Package net.shibboleth.idp.session.impl

Class UpdateSessionWithAuthenticationResult

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
public class UpdateSessionWithAuthenticationResult extends AbstractAuthenticationAction
An authentication action that establishes a record of the AuthenticationResult in an IdPSession for the client, either by updating an existing session or creating a new one.

A new AuthenticationResult may be added to the session, or the last activity time of an existing one updated. A new one will only be added if the authentication context indicates that the result is "cacheable".

An existing session is identified via a SessionContext attached to the ProfileRequestContext. If a new session is created, it will be placed into a SessionContext, creating it if necessary, with the principal name coming from a SubjectContext.

An error interacting with the session layer will result in an EventIds.IO_ERROR event.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.IO_ERROR
Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class) != null
Postcondition:
If AuthenticationContext.getAuthenticationResult() != null and SubjectContext.getPrincipalName() != null then the steps above are performed, and ProfileRequestContext.getSubcontext(SessionContext.class).getIdPSession() != null

  • Field Details

  • Constructor Details

    • UpdateSessionWithAuthenticationResult

      public UpdateSessionWithAuthenticationResult()
      Constructor.

  • Method Details

    • setSessionManager

      public void setSessionManager(@Nonnull SessionManager manager)
      Set the SessionManager to use.
      Parameters:
      manager - session manager to use

    • setSessionContextCreationStrategy

      public void setSessionContextCreationStrategy(@Nonnull Function<ProfileRequestContext,SessionContext> strategy)
      Set the lookup/creation strategy for the SessionContext to update.
      Parameters:
      strategy - creation/lookup strategy

    • setSubjectContextLookupStrategy

      public void setSubjectContextLookupStrategy(@Nonnull Function<ProfileRequestContext,SubjectContext> strategy)
      Set the lookup strategy for the SubjectContext to access.
      Parameters:
      strategy - lookup strategy

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action's pre-execute step. Default implementation just returns true.
      Overrides:
      doPreExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context
      Returns:
      true iff execution should continue

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context

    • updateIdPSession

      private void updateIdPSession(@Nonnull AuthenticationContext authenticationContext, @Nonnull IdPSession session) throws SessionException
      Update an existing session.

      If the result is the product of an attempted flow, then it's added to the session. If reused, its last activity time is updated.

      Parameters:
      authenticationContext - current authentication context
      session - session to update
      Throws:
      SessionException - if an error occurs updating the session

    • createIdPSession

      private void createIdPSession(@Nonnull AuthenticationContext authenticationContext) throws SessionException
      Create a new session and populate the SessionContext.
      Parameters:
      authenticationContext - current authentication context
      Throws:
      SessionException - if an error occurs creating the session