Package net.shibboleth.idp.authn
Class ExternalAuthentication
java.lang.Object
net.shibboleth.idp.authn.ExternalAuthentication
- Direct Known Subclasses:
ExternalAuthenticationImpl
public abstract class ExternalAuthentication extends Object
Public interface supporting external authentication outside the webflow engine.
-
Field Summary
Fields Modifier and Type Field Description static StringATTRIBUTES_KEYRequest attribute to which a collection ofIdPAttributeobjects may be bound.static StringAUTHENTICATING_AUTHORITIES_KEYRequest attribute to which a collection of authenticating authorities may be bound.static StringAUTHENTICATION_ERROR_KEYRequest attribute to which an error message may be bound.static StringAUTHENTICATION_EXCEPTION_KEYRequest attribute to which an exception may be bound.static StringAUTHENTICATION_INSTANT_KEYRequest attribute to which an authentication timestamp may be bound.static StringCONVERSATION_KEYParameter supplied to identify the per-conversation parameter.static StringDONOTCACHE_KEYRequest attribute to which a signal not to cache the result may be bound.static StringEXTENDED_FLOW_PARAMRequest attribute that indicates whether we're being called as an extension of another login flow.static StringFORCE_AUTHN_PARAMRequest attribute that indicates whether the authentication request requires forced authentication.static StringPASSIVE_AUTHN_PARAMRequest attribute that indicates whether the authentication requires passive authentication.static StringPREVIOUSRESULT_KEYRequest attribute to which a signal to setAuthenticationResult.setPreviousResult(boolean)may be bound.static StringPRINCIPAL_KEYRequest attribute to which user's principal should be bound.static StringPRINCIPAL_NAME_KEYRequest attribute to which user's principal name should be bound.static StringRELYING_PARTY_PARAMRequest attribute that provides the entity ID of the relying party that is requesting authentication.static StringREVOKECONSENT_KEYRequest attribute to which a signal to revoke consent for attribute release may be bound.static StringSUBJECT_KEYRequest attribute to which user's subject should be bound.static StringSWF_KEYParameter supplied to locate the SWF object needed in the servlet context. -
Constructor Summary
Constructors Constructor Description ExternalAuthentication() -
Method Summary
Modifier and Type Method Description protected abstract voiddoFinish(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, ProfileRequestContext profileRequestContext, ExternalAuthenticationContext externalAuthenticationContext)Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.protected voiddoStart(javax.servlet.http.HttpServletRequest request, ProfileRequestContext profileRequestContext, ExternalAuthenticationContext externalAuthenticationContext)Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.static voidfinishExternalAuthentication(String key, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.private static ExternalAuthenticationContextgetExternalAuthenticationContext(ProfileRequestContext profileRequestContext)Utility method to access theExternalAuthenticationContext.static StringgetExternalRedirect(String baseLocation, String conversationValue)Computes the appropriate location to pass control to to invoke an external authentication mechanism.static ProfileRequestContextgetProfileRequestContext(String key, javax.servlet.http.HttpServletRequest request)Get theProfileRequestContextassociated with a request.static StringstartExternalAuthentication(javax.servlet.http.HttpServletRequest request)Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.
-
Field Details
-
SWF_KEY
Parameter supplied to locate the SWF object needed in the servlet context.- See Also:
- Constant Field Values
-
CONVERSATION_KEY
Parameter supplied to identify the per-conversation parameter.- See Also:
- Constant Field Values
-
PRINCIPAL_KEY
Request attribute to which user's principal should be bound.- See Also:
- Constant Field Values
-
PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound.- See Also:
- Constant Field Values
-
SUBJECT_KEY
Request attribute to which user's subject should be bound.- See Also:
- Constant Field Values
-
AUTHENTICATION_INSTANT_KEY
Request attribute to which an authentication timestamp may be bound.- See Also:
- Constant Field Values
-
AUTHENTICATING_AUTHORITIES_KEY
Request attribute to which a collection of authenticating authorities may be bound.- Since:
- 3.4.0
- See Also:
- Constant Field Values
-
ATTRIBUTES_KEY
Request attribute to which a collection ofIdPAttributeobjects may be bound.- Since:
- 4.0.0
- See Also:
- Constant Field Values
-
AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound.- See Also:
- Constant Field Values
-
AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an exception may be bound.- See Also:
- Constant Field Values
-
DONOTCACHE_KEY
Request attribute to which a signal not to cache the result may be bound.- See Also:
- Constant Field Values
-
REVOKECONSENT_KEY
Request attribute to which a signal to revoke consent for attribute release may be bound.- Since:
- 3.2.0
- See Also:
- Constant Field Values
-
PREVIOUSRESULT_KEY
Request attribute to which a signal to setAuthenticationResult.setPreviousResult(boolean)may be bound.- Since:
- 3.3.0
- See Also:
- Constant Field Values
-
FORCE_AUTHN_PARAM
Request attribute that indicates whether the authentication request requires forced authentication.- See Also:
- Constant Field Values
-
PASSIVE_AUTHN_PARAM
Request attribute that indicates whether the authentication requires passive authentication.- See Also:
- Constant Field Values
-
RELYING_PARTY_PARAM
Request attribute that provides the entity ID of the relying party that is requesting authentication.- See Also:
- Constant Field Values
-
EXTENDED_FLOW_PARAM
Request attribute that indicates whether we're being called as an extension of another login flow.- Since:
- 3.2.0
- See Also:
- Constant Field Values
-
-
Constructor Details
-
ExternalAuthentication
public ExternalAuthentication()
-
-
Method Details
-
getExternalRedirect
@Nonnull @NotEmpty public static String getExternalRedirect(@Nonnull @NotEmpty String baseLocation, @Nonnull @NotEmpty String conversationValue)Computes the appropriate location to pass control to to invoke an external authentication mechanism.The input location should be suitable for use in a Spring "externalRedirect" expression, and may contain a query string. The result will include any additional parameters needed to invoke the mechanism.
- Parameters:
baseLocation- the base location to build off ofconversationValue- the value to include as a conversation ID- Returns:
- the computed location
- Since:
- 3.2.0
-
startExternalAuthentication
@Nonnull @NotEmpty public static String startExternalAuthentication(@Nonnull javax.servlet.http.HttpServletRequest request) throws ExternalAuthenticationExceptionInitialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.- Parameters:
request- servlet request- Returns:
- a handle to subsequent use of
finishExternalAuthentication(java.lang.String, HttpServletRequest, HttpServletResponse) - Throws:
ExternalAuthenticationException- if an error occurs
-
finishExternalAuthentication
public static void finishExternalAuthentication(@Nonnull @NotEmpty String key, @Nonnull javax.servlet.http.HttpServletRequest request, @Nonnull javax.servlet.http.HttpServletResponse response) throws ExternalAuthenticationException, IOExceptionComplete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.- Parameters:
key- the value returned bystartExternalAuthentication(HttpServletRequest)request- servlet requestresponse- servlet response- Throws:
ExternalAuthenticationException- if an error occursIOException- if the redirect cannot be issued
-
getProfileRequestContext
@Nonnull public static ProfileRequestContext getProfileRequestContext(@Nonnull @NotEmpty String key, @Nonnull javax.servlet.http.HttpServletRequest request) throws ExternalAuthenticationExceptionGet theProfileRequestContextassociated with a request.- Parameters:
key- the value returned bystartExternalAuthentication(HttpServletRequest)request- servlet request- Returns:
- the profile request context
- Throws:
ExternalAuthenticationException- if an error occurs
-
getExternalAuthenticationContext
@Nonnull private static ExternalAuthenticationContext getExternalAuthenticationContext(@Nonnull ProfileRequestContext profileRequestContext) throws ExternalAuthenticationExceptionUtility method to access theExternalAuthenticationContext.- Parameters:
profileRequestContext- profile request context- Returns:
- the
ExternalAuthenticationContextto operate on - Throws:
ExternalAuthenticationException- if the context is missing
-
doStart
protected void doStart(@Nonnull javax.servlet.http.HttpServletRequest request, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationExceptionInitialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.- Parameters:
request- servlet requestprofileRequestContext- current profile request contextexternalAuthenticationContext- external authentication context- Throws:
ExternalAuthenticationException- if an error occurs
-
doFinish
protected abstract void doFinish(@Nonnull javax.servlet.http.HttpServletRequest request, @Nonnull javax.servlet.http.HttpServletResponse response, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull ExternalAuthenticationContext externalAuthenticationContext) throws ExternalAuthenticationException, IOExceptionComplete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.- Parameters:
request- servlet requestresponse- servlet responseprofileRequestContext- current profile request contextexternalAuthenticationContext- external authentication context- Throws:
ExternalAuthenticationException- if an error occursIOException- if the redirect cannot be issued
-