIntegration

Duo integration to use.

username

@Nullable
@NotEmpty
private String username

Attempted username.

Constructor Detail
- ValidateDuoAuthAPI
```
public ValidateDuoAuthAPI()
```
  Constructor.

Method Detail

setDuoIntegrationLookupStrategy

public void setDuoIntegrationLookupStrategy(@Nonnull
                                            Function<ProfileRequestContext,DuoIntegration> strategy)

Set DuoIntegration lookup strategy to use.

Parameters:: strategy - lookup strategy

setDuoIntegration

public void setDuoIntegration(@Nonnull
                              DuoIntegration duo)

Set DuoIntegration details to use directly.

Parameters:: duo - Duo integration details

setUsernameLookupStrategy

public void setUsernameLookupStrategy(@Nonnull
                                      Function<ProfileRequestContext,String> strategy)

Set the lookup strategy to use for the username to match against Duo identity.

Parameters:: strategy - lookup strategy

setAuthAuthenticator

public void setAuthAuthenticator(@Nonnull
                                 DuoAuthAuthenticator authenticator)

Set the DuoAuthAuthenticator.

Parameters:: authenticator - a Duo AuthAPI /auth endpoint implementation

setPreauthAuthenticator

public void setPreauthAuthenticator(@Nonnull
                                    DuoPreauthAuthenticator authenticator)

Set the DuoPreauthAuthenticator.

Parameters:: authenticator - a Duo AuthAPI /preauth endpoint implementation

doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               AuthenticationContext authenticationContext)

Overrides:: doPreExecute in class AbstractValidationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:: doExecute in class AbstractAuthenticationAction

populateSubject

protected Subject populateSubject(@Nonnull
                                  Subject subject)

Specified by:: populateSubject in class AbstractValidationAction

buildAuthenticationResult

protected void buildAuthenticationResult(@Nonnull
                                         ProfileRequestContext profileRequestContext,
                                         @Nonnull
                                         AuthenticationContext authenticationContext)

Overrides:: buildAuthenticationResult in class AbstractValidationAction

Class ValidateDuoAuthAPI

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent