Package net.shibboleth.idp.authn.duo.impl

Class ExtractDuoAuthenticationFromHeaders

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.authn.duo.impl.ExtractDuoAuthenticationFromHeaders
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
public class ExtractDuoAuthenticationFromHeaders extends AbstractAuthenticationAction
An action that extracts the Duo factor and device or passcode from HTTP request headers into a DuoAuthenticationContext, and attaches it to the AuthenticationContext.
Event:
EventIds.PROCEED_EVENT_ID, AuthnEventIds.NO_CREDENTIALS
Precondition:
      ProfileRequestContext.getSubcontext(AuthenticationContext.class) != null
Postcondition:
If getHttpServletRequest() != null, the content of the headers are checked. The information found will be attached via a DuoAuthenticationContext.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • autoAuthenticationSupported

      private boolean autoAuthenticationSupported
      Whether "auto" should be the default for factor and device.

    • clientAddressTrusted

      private boolean clientAddressTrusted
      Whether to trust, and extract, the client address.

    • factorHeaderName

      @Nonnull @NotEmpty private String factorHeaderName
      Header name for factor.

    • deviceHeaderName

      @Nonnull @NotEmpty private String deviceHeaderName
      Header name for device.

    • passcodeHeaderName

      @Nonnull @NotEmpty private String passcodeHeaderName
      Header name for passcode.

    • pushInfoLookupStrategy

      @Nullable private Function<ProfileRequestContext,Map<String,String>> pushInfoLookupStrategy
      Strategy function for populating pushinfo AuthAPI parameter.

  • Constructor Details

    • ExtractDuoAuthenticationFromHeaders

      ExtractDuoAuthenticationFromHeaders()
      Constructor.

  • Method Details

    • setFactorHeader

      public void setFactorHeader(@Nonnull @NotEmpty String headerName)
      Set the factor header name.
      Parameters:
      headerName - the factor header name

    • setDeviceHeader

      public void setDeviceHeader(@Nonnull @NotEmpty String headerName)
      Set the device header name.
      Parameters:
      headerName - the factor header name

    • setPasscodeHeader

      public void setPasscodeHeader(@Nonnull @NotEmpty String headerName)
      Set the passcode header name.
      Parameters:
      headerName - the factor header name

    • isClientAddressTrusted

      public boolean isClientAddressTrusted()
      Get whether the client address should be trusted for use in API calls.
      Returns:
      whether client address should be trusted

    • setClientAdddressTrusted

      public void setClientAdddressTrusted(boolean flag)
      Set whether the client address should be trusted for use in API calls.
      Parameters:
      flag - flag to set

    • isAutoAuthenticationSupported

      public boolean isAutoAuthenticationSupported()
      Get whether "auto" is the default setting.
      Returns:
      whether "auto" is the default setting

    • setAutoAuthenticationSupported

      public void setAutoAuthenticationSupported(boolean flag)
      Set whether "auto" is the default setting.
      Parameters:
      flag - flag to set

    • setPushInfoLookupStrategy

      public void setPushInfoLookupStrategy(@Nullable Function<ProfileRequestContext,Map<String,String>> strategy)
      Set lookup strategy for AuthAPI pushinfo parameter.
      Parameters:
      strategy - lookup strategy

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context

    • extractHeaders

      protected void extractHeaders(@Nonnull DuoAuthenticationContext context)
      Extracts the Duo API arguments passed in via the request headers.
      Parameters:
      context - the DuoApiAuthContext to store the parameters in