Package net.shibboleth.idp.authn.config

Interface AuthenticationProfileConfiguration

All Superinterfaces:
Component, IdentifiedComponent, ProfileConfiguration
All Known Subinterfaces:
AdministrativeFlowDescriptor, BrowserSSOProfileConfiguration, BrowserSSOProfileConfiguration, ECPProfileConfiguration
All Known Implementing Classes:
BasicAdministrativeFlowDescriptor, BrowserSSOProfileConfiguration, BrowserSSOProfileConfiguration, ECPProfileConfiguration, LoginConfiguration, MockAuthenticationProfileConfiguration, OneTimeAdministrativeFlowDescriptor, SSOSProfileConfiguration
public interface AuthenticationProfileConfiguration extends ProfileConfiguration
Configuration of profiles for authentication.

  • Method Details

    • getDefaultAuthenticationMethods

      @ConfigurationSetting(name="defaultAuthenticationMethods") @Nonnull @NotLive @Unmodifiable List<Principal> getDefaultAuthenticationMethods(@Nullable ProfileRequestContext profileRequestContext)
      Get the default authentication methods to use, expressed as custom principals.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      default authentication methods to use

    • getAuthenticationFlows

      @ConfigurationSetting(name="authenticationFlows") @Nonnull @NotLive @Unmodifiable Set<String> getAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get the allowable authentication flows for this profile.

      The flow IDs returned MUST NOT contain the AuthenticationFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of authentication flow IDs to allow

    • getPostAuthenticationFlows

      @ConfigurationSetting(name="postAuthenticationFlows") @Nonnull @NotLive @Unmodifiable List<String> getPostAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of post-authentication interceptor flows to run for this profile.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable

    • isForceAuthn

      @ConfigurationSetting(name="forceAuthn") boolean isForceAuthn(@Nullable ProfileRequestContext profileRequestContext)
      Get whether the authentication process should include a proof of user presence.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff authentication should require user presence
      Since:
      4.0.0

    • getProxyCount

      @ConfigurationSetting(name="proxyCount") @NonNegative @Nullable Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion or authentication may be proxied
      Since:
      4.0.0

    • isLocal

      default boolean isLocal()
      Get whether this profile is for functionality local to the IdP.

      Most authentication profiles are non-local, designed to issue security tokens to other systems, so this is generally false.

      Returns:
      true iff the use of the associated profile is local to the IdP