Package net.shibboleth.idp.authn.impl

Class RemoteUserAuthServlet

java.lang.Object
jakarta.servlet.GenericServlet
jakarta.servlet.http.HttpServlet
net.shibboleth.idp.authn.impl.RemoteUserAuthServlet
All Implemented Interfaces:
Servlet, ServletConfig, Serializable
public class RemoteUserAuthServlet extends HttpServlet
Extracts authentication information from the request and returns it via the IdP's external authentication interface.

Common usage allows for extraction of REMOTE_USER or a username from request attributes or headers.

More advanced features include the ability to directly consume a Subject from a request attribute (in which case it is returned sight unseen directly to the IdP as the external result) and the ability to check a header for strings containing authentication method identifiers which can be mapped back into custom Principal objects (in which case they are attached to a newly constructed Subject to return).

See Also:

  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      Serial UID.
      See Also:

    • CHECK_REMOTE_USER_PARAM

      @Nonnull @NotEmpty private static final String CHECK_REMOTE_USER_PARAM
      Init parameter controlling whether to check for REMOTE_USER.
      See Also:

    • CHECK_ATTRIBUTES_PARAM

      @Nonnull @NotEmpty private static final String CHECK_ATTRIBUTES_PARAM
      Init parameter controlling what attributes to check.
      See Also:

    • CHECK_HEADERS_PARAM

      @Nonnull @NotEmpty private static final String CHECK_HEADERS_PARAM
      Init parameter controlling what headers to check.
      See Also:

    • SUBJECT_ATTRIBUTE_PARAM

      @Nonnull @NotEmpty private static final String SUBJECT_ATTRIBUTE_PARAM
      Init parameter identifying an attribute to check for a Subject.
      See Also:

    • AUTHN_METHOD_HEADER_PARAM

      @Nonnull @NotEmpty private static final String AUTHN_METHOD_HEADER_PARAM
      Init parameter identifying a header to check for one or more authentication method strings.
      See Also:

    • AUTHN_AUTHORITY_HEADER_PARAM

      @Nonnull @NotEmpty private static final String AUTHN_AUTHORITY_HEADER_PARAM
      Init parameter identifying a header to check for one or more proxied authenticating authority strings.
      See Also:

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • checkRemoteUser

      private boolean checkRemoteUser
      Whether to check REMOTE_USER for an identity. Defaults to true.

    • checkAttributes

      @Nonnull private Collection<String> checkAttributes
      List of request attributes to check for an identity.

    • checkHeaders

      @Nonnull private Collection<String> checkHeaders
      List of request headers to check for an identity.

    • subjectAttribute

      @Nullable @NotEmpty private String subjectAttribute
      Request attribute to check for a Subject.

    • authnMethodHeader

      @Nullable @NotEmpty private String authnMethodHeader
      Header to check for authentication method strings.

    • authnAuthorityHeader

      @Nullable @NotEmpty private String authnAuthorityHeader
      Header to check for proxied authenticating authority strings.

  • Constructor Details

    • RemoteUserAuthServlet

      public RemoteUserAuthServlet()
      Constructor.

  • Method Details