Class LoginConfiguration

All Implemented Interfaces:
AuthenticationProfileConfiguration, ConditionalProfileConfiguration, ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

public class LoginConfiguration
extends AbstractProtocolConfiguration
implements AuthenticationProfileConfiguration
CAS protocol configuration that applies to the /login URI.
  • Field Details

  • Constructor Details

    • LoginConfiguration

      public LoginConfiguration()
      Creates a new instance.
  • Method Details

    • getDefaultAuthenticationMethods

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<Principal> getDefaultAuthenticationMethods​(@Nullable ProfileRequestContext profileRequestContext)
      Get the default authentication methods to use, expressed as custom principals.
      Specified by:
      getDefaultAuthenticationMethods in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      default authentication methods to use
    • setDefaultAuthenticationMethods

      public void setDefaultAuthenticationMethods​(@Nullable @NonnullElements Collection<AuthnContextClassRefPrincipal> contexts)
      Set the default authentication contexts to use, expressed as custom principals.
      Parameters:
      contexts - default authentication contexts to use
    • setDefaultAuthenticationMethodsLookupStrategy

      public void setDefaultAuthenticationMethodsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Collection<AuthnContextClassRefPrincipal>> strategy)
      Set a lookup strategy for the default authentication contexts to use.
      Parameters:
      strategy - lookup strategy
    • getAuthenticationFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public Set<String> getAuthenticationFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get the allowable authentication flows for this profile.

      The flow IDs returned MUST NOT contain the AuthenticationFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of authentication flow IDs to allow
    • setAuthenticationFlows

      public void setAuthenticationFlows​(@Nullable @NonnullElements Collection<String> flows)
      Set the authentication flows to use.
      Parameters:
      flows - flow identifiers to use
    • setAuthenticationFlowsLookupStrategy

      public void setAuthenticationFlowsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Set<String>> strategy)
      Set a lookup strategy for the authentication flows to use.
      Parameters:
      strategy - lookup strategy
    • getPostAuthenticationFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getPostAuthenticationFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of post-authentication interceptor flows to run for this profile.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getPostAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable
    • setPostAuthenticationFlows

      public void setPostAuthenticationFlows​(@Nullable @NonnullElements Collection<String> flows)
      Set the ordered collection of post-authentication interceptor flows to enable.
      Parameters:
      flows - flow identifiers to enable
    • setPostAuthenticationFlowsLookupStrategy

      public void setPostAuthenticationFlowsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Collection<String>> strategy)
      Set a lookup strategy for the post-authentication interceptor flows to enable.
      Parameters:
      strategy - lookup strategy
    • isForceAuthn

      public boolean isForceAuthn​(@Nullable ProfileRequestContext profileRequestContext)
      Get whether the authentication process should include a proof of user presence.
      Specified by:
      isForceAuthn in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff authentication should require user presence
    • setForceAuthn

      public void setForceAuthn​(boolean flag)
      Set whether a fresh user presence proof should be required for this request.
      Parameters:
      flag - flag to set
    • setForceAuthnPredicate

      public void setForceAuthnPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether a fresh user presence proof should be required for this request.
      Parameters:
      condition - condition to set
    • getProxyCount

      @Nullable public Integer getProxyCount​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Specified by:
      getProxyCount in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion or authentication may be proxied
    • setProxyCount

      public void setProxyCount​(@Nullable @NonNegative Integer count)
      Sets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      count - proxy count
      Since:
      4.0.0
    • setProxyCountLookupStrategy

      public void setProxyCountLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Integer> strategy)
      Set a lookup strategy for the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      strategy - lookup strategy
      Since:
      4.0.0
    • getDefaultTicketPrefix

      @Nonnull @NotEmpty protected String getDefaultTicketPrefix()
      Get default ticket prefix.
      Specified by:
      getDefaultTicketPrefix in class AbstractProtocolConfiguration
      Returns:
      prefix
    • getDefaultTicketLength

      protected int getDefaultTicketLength()
      Get default ticket length.
      Specified by:
      getDefaultTicketLength in class AbstractProtocolConfiguration
      Returns:
      length