Package net.shibboleth.idp.authn
Class ExternalAuthentication
java.lang.Object
net.shibboleth.idp.authn.ExternalAuthentication
- Direct Known Subclasses:
ExternalAuthenticationImpl
public abstract class ExternalAuthentication extends Object
Public interface supporting external authentication outside the webflow engine.
-
Field Summary
Fields Modifier and Type Field Description static String
ATTRIBUTES_KEY
Request attribute to which a collection ofIdPAttribute
objects may be bound.static String
AUTHENTICATING_AUTHORITIES_KEY
Request attribute to which a collection of authenticating authorities may be bound.static String
AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound.static String
AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an exception may be bound.static String
AUTHENTICATION_INSTANT_KEY
Request attribute to which an authentication timestamp may be bound.static String
CONVERSATION_KEY
Parameter supplied to identify the per-conversation parameter.static String
DONOTCACHE_KEY
Request attribute to which a signal not to cache the result may be bound.static String
EXTENDED_FLOW_PARAM
Request attribute that indicates whether we're being called as an extension of another login flow.static String
FORCE_AUTHN_PARAM
Request attribute that indicates whether the authentication request requires forced authentication.static String
PASSIVE_AUTHN_PARAM
Request attribute that indicates whether the authentication requires passive authentication.static String
PREVIOUSRESULT_KEY
Request attribute to which a signal to setAuthenticationResult.setPreviousResult(boolean)
may be bound.static String
PRINCIPAL_KEY
Request attribute to which user's principal should be bound.static String
PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound.static String
RELYING_PARTY_PARAM
Request attribute that provides the entity ID of the relying party that is requesting authentication.static String
REVOKECONSENT_KEY
Request attribute to which a signal to revoke consent for attribute release may be bound.static String
SUBJECT_KEY
Request attribute to which user's subject should be bound.static String
SWF_KEY
Parameter supplied to locate the SWF object needed in the servlet context. -
Constructor Summary
Constructors Constructor Description ExternalAuthentication()
-
Method Summary
Modifier and Type Method Description protected abstract void
doFinish(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, ProfileRequestContext profileRequestContext, ExternalAuthenticationContext externalAuthenticationContext)
Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.protected void
doStart(javax.servlet.http.HttpServletRequest request, ProfileRequestContext profileRequestContext, ExternalAuthenticationContext externalAuthenticationContext)
Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.static void
finishExternalAuthentication(String key, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.private static ExternalAuthenticationContext
getExternalAuthenticationContext(ProfileRequestContext profileRequestContext)
Utility method to access theExternalAuthenticationContext
.static String
getExternalRedirect(String baseLocation, String conversationValue)
Computes the appropriate location to pass control to to invoke an external authentication mechanism.static ProfileRequestContext
getProfileRequestContext(String key, javax.servlet.http.HttpServletRequest request)
Get theProfileRequestContext
associated with a request.static String
startExternalAuthentication(javax.servlet.http.HttpServletRequest request)
Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.
-
Field Details
-
SWF_KEY
Parameter supplied to locate the SWF object needed in the servlet context.- See Also:
- Constant Field Values
-
CONVERSATION_KEY
Parameter supplied to identify the per-conversation parameter.- See Also:
- Constant Field Values
-
PRINCIPAL_KEY
Request attribute to which user's principal should be bound.- See Also:
- Constant Field Values
-
PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound.- See Also:
- Constant Field Values
-
SUBJECT_KEY
Request attribute to which user's subject should be bound.- See Also:
- Constant Field Values
-
AUTHENTICATION_INSTANT_KEY
Request attribute to which an authentication timestamp may be bound.- See Also:
- Constant Field Values
-
AUTHENTICATING_AUTHORITIES_KEY
Request attribute to which a collection of authenticating authorities may be bound.- Since:
- 3.4.0
- See Also:
- Constant Field Values
-
ATTRIBUTES_KEY
Request attribute to which a collection ofIdPAttribute
objects may be bound.- Since:
- 4.0.0
- See Also:
- Constant Field Values
-
AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound.- See Also:
- Constant Field Values
-
AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an exception may be bound.- See Also:
- Constant Field Values
-
DONOTCACHE_KEY
Request attribute to which a signal not to cache the result may be bound.- See Also:
- Constant Field Values
-
REVOKECONSENT_KEY
Request attribute to which a signal to revoke consent for attribute release may be bound.- Since:
- 3.2.0
- See Also:
- Constant Field Values
-
PREVIOUSRESULT_KEY
Request attribute to which a signal to setAuthenticationResult.setPreviousResult(boolean)
may be bound.- Since:
- 3.3.0
- See Also:
- Constant Field Values
-
FORCE_AUTHN_PARAM
Request attribute that indicates whether the authentication request requires forced authentication.- See Also:
- Constant Field Values
-
PASSIVE_AUTHN_PARAM
Request attribute that indicates whether the authentication requires passive authentication.- See Also:
- Constant Field Values
-
RELYING_PARTY_PARAM
Request attribute that provides the entity ID of the relying party that is requesting authentication.- See Also:
- Constant Field Values
-
EXTENDED_FLOW_PARAM
Request attribute that indicates whether we're being called as an extension of another login flow.- Since:
- 3.2.0
- See Also:
- Constant Field Values
-
-
Constructor Details
-
ExternalAuthentication
public ExternalAuthentication()
-
-
Method Details
-
getExternalRedirect
@Nonnull @NotEmpty public static String getExternalRedirect(@Nonnull @NotEmpty String baseLocation, @Nonnull @NotEmpty String conversationValue)Computes the appropriate location to pass control to to invoke an external authentication mechanism.The input location should be suitable for use in a Spring "externalRedirect" expression, and may contain a query string. The result will include any additional parameters needed to invoke the mechanism.
- Parameters:
baseLocation
- the base location to build off ofconversationValue
- the value to include as a conversation ID- Returns:
- the computed location
- Since:
- 3.2.0
-
startExternalAuthentication
@Nonnull @NotEmpty public static String startExternalAuthentication(@Nonnull javax.servlet.http.HttpServletRequest request) throws ExternalAuthenticationExceptionInitialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.- Parameters:
request
- servlet request- Returns:
- a handle to subsequent use of
finishExternalAuthentication(java.lang.String, HttpServletRequest, HttpServletResponse)
- Throws:
ExternalAuthenticationException
- if an error occurs
-
finishExternalAuthentication
public static void finishExternalAuthentication(@Nonnull @NotEmpty String key, @Nonnull javax.servlet.http.HttpServletRequest request, @Nonnull javax.servlet.http.HttpServletResponse response) throws ExternalAuthenticationException, IOExceptionComplete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.- Parameters:
key
- the value returned bystartExternalAuthentication(HttpServletRequest)
request
- servlet requestresponse
- servlet response- Throws:
ExternalAuthenticationException
- if an error occursIOException
- if the redirect cannot be issued
-
getProfileRequestContext
@Nonnull public static ProfileRequestContext getProfileRequestContext(@Nonnull @NotEmpty String key, @Nonnull javax.servlet.http.HttpServletRequest request) throws ExternalAuthenticationExceptionGet theProfileRequestContext
associated with a request.- Parameters:
key
- the value returned bystartExternalAuthentication(HttpServletRequest)
request
- servlet request- Returns:
- the profile request context
- Throws:
ExternalAuthenticationException
- if an error occurs
-
getExternalAuthenticationContext
@Nonnull private static ExternalAuthenticationContext getExternalAuthenticationContext(@Nonnull ProfileRequestContext profileRequestContext) throws ExternalAuthenticationExceptionUtility method to access theExternalAuthenticationContext
.- Parameters:
profileRequestContext
- profile request context- Returns:
- the
ExternalAuthenticationContext
to operate on - Throws:
ExternalAuthenticationException
- if the context is missing
-
doStart
protected void doStart(@Nonnull javax.servlet.http.HttpServletRequest request, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationExceptionInitialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.- Parameters:
request
- servlet requestprofileRequestContext
- current profile request contextexternalAuthenticationContext
- external authentication context- Throws:
ExternalAuthenticationException
- if an error occurs
-
doFinish
protected abstract void doFinish(@Nonnull javax.servlet.http.HttpServletRequest request, @Nonnull javax.servlet.http.HttpServletResponse response, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException, IOExceptionComplete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.- Parameters:
request
- servlet requestresponse
- servlet responseprofileRequestContext
- current profile request contextexternalAuthenticationContext
- external authentication context- Throws:
ExternalAuthenticationException
- if an error occursIOException
- if the redirect cannot be issued
-