Package net.shibboleth.idp.authn
Class ExternalAuthentication
java.lang.Object
net.shibboleth.idp.authn.ExternalAuthentication
- Direct Known Subclasses:
ExternalAuthenticationImpl
Public interface supporting external authentication outside the webflow engine.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringRequest attribute to which a collection ofIdPAttributeobjects may be bound.static final StringRequest attribute to which a collection of authenticating authorities may be bound.static final StringRequest attribute to which an error message may be bound.static final StringRequest attribute to which an exception may be bound.static final StringRequest attribute to which an authentication timestamp may be bound.static final StringParameter supplied to identify the per-conversation parameter.static final StringRequest attribute to which a signal not to cache the result may be bound.static final StringRequest attribute that indicates whether we're being called as an extension of another login flow.static final StringRequest attribute that indicates whether the authentication request requires forced authentication.static final StringRequest attribute that indicates whether the authentication requires passive authentication.static final StringRequest attribute to which a signal to setAuthenticationResult.setPreviousResult(boolean)may be bound.static final StringRequest attribute to which user's principal should be bound.static final StringRequest attribute to which user's principal name should be bound.static final StringRequest attribute that provides the entity ID of the relying party that is requesting authentication.static final StringRequest attribute to which a signal to revoke consent for attribute release may be bound.static final StringRequest attribute to which user's subject should be bound.static final StringParameter supplied to locate the SWF object needed in the servlet context. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract voiddoFinish(HttpServletRequest request, HttpServletResponse response, ProfileRequestContext profileRequestContext, ExternalAuthenticationContext externalAuthenticationContext) Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.protected voiddoStart(HttpServletRequest request, ProfileRequestContext profileRequestContext, ExternalAuthenticationContext externalAuthenticationContext) Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.static voidfinishExternalAuthentication(String key, HttpServletRequest request, HttpServletResponse response) Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.private static ExternalAuthenticationContextgetExternalAuthenticationContext(ProfileRequestContext profileRequestContext) Utility method to access theExternalAuthenticationContext.static StringgetExternalRedirect(String baseLocation, String conversationValue) Computes the appropriate location to pass control to to invoke an external authentication mechanism.static ProfileRequestContextgetProfileRequestContext(String key, HttpServletRequest request) Get theProfileRequestContextassociated with a request.static StringInitialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.
-
Field Details
-
SWF_KEY
Parameter supplied to locate the SWF object needed in the servlet context.- See Also:
-
CONVERSATION_KEY
Parameter supplied to identify the per-conversation parameter.- See Also:
-
PRINCIPAL_KEY
Request attribute to which user's principal should be bound.- See Also:
-
PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound.- See Also:
-
SUBJECT_KEY
Request attribute to which user's subject should be bound.- See Also:
-
AUTHENTICATION_INSTANT_KEY
Request attribute to which an authentication timestamp may be bound.- See Also:
-
AUTHENTICATING_AUTHORITIES_KEY
Request attribute to which a collection of authenticating authorities may be bound.- Since:
- 3.4.0
- See Also:
-
ATTRIBUTES_KEY
Request attribute to which a collection ofIdPAttributeobjects may be bound.- Since:
- 4.0.0
- See Also:
-
AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound.- See Also:
-
AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an exception may be bound.- See Also:
-
DONOTCACHE_KEY
Request attribute to which a signal not to cache the result may be bound.- See Also:
-
REVOKECONSENT_KEY
Request attribute to which a signal to revoke consent for attribute release may be bound.- Since:
- 3.2.0
- See Also:
-
PREVIOUSRESULT_KEY
Request attribute to which a signal to setAuthenticationResult.setPreviousResult(boolean)may be bound.- Since:
- 3.3.0
- See Also:
-
FORCE_AUTHN_PARAM
Request attribute that indicates whether the authentication request requires forced authentication.- See Also:
-
PASSIVE_AUTHN_PARAM
Request attribute that indicates whether the authentication requires passive authentication.- See Also:
-
RELYING_PARTY_PARAM
Request attribute that provides the entity ID of the relying party that is requesting authentication.- See Also:
-
EXTENDED_FLOW_PARAM
Request attribute that indicates whether we're being called as an extension of another login flow.- Since:
- 3.2.0
- See Also:
-
-
Constructor Details
-
ExternalAuthentication
public ExternalAuthentication()
-
-
Method Details
-
getExternalRedirect
@Nonnull @NotEmpty public static String getExternalRedirect(@Nonnull @NotEmpty String baseLocation, @Nonnull @NotEmpty String conversationValue) Computes the appropriate location to pass control to to invoke an external authentication mechanism.The input location should be suitable for use in a Spring "externalRedirect" expression, and may contain a query string. The result will include any additional parameters needed to invoke the mechanism.
- Parameters:
baseLocation- the base location to build off ofconversationValue- the value to include as a conversation ID- Returns:
- the computed location
- Since:
- 3.2.0
-
startExternalAuthentication
@Nonnull @NotEmpty public static String startExternalAuthentication(@Nonnull HttpServletRequest request) throws ExternalAuthenticationException Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.- Parameters:
request- servlet request- Returns:
- a handle to subsequent use of
finishExternalAuthentication(java.lang.String, HttpServletRequest, HttpServletResponse) - Throws:
ExternalAuthenticationException- if an error occurs
-
finishExternalAuthentication
public static void finishExternalAuthentication(@Nonnull @NotEmpty String key, @Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response) throws ExternalAuthenticationException, IOException Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.- Parameters:
key- the value returned bystartExternalAuthentication(HttpServletRequest)request- servlet requestresponse- servlet response- Throws:
ExternalAuthenticationException- if an error occursIOException- if the redirect cannot be issued
-
getProfileRequestContext
@Nonnull public static ProfileRequestContext getProfileRequestContext(@Nonnull @NotEmpty String key, @Nonnull HttpServletRequest request) throws ExternalAuthenticationException Get theProfileRequestContextassociated with a request.- Parameters:
key- the value returned bystartExternalAuthentication(HttpServletRequest)request- servlet request- Returns:
- the profile request context
- Throws:
ExternalAuthenticationException- if an error occurs
-
getExternalAuthenticationContext
@Nonnull private static ExternalAuthenticationContext getExternalAuthenticationContext(@Nonnull ProfileRequestContext profileRequestContext) throws ExternalAuthenticationException Utility method to access theExternalAuthenticationContext.- Parameters:
profileRequestContext- profile request context- Returns:
- the
ExternalAuthenticationContextto operate on - Throws:
ExternalAuthenticationException- if the context is missing
-
doStart
protected void doStart(@Nonnull HttpServletRequest request, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.- Parameters:
request- servlet requestprofileRequestContext- current profile request contextexternalAuthenticationContext- external authentication context- Throws:
ExternalAuthenticationException- if an error occurs
-
doFinish
protected abstract void doFinish(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException, IOException Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.- Parameters:
request- servlet requestresponse- servlet responseprofileRequestContext- current profile request contextexternalAuthenticationContext- external authentication context- Throws:
ExternalAuthenticationException- if an error occursIOException- if the redirect cannot be issued
-