Package net.shibboleth.idp.authn.impl

Implementation of various authentication actions.

Class Summary

Class	Description
AttributeSourcedSubjectCanonicalization	An action that extracts a resolved IdPAttribute value from an AttributeContext child obtained via lookup function (by default a child of the SubjectCanonicalizationContext), and uses it as the result of subject canonicalization.
AuthenticationFlowDescriptorManager	Manager of AuthenticationFlowDescriptor objects.
DefaultAuthenticationResultSerializer	Handles serialization of results, delegating handling of Principal objects to one or more PrincipalSerializer plugins.
DoLockoutManagerOperation	Action that implements a JSON REST API for the AccountLockoutManager interface.
ExternalAuthenticationImpl	Implementation of the ExternalAuthentication API that handles moving information in and out of request attributes.
ExtractKerberosTicketFromWSSToken	TODO.
ExtractRemoteUser	An action that extracts an asserted user identity from the incoming request, creates a UsernameContext, and attaches it to the AuthenticationContext.
ExtractUserAgentAddress	An action that extracts the user-agent's IP address from the incoming request, creates a UserAgentContext, and attaches it to the AuthenticationContext.
ExtractUserAgentIdentifier	An action that extracts the user-agent's identifier from the incoming request, creates a UserAgentContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromBasicAuth	/** An action that extracts a username and password from the HTTP HttpHeaders.AUTHORIZATION header, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromFormRequest	An action that extracts a username and password from an HTTP form body or query string, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromWSSToken	An authentication stage that extracts a username/password from the WSS Username/Password attached to a SOAP message.
ExtractX509CertificateFromRequest	An action that extracts an X.509 certificate from the standard servlet request attribute, creates a CertificateContext, and attaches it to the AuthenticationContext.
FilterFlowsByForcedAuthn	An authentication action that filters out potential authentication flows if the request requires forced authentication or max age behavior and the flows don't support forced authentication.
FilterFlowsByNonBrowserSupport	An authentication action that filters out potential authentication flows if the request requires non-browser support and the flows require a browser.
FinalizeAuthentication	An authentication action that runs after a completed authentication flow (or the reuse of an active result) and transfers information from other contexts into a SubjectContext child of the ProfileRequestContext.
FinalizeMultiFactorAuthentication	An authentication action that completes MFA by producing a final AuthenticationResult out of whatever constituent parts and pieces exist, by means of an overridable function, storing it in the AuthenticationContext and preparing a fresh SubjectCanonicalizationContext to operate on.
FinalizeMultiFactorAuthentication.DefaultResultMergingStrategy	Default merging strategy to combine individual AuthenticationResult objects into a single result.
HTPasswdCredentialValidator	A password validator that authenticates against Apache htpasswd files.
InitializeRequestedPrincipalContext	An action that creates an RequestedPrincipalContext and attaches it to the current AuthenticationContext, if the profile request context contains a RelyingPartyContext with an AuthenticationProfileConfiguration containing one or more default authentication methods.
JAASCredentialValidator	A password validator that authenticates against JAAS.
KerberosCredentialValidator	A password validator that authenticates against Kerberos natively, with optional service ticket verification.
KeystoreResourceCredentialConfig	Implementation of CredentialConfig that loads keystore and truststore data using a Resource.
LDAPCredentialValidator	A password validator that authenticates against LDAP natively.
PopulateAuthenticationContext	An action that populates an AuthenticationContext with the AuthenticationFlowDescriptor objects configured into the IdP, potential flows filtered by flow IDs from a lookup function.
PopulateMultiFactorAuthenticationContext	An action that creates and populates a MultiFactorAuthenticationContext with the set of transition rules to use for coordinating activity, the executing AuthenticationFlowDescriptor and with any active "factors" found, if an active result from the MFA flow is present in the AuthenticationContext.
PopulateSubjectCanonicalizationContext	An action that populates a SubjectCanonicalizationContext with the SubjectCanonicalizationFlowDescriptor objects configured into the IdP.
PreserveAuthenticationFlowState	An action that extracts configured parameters from a servlet request and populates AuthenticationContext.getAuthenticationStateMap() with the data.
RelyingPartyMapJAASLoginConfigStrategy	An implementation of the loginConfigStrategy for JAASCredentialValidator which uses a supplied map to resolve the JAAS config to use.
RemoteUserAuthServlet	Extracts authentication information from the request and returns it via the IdP's external authentication interface.
SelectAuthenticationFlow	An authentication action that selects an authentication flow to invoke, or re-uses an existing result for SSO.
SelectSubjectCanonicalizationFlow	A canonicalization action that selects a canonicalization flow to invoke.
SimpleSubjectCanonicalization	An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one UsernamePrincipal custom principal.
SimpleSubjectCanonicalization.ActivationCondition	A predicate that determines if this action can run or not.
StorageBackedAccountLockoutManager	Implementation of AccountLockoutManager interface that relies on a StorageService to track lockout state.
StorageBackedAccountLockoutManager.UsernameIPLockoutKeyStrategy	A function to generate a key for lockout storage.
TransitionMultiFactorAuthentication	An authentication action that acts as the driver regulating execution of transitions between MFA stages.
ValidateCredentials	An action that processes a list of CredentialValidator objects to produce an AuthenticationResult.
ValidateCredentials.UsernamePasswordCleanupHook	A default cleanup hook that removes the UsernamePasswordContext from the tree.
ValidateExternalAuthentication	An action that checks for an ExternalAuthenticationContext and directly produces an AuthenticationResult or records error state based on the contents.
ValidateFunctionResult	An action that executes a deployer-supplied function and produces an AuthenticationResult based on the function result.
ValidateRemoteUser	An action that checks for a UsernameContext and directly produces an AuthenticationResult based on that identity.
ValidateUserAgentAddress	An action that ensures that a user-agent address found within a UserAgentContext is within a given range and generates an AuthenticationResult.
ValidateX509Certificate	An action that checks for a CertificateContext containing X509Certificate objects, and directly produces an AuthenticationResult based on that identity, after optionally validating the certificate(s) against a TrustEngine.
X500SubjectCanonicalization	An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one X509Certificate public credential, or in its absence one and only one X500Principal.
X500SubjectCanonicalization.ActivationCondition	A predicate that determines if this action can run or not.
X509AuthServlet	Servlet compatible with the ExternalAuthentication interface that extracts and validates an X.509 client certificate for user authentication.
X509ProxyFilter	Servlet filter to translate Apache mod_ssl certificate variables into Java servlet attributes.
X509ResourceCredentialConfig	Implementation of CredentialConfig that loads trust and key material using a Resource.