java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction
  - - org.opensaml.profile.action.AbstractConditionalProfileAction
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.authn.AbstractAuthenticationAction
        
        net.shibboleth.idp.authn.AbstractValidationAction
        
        net.shibboleth.idp.authn.duo.impl.ValidateDuoWebResponse

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
```
public class ValidateDuoWebResponse
extends AbstractValidationAction
```
An action that validates a DuoWeb response message and produces an AuthenticationResult or records error state.
The username to cross-check comes from a lookup strategy, by default a CanonicalUsernameLookupStrategy that returns a username produced by an earlier authentication flow, and on success the same name is populated into a SubjectCanonicalizationContext as a pre-established result for the login flow.

Since:

3.3.0

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.NO_CREDENTIALS

Postcondition:

ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class).getPrincipalName() != null

Field Summary

Fields
Modifier and Type	Field	Description
`private static String`	`DEFAULT_METRIC_NAME`	Default prefix for metrics.
`private DuoIntegration`	`duoIntegration`	Duo integration to use.
`private Function<ProfileRequestContext,DuoIntegration>`	`duoIntegrationLookupStrategy`	Lookp strategy for Duo integration.
`private org.slf4j.Logger`	`log`	Class logger.
`static String`	`RESPONSE_PARAM`	Signed response parameter name.
`private String`	`signedResponse`	Signed response string.
`private String`	`username`	Attempted username.
`private Function<ProfileRequestContext,String>`	`usernameLookupStrategy`	Lookup strategy for username to match against Duo identity.

Constructor Summary

Constructors
Constructor Description

ValidateDuoWebResponse()
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`buildAuthenticationResult(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected Subject`	`populateSubject(Subject subject)`
`void`	`setDuoIntegration(DuoIntegration duo)`	Set DuoIntegration details to use directly.
`void`	`setDuoIntegrationLookupStrategy(Function<ProfileRequestContext,DuoIntegration> strategy)`	Set DuoIntegration lookup strategy to use.
`void`	`setUsernameLookupStrategy(Function<ProfileRequestContext,String> strategy)`	Set the lookup strategy to use for the username to match against Duo identity.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

RESPONSE_PARAM
```
@Nonnull
@NotEmpty
public static final String RESPONSE_PARAM
```
Signed response parameter name.

See Also:

Constant Field Values

DEFAULT_METRIC_NAME
```
@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME
```
Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

duoIntegrationLookupStrategy

@Nonnull
private Function<ProfileRequestContext,DuoIntegration> duoIntegrationLookupStrategy

Lookp strategy for Duo integration.

usernameLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> usernameLookupStrategy

Lookup strategy for username to match against Duo identity.

duoIntegration

@Nullable
private DuoIntegration duoIntegration

Duo integration to use.

username

@Nullable
@NotEmpty
private String username

Attempted username.

signedResponse

@Nullable
@NotEmpty
private String signedResponse

Signed response string.

Constructor Detail
- ValidateDuoWebResponse
```
public ValidateDuoWebResponse()
```
  Constructor.

Method Detail

setDuoIntegrationLookupStrategy

public void setDuoIntegrationLookupStrategy(@Nonnull
                                            Function<ProfileRequestContext,DuoIntegration> strategy)

Set DuoIntegration lookup strategy to use.

Parameters:: strategy - lookup strategy

setDuoIntegration

public void setDuoIntegration(@Nonnull
                              DuoIntegration duo)

Set DuoIntegration details to use directly.

Parameters:: duo - Duo integration details

setUsernameLookupStrategy

public void setUsernameLookupStrategy(@Nonnull
                                      Function<ProfileRequestContext,String> strategy)

Set the lookup strategy to use for the username to match against Duo identity.

Parameters:: strategy - lookup strategy

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               AuthenticationContext authenticationContext)

Overrides:: doPreExecute in class AbstractValidationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:: doExecute in class AbstractAuthenticationAction

populateSubject

protected Subject populateSubject(@Nonnull
                                  Subject subject)

Specified by:: populateSubject in class AbstractValidationAction

buildAuthenticationResult

protected void buildAuthenticationResult(@Nonnull
                                         ProfileRequestContext profileRequestContext,
                                         @Nonnull
                                         AuthenticationContext authenticationContext)

Overrides:: buildAuthenticationResult in class AbstractValidationAction

Class ValidateDuoWebResponse

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent