Package net.shibboleth.idp.authn.impl
Class FinalizeMultiFactorAuthentication
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.authn.impl.FinalizeMultiFactorAuthentication
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
An authentication action that completes MFA by producing a final
AuthenticationResult
out of whatever constituent parts and pieces exist, by means of an overridable function,
storing it in the AuthenticationContext and preparing a fresh SubjectCanonicalizationContext
to operate on.- Event:
EventIds.PROCEED_EVENT_ID,EventIds.INVALID_PROFILE_CTX,AuthnEventIds.INVALID_AUTHN_CTX- Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class).getSubcontext( MultiFactorAuthenticationContext.class) != null- Postcondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAuthenticationResult() != null
,ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classDefault merging strategy to combine individualAuthenticationResultobjects into a single result. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final org.slf4j.LoggerClass logger.private MultiFactorAuthenticationContextA subordinateMultiFactorAuthenticationContext, if any.Lookup function for the context to evaluate.private Function<ProfileRequestContext,String> Function used to obtain the requester ID.private Function<ProfileRequestContext,String> Function used to obtain the responder ID.private Predicate<ProfileRequestContext>Predicate to apply when setting AuthenticationResult cacheability.Strategy function to produce a final, merged result. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext) Performs this authentication action.protected voidprotected booleandoPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext) Performs this authentication action's pre-execute step.voidsetMultiFactorContextLookupStrategy(Function<ProfileRequestContext, MultiFactorAuthenticationContext> strategy) Set the lookup strategy to use for the context to evaluate.voidSet the strategy used to locate the requester ID for canonicalization.voidSet the strategy used to locate the responder ID for canonicalization.voidsetResultCachingPredicate(Predicate<ProfileRequestContext> predicate) Set predicate to apply to determine cacheability ofAuthenticationResult.voidSet the result merging strategy to use.Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategyMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
multiFactorContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,MultiFactorAuthenticationContext> multiFactorContextLookupStrategyLookup function for the context to evaluate. -
resultMergingStrategy
@NonnullAfterInit private Function<ProfileRequestContext,AuthenticationResult> resultMergingStrategyStrategy function to produce a final, merged result. -
resultCachingPredicate
Predicate to apply when setting AuthenticationResult cacheability. -
requesterLookupStrategy
Function used to obtain the requester ID. -
responderLookupStrategy
Function used to obtain the responder ID. -
mfaContext
A subordinateMultiFactorAuthenticationContext, if any.
-
-
Constructor Details
-
FinalizeMultiFactorAuthentication
public FinalizeMultiFactorAuthentication()Constructor.
-
-
Method Details
-
setMultiFactorContextLookupStrategy
public void setMultiFactorContextLookupStrategy(@Nonnull Function<ProfileRequestContext, MultiFactorAuthenticationContext> strategy) Set the lookup strategy to use for the context to evaluate.- Parameters:
strategy- lookup strategy
-
setResultMergingStrategy
public void setResultMergingStrategy(@Nullable Function<ProfileRequestContext, AuthenticationResult> strategy) Set the result merging strategy to use.- Parameters:
strategy- result merging strategy
-
setResultCachingPredicate
Set predicate to apply to determine cacheability ofAuthenticationResult.- Parameters:
predicate- predicate to apply, or null
-
setRequesterLookupStrategy
Set the strategy used to locate the requester ID for canonicalization.- Parameters:
strategy- lookup strategy
-
setResponderLookupStrategy
Set the strategy used to locate the responder ID for canonicalization.- Parameters:
strategy- lookup strategy
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) Performs this authentication action's pre-execute step. Default implementation just returns true.- Overrides:
doPreExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context- Returns:
- true iff execution should continue
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) Performs this authentication action. Default implementation throws an exception.- Overrides:
doExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context
-