Class DetectIdentitySwitch

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class DetectIdentitySwitch
extends AbstractAuthenticationAction
An authentication action that checks for a mismatch between an existing session's identity and the result of a newly canonicalized subject (from a SubjectCanonicalizationContext).

On a mismatch it destroys a pre-existing session and clears AuthenticationContext and SessionContext state such that no trace of its impact on the contexts remains, and signals the event.

An error interacting with the session layer will result in an EventIds.IO_ERROR event.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.IO_ERROR, AuthnEventIds.IDENTITY_SWITCH
Postcondition:
If an identity switch is detected, SessionContext.getIdPSession() == null && AuthenticationContext.getActiveResults().isEmpty()