Class ProxyAwareForceAuthnPredicate

All Implemented Interfaces:

public class ProxyAwareForceAuthnPredicate
extends Object
implements Predicate<ProfileRequestContext>
Implements a set of default logic for determining whether ForceAuthn should be applied.

This operates in two different scenarios: ordinary use and proxy SAML authentication use, detectable by whether the input context is parent-less (the former), or the child of an AuthenticationContext.

In normal use, the value returned is false, requiring it to be explicitly superceded.

In proxy use, the value returned is false unless the parent context itself indicates the use of forced authentication, which was itself established in most cases from this function running previously or being overridden by a default. In other words, the proxy default is "passthrough" of the value.