Package net.shibboleth.idp.authn.impl
Class FinalizeMultiFactorAuthentication
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.authn.impl.FinalizeMultiFactorAuthentication
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class FinalizeMultiFactorAuthentication extends AbstractAuthenticationAction
An authentication action that completes MFA by producing a final
AuthenticationResult
out of whatever constituent parts and pieces exist, by means of an overridable function,
storing it in the AuthenticationContext and preparing a fresh SubjectCanonicalizationContext
to operate on.- Event:
EventIds.PROCEED_EVENT_ID,EventIds.INVALID_PROFILE_CTX,AuthnEventIds.INVALID_AUTHN_CTX- Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class).getSubcontext( MultiFactorAuthenticationContext.class) != null- Postcondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAuthenticationResult() != null
,ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classFinalizeMultiFactorAuthentication.DefaultResultMergingStrategyDefault merging strategy to combine individualAuthenticationResultobjects into a single result. -
Field Summary
Fields Modifier and Type Field Description private org.slf4j.LoggerlogClass logger.private MultiFactorAuthenticationContextmfaContextA subordinateMultiFactorAuthenticationContext, if any.private Function<ProfileRequestContext,MultiFactorAuthenticationContext>multiFactorContextLookupStrategyLookup function for the context to evaluate.private Function<ProfileRequestContext,String>requesterLookupStrategyFunction used to obtain the requester ID.private Function<ProfileRequestContext,String>responderLookupStrategyFunction used to obtain the responder ID.private Predicate<ProfileRequestContext>resultCachingPredicatePredicate to apply when setting AuthenticationResult cacheability.private Function<ProfileRequestContext,AuthenticationResult>resultMergingStrategyStrategy function to produce a final, merged result. -
Constructor Summary
Constructors Constructor Description FinalizeMultiFactorAuthentication()Constructor. -
Method Summary
Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)Performs this authentication action.protected voiddoInitialize()protected booleandoPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)Performs this authentication action's pre-execute step.voidsetMultiFactorContextLookupStrategy(Function<ProfileRequestContext,MultiFactorAuthenticationContext> strategy)Set the lookup strategy to use for the context to evaluate.voidsetRequesterLookupStrategy(Function<ProfileRequestContext,String> strategy)Set the strategy used to locate the requester ID for canonicalization.voidsetResponderLookupStrategy(Function<ProfileRequestContext,String> strategy)Set the strategy used to locate the responder ID for canonicalization.voidsetResultCachingPredicate(Predicate<ProfileRequestContext> predicate)Set predicate to apply to determine cacheability ofAuthenticationResult.voidsetResultMergingStrategy(Function<ProfileRequestContext,AuthenticationResult> strategy)Set the result merging strategy to use.Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategyMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponseMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
multiFactorContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,MultiFactorAuthenticationContext> multiFactorContextLookupStrategyLookup function for the context to evaluate. -
resultMergingStrategy
@NonnullAfterInit private Function<ProfileRequestContext,AuthenticationResult> resultMergingStrategyStrategy function to produce a final, merged result. -
resultCachingPredicate
Predicate to apply when setting AuthenticationResult cacheability. -
requesterLookupStrategy
Function used to obtain the requester ID. -
responderLookupStrategy
Function used to obtain the responder ID. -
mfaContext
A subordinateMultiFactorAuthenticationContext, if any.
-
-
Constructor Details
-
FinalizeMultiFactorAuthentication
public FinalizeMultiFactorAuthentication()Constructor.
-
-
Method Details
-
setMultiFactorContextLookupStrategy
public void setMultiFactorContextLookupStrategy(@Nonnull Function<ProfileRequestContext,MultiFactorAuthenticationContext> strategy)Set the lookup strategy to use for the context to evaluate.- Parameters:
strategy- lookup strategy
-
setResultMergingStrategy
public void setResultMergingStrategy(@Nullable Function<ProfileRequestContext,AuthenticationResult> strategy)Set the result merging strategy to use.- Parameters:
strategy- result merging strategy
-
setResultCachingPredicate
Set predicate to apply to determine cacheability ofAuthenticationResult.- Parameters:
predicate- predicate to apply, or null
-
setRequesterLookupStrategy
Set the strategy used to locate the requester ID for canonicalization.- Parameters:
strategy- lookup strategy
-
setResponderLookupStrategy
Set the strategy used to locate the responder ID for canonicalization.- Parameters:
strategy- lookup strategy
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)Performs this authentication action's pre-execute step. Default implementation just returns true.- Overrides:
doPreExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context- Returns:
- true iff execution should continue
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)Performs this authentication action. Default implementation throws an exception.- Overrides:
doExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context
-