Package net.shibboleth.idp.authn.context

Class MultiFactorAuthenticationContext

java.lang.Object
org.opensaml.messaging.context.BaseContext
net.shibboleth.idp.authn.context.MultiFactorAuthenticationContext
All Implemented Interfaces:
Iterable<BaseContext>
public final class MultiFactorAuthenticationContext extends BaseContext
A context that holds information about the intermediate state of the multi-factor login flow.
Since:
3.3.0
Parent:
AuthenticationContext
Added:
At the beginning of the multi-factor login flow
Removed:
At the end of the multi-factor login flow

  • Field Details

    • transitionMap

      @Nonnull private Map<String,MultiFactorAuthenticationTransition> transitionMap
      Map of login "factors" (flows) and the transition rules to run after them.

    • activeResults

      @Nonnull private final Map<String,AuthenticationResult> activeResults
      Authentication results that are active (may be generated earlier or during current request).

    • mfaFlowDescriptor

      @Nullable private AuthenticationFlowDescriptor mfaFlowDescriptor
      Login flow descriptor for the MFA flow.

    • nextFlowId

      @Nullable @NotEmpty private String nextFlowId
      The next flow due to execute (or the currently executing flow during subflow execution).

    • event

      @Nullable @NotEmpty private String event
      A SWF event to signal as the completion of the MFA flow.

  • Constructor Details

    • MultiFactorAuthenticationContext

      public MultiFactorAuthenticationContext()
      Constructor.

  • Method Details

    • getTransitionMap

      @Nonnull @Live public Map<String,MultiFactorAuthenticationTransition> getTransitionMap()
      Get a live map of the transitions to apply.
      Returns:
      map of transition logic

    • setTransitionMap

      @Nonnull public MultiFactorAuthenticationContext setTransitionMap(@Nonnull Map<String,MultiFactorAuthenticationTransition> map)
      Set the map of transitions to apply, replacing any existing entries.
      Parameters:
      map - map of transition logic
      Returns:
      this context

    • getActiveResults

      @Nonnull @Live public Map<String,AuthenticationResult> getActiveResults()
      Get a live list of the AuthenticationResult objects produced during the flow.
      Returns:
      list of results

    • getAuthenticationFlowDescriptor

      @Nullable public AuthenticationFlowDescriptor getAuthenticationFlowDescriptor()
      Get the AuthenticationFlowDescriptor representing the MFA flow.
      Returns:
      descriptor

    • setAuthenticationFlowDescriptor

      @Nonnull public MultiFactorAuthenticationContext setAuthenticationFlowDescriptor(@Nullable AuthenticationFlowDescriptor descriptor)
      Set the AuthenticationFlowDescriptor representing the MFA flow.
      Parameters:
      descriptor - login flow descriptor
      Returns:
      this context

    • getNextFlowId

      @Nullable @NotEmpty public String getNextFlowId()
      Get the next flow due to execute (or that is currently executing).
      Returns:
      the ID of the next flow to execute

    • setNextFlowId

      @Nonnull public MultiFactorAuthenticationContext setNextFlowId(@Nullable @NotEmpty String id)
      Set the next flow due to execute.
      Parameters:
      id - flow ID
      Returns:
      this context

    • getEvent

      @Nullable @NotEmpty public String getEvent()
      Get an event that should be signaled as the result of the MFA flow.

      If set, the MFA flow will eventually terminate with this event once all transitions have completed.

      Returns:
      event to signal

    • setEvent

      @Nonnull public MultiFactorAuthenticationContext setEvent(@Nullable @NotEmpty String e)
      Set an event that should be signaled as the result of the MFA flow.
      Parameters:
      e - event to signal
      Returns:
      this context

    • isAcceptable

      public boolean isAcceptable()
      Get whether one or more of the active results in this context satisfies the request.
      Returns:
      true iff at least one of the active results satisfies the request

    • isActive

      public boolean isActive(@Nonnull Principal principal)
      Get whether any active result in this context contains the input Principal.

      This is a "crude" means of testing for the existence of a particular Principal inside an active result. Usually this is used to test for the existence of a particular custom value used to represent a particular login quality or type.

      Parameters:
      principal - input to check for
      Returns:
      true iff an active and presumably usable result contains the input
      Since:
      5.0.0