net.shibboleth.idp.authn.context

Class AuthenticationContext

java.lang.Object

org.opensaml.messaging.context.BaseContext

net.shibboleth.idp.authn.context.AuthenticationContext

All Implemented Interfaces:

Iterable<org.opensaml.messaging.context.BaseContext>

public final class AuthenticationContext
extends org.opensaml.messaging.context.BaseContext

A context representing the state of an authentication attempt, this is the primary input/output context for the action flow responsible for authentication, and within that flow, the individual flows that carry out a specific kind of authentication.

Nested Class Summary

Nested classes/interfaces inherited from class org.opensaml.messaging.context.BaseContext

org.opensaml.messaging.context.BaseContext.ContextSetNoRemoveIteratorDecorator

Field Summary

Fields

Modifier and Type	Field and Description
private Map<String,AuthenticationResult>	activeResults Authentication results associated with an active session and available for (re)use.
private AuthenticationFlowDescriptor	attemptedFlow Authentication flow being attempted to authenticate the user.
private AuthenticationResult	authenticationResult A successfully processed authentication result (the output of the attempted flow, if any).
private long	completionInstant Time, in milliseconds since the epoch, when authentication process completed.
private PrincipalEvalPredicateFactoryRegistry	evalRegistry The registry of predicate factories for custom principal evaluation.
private boolean	forceAuthn Whether to require fresh subject interaction to succeed.
private String	hintedName A non-normative hint some protocols support to indicate who the subject might be.
private long	initiationInstant Time, in milliseconds since the epoch, when the authentication process started.
private Map<String,AuthenticationFlowDescriptor>	intermediateFlows Previously attempted flows (could be failures or intermediate results).
private boolean	isPassive Whether authentication must not involve subject interaction.
private Map<String,AuthenticationFlowDescriptor>	potentialFlows Flows that could potentially be used to authenticate the user.
private boolean	resultCacheable Result may be cached for reuse in the normal way.
private String	signaledFlowId Signals authentication flow to run next, to influence selection logic.

Constructor Summary

Constructors

Constructor and Description
AuthenticationContext() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
Map<String,AuthenticationResult>	getActiveResults() Get the authentication results currently active for the subject.
AuthenticationFlowDescriptor	getAttemptedFlow() Get the authentication flow that was attempted in order to authenticate the user.
AuthenticationResult	getAuthenticationResult() Get the authentication result produced by the attempted flow, or reused for SSO.
long	getCompletionInstant() Get the time, in milliseconds since the epoch, when the authentication process ended.
String	getHintedName() Get a non-normative hint provided by the request about the user's identity.
long	getInitiationInstant() Get the time, in milliseconds since the epoch, when the authentication process started.
Map<String,AuthenticationFlowDescriptor>	getIntermediateFlows() Get the set of flows that have been executed, successfully or otherwise, without producing a completed result.
Map<String,AuthenticationFlowDescriptor>	getPotentialFlows() Get the set of flows that could potentially be used for user authentication.
PrincipalEvalPredicateFactoryRegistry	getPrincipalEvalPredicateFactoryRegistry() Get the registry of predicate factories for custom principal evaluation.
String	getSignaledFlowId() Get the flow ID signaled as the next selection.
boolean	isForceAuthn() Get whether to require fresh subject interaction to succeed.
boolean	isPassive() Get whether subject interaction is allowed.
boolean	isResultCacheable() Get whether the result is suitable for caching (such as in a session) for reuse.
AuthenticationContext	setActiveResults(Iterable<AuthenticationResult> results) Set the authentication results currently active for the subject.
AuthenticationContext	setAttemptedFlow(AuthenticationFlowDescriptor flow) Set the authentication flow that was attempted in order to authenticate the user.
AuthenticationContext	setAuthenticationResult(AuthenticationResult result) Set the authentication result produced by the attempted flow, or reused for SSO.
AuthenticationContext	setCompletionInstant() Set the completion time of the authentication attempt to the current time.
AuthenticationContext	setForceAuthn(boolean force) Set whether to require fresh subject interaction to succeed.
AuthenticationContext	setHintedName(String hint) Set a non-normative hint provided by the request about the user's identity.
AuthenticationContext	setIsPassive(boolean passive) Set whether subject interaction is allowed.
void	setPrincipalEvalPredicateFactoryRegistry(PrincipalEvalPredicateFactoryRegistry registry) Set the registry of predicate factories for custom principal evaluation.
void	setResultCacheable(boolean flag) Set whether the result is suitable for caching (such as in a session) for reuse.
AuthenticationContext	setSignaledFlowId(String id) Set the flow ID signaled as the next selection.
String	toString()

Methods inherited from class org.opensaml.messaging.context.BaseContext

addSubcontext, addSubcontext, clearSubcontexts, containsSubcontext, createSubcontext, getParent, getSubcontext, getSubcontext, getSubcontext, getSubcontext, isAutoCreateSubcontexts, iterator, removeSubcontext, removeSubcontext, setAutoCreateSubcontexts, setParent

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

initiationInstant

@Positive
private final long initiationInstant

Time, in milliseconds since the epoch, when the authentication process started.

forceAuthn

private boolean forceAuthn

Whether to require fresh subject interaction to succeed.

isPassive

private boolean isPassive

Whether authentication must not involve subject interaction.

hintedName

@Nullable
private String hintedName

A non-normative hint some protocols support to indicate who the subject might be.

potentialFlows

@Nonnull
@NonnullElements
private final Map<String,AuthenticationFlowDescriptor> potentialFlows

Flows that could potentially be used to authenticate the user.

activeResults

@Nonnull
@NonnullElements
private final Map<String,AuthenticationResult> activeResults

Authentication results associated with an active session and available for (re)use.

evalRegistry

@Nonnull
private PrincipalEvalPredicateFactoryRegistry evalRegistry

The registry of predicate factories for custom principal evaluation.

intermediateFlows

@Nonnull
@NonnullElements
private final Map<String,AuthenticationFlowDescriptor> intermediateFlows

Previously attempted flows (could be failures or intermediate results).

attemptedFlow

@Nullable
private AuthenticationFlowDescriptor attemptedFlow

Authentication flow being attempted to authenticate the user.

signaledFlowId

@Nullable
private String signaledFlowId

Signals authentication flow to run next, to influence selection logic.

authenticationResult

@Nullable
private AuthenticationResult authenticationResult

A successfully processed authentication result (the output of the attempted flow, if any).

resultCacheable

private boolean resultCacheable

Result may be cached for reuse in the normal way.

completionInstant

@NonNegative
private long completionInstant

Time, in milliseconds since the epoch, when authentication process completed.

Constructor Detail

AuthenticationContext

public AuthenticationContext()

Constructor.

Method Detail

getInitiationInstant

@Positive
public long getInitiationInstant()

Get the time, in milliseconds since the epoch, when the authentication process started.

Returns:

time when the authentication process started

getActiveResults

@Nonnull
@NonnullElements
@Unmodifiable
public Map<String,AuthenticationResult> getActiveResults()

Get the authentication results currently active for the subject.

Returns:

authentication results currently active for the subject

setActiveResults

@Nonnull
public AuthenticationContext setActiveResults(@Nonnull@NonnullElements
                                             Iterable<AuthenticationResult> results)

Set the authentication results currently active for the subject.

Parameters:

results - authentication results currently active for the subject

Returns:

this authentication context

getPotentialFlows

@Nonnull
@NonnullElements
@Live
public Map<String,AuthenticationFlowDescriptor> getPotentialFlows()

Get the set of flows that could potentially be used for user authentication.

Returns:

the potential flows

getIntermediateFlows

@Nonnull
@NonnullElements
@Live
public Map<String,AuthenticationFlowDescriptor> getIntermediateFlows()

Get the set of flows that have been executed, successfully or otherwise, without producing a completed result.

Returns:

the intermediately executed flows

getPrincipalEvalPredicateFactoryRegistry

@Nonnull
public PrincipalEvalPredicateFactoryRegistry getPrincipalEvalPredicateFactoryRegistry()

Get the registry of predicate factories for custom principal evaluation.

Returns:

predicate factory registry

setPrincipalEvalPredicateFactoryRegistry

public void setPrincipalEvalPredicateFactoryRegistry(@Nonnull
                                            PrincipalEvalPredicateFactoryRegistry registry)

Set the registry of predicate factories for custom principal evaluation.

Parameters:

registry - predicate factory registry

isPassive

public boolean isPassive()

Get whether subject interaction is allowed.

Returns:

whether subject interaction may occur

setIsPassive

@Nonnull
public AuthenticationContext setIsPassive(boolean passive)

Set whether subject interaction is allowed.

Parameters:

passive - whether subject interaction may occur

Returns:

this authentication context

isForceAuthn

public boolean isForceAuthn()

Get whether to require fresh subject interaction to succeed.

Returns:

whether subject interaction must occur

setForceAuthn

@Nonnull
public AuthenticationContext setForceAuthn(boolean force)

Set whether to require fresh subject interaction to succeed.

Parameters:

force - whether subject interaction must occur

Returns:

this authentication context

getHintedName

@Nullable
public String getHintedName()

Get a non-normative hint provided by the request about the user's identity.

Returns:

the username hint

setHintedName

@Nonnull
public AuthenticationContext setHintedName(@Nullable
                                          String hint)

Set a non-normative hint provided by the request about the user's identity.

Parameters:

hint - the username hint

Returns:

this authentication context

getAttemptedFlow

@Nullable
public AuthenticationFlowDescriptor getAttemptedFlow()

Get the authentication flow that was attempted in order to authenticate the user.

This is not set if an existing result was reused for SSO.

Returns:

authentication flow that was attempted in order to authenticate the user

setAttemptedFlow

@Nonnull
public AuthenticationContext setAttemptedFlow(@Nullable
                                             AuthenticationFlowDescriptor flow)

Set the authentication flow that was attempted in order to authenticate the user.

Do not set if an existing result was reused for SSO.

Parameters:

flow - authentication flow that was attempted in order to authenticate the user

Returns:

this authentication context

getSignaledFlowId

@Nullable
public String getSignaledFlowId()

Get the flow ID signaled as the next selection.

Returns:

ID of flow to run next

setSignaledFlowId

@Nonnull
public AuthenticationContext setSignaledFlowId(@Nullable
                                              String id)

Set the flow ID signaled as the next selection.

Parameters:

id - ID of flow to run next

Returns:

this authentication context

getAuthenticationResult

@Nullable
public AuthenticationResult getAuthenticationResult()

Get the authentication result produced by the attempted flow, or reused for SSO.

Returns:

authentication result, if any

setAuthenticationResult

@Nonnull
public AuthenticationContext setAuthenticationResult(@Nullable
                                                    AuthenticationResult result)

Set the authentication result produced by the attempted flow, or reused for SSO.

Parameters:

result - authentication result, if any

Returns:

this authentication context

isResultCacheable

public boolean isResultCacheable()

Get whether the result is suitable for caching (such as in a session) for reuse.

Returns:

true iff the result may be cached/reused, subject to other policy

setResultCacheable

public void setResultCacheable(boolean flag)

Set whether the result is suitable for caching (such as in a session) for reuse.

Parameters:

flag - flag to set

getCompletionInstant

@NonNegative
public long getCompletionInstant()

Get the time, in milliseconds since the epoch, when the authentication process ended. A value of 0 indicates that authentication has not yet completed.

Returns:

time when the authentication process ended

setCompletionInstant

@Nonnull
public AuthenticationContext setCompletionInstant()

Set the completion time of the authentication attempt to the current time.

Returns:

this authentication context

toString

public String toString()

Overrides:

toString in class Object