Class ProcessRequestedAuthnContext

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ProcessRequestedAuthnContext
extends AbstractAuthenticationAction
An authentication action that processes the RequestedAuthnContext in a SAML 2 AuthnRequest, and populates a RequestedPrincipalContext with the corresponding information.

If this feature is disallowed by profile configuration, then an error event is signaled.

Each requested context class or declaration reference is translated into a custom Principal for use by the authentication subsystem to drive flow selection.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, EventIds.ACCESS_DENIED
  • Field Details

  • Constructor Details

    • ProcessRequestedAuthnContext

      public ProcessRequestedAuthnContext()
      Constructor.
  • Method Details

    • setRelyingPartyContextLookupStrategy

      public void setRelyingPartyContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​RelyingPartyContext> strategy)
      Set the strategy used to return the RelyingPartyContext for configuration options.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0
    • setAuthnRequestLookupStrategy

      public void setAuthnRequestLookupStrategy​(@Nonnull Function<ProfileRequestContext,​AuthnRequest> strategy)
      Set the strategy used to locate the AuthnRequest to read from.
      Parameters:
      strategy - lookup strategy
    • setIgnoredContexts

      public void setIgnoredContexts​(@Nonnull @NonnullElements Collection<String> contexts)
      Set the context class or declaration URIs to ignore if found in a request.

      This defaults to only AuthnContext.UNSPECIFIED_AUTHN_CTX.

      Parameters:
      contexts - contexts to ignore
    • doPreExecute

      protected boolean doPreExecute​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action's pre-execute step. Default implementation just returns true.
      Overrides:
      doPreExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context
      Returns:
      true iff execution should continue
    • doExecute

      protected void doExecute​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context