Package net.shibboleth.idp.session.impl
Class DetectIdentitySwitch
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.session.impl.DetectIdentitySwitch
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
An authentication action that checks for a mismatch between an existing session's identity and
the result of a newly canonicalized subject (from a
SubjectCanonicalizationContext).
On a mismatch it destroys a pre-existing session and clears AuthenticationContext
and SessionContext state such that no trace of its impact on the contexts remains, and
signals the event.
An error interacting with the session layer will result in an EventIds.IO_ERROR event.
- Event:
EventIds.PROCEED_EVENT_ID,EventIds.INVALID_PROFILE_CTX,EventIds.IO_ERROR,AuthnEventIds.IDENTITY_SWITCH- Postcondition:
- If an identity switch is detected, SessionContext.getIdPSession() == null && AuthenticationContext.getActiveResults().isEmpty()
-
Field Summary
FieldsModifier and TypeFieldDescriptionLookup function for SubjectCanonicalizationContext.private final org.slf4j.LoggerClass logger.private StringA newly established principal name to check.private Function<ProfileRequestContext,SessionContext> Lookup function for SessionContext.private SessionContextSessionContext to operate on.private SessionManagerSessionManager. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext) Performs this authentication action.protected voidprotected booleandoPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext) Performs this authentication action's pre-execute step.voidSet the lookup strategy for the SessionContext to access.voidsetSessionManager(SessionManager manager) Set theSessionManagerto use.voidsetSubjectCanonicalizationContextLookupStrategy(Function<ProfileRequestContext, SubjectCanonicalizationContext> strategy) Set the lookup strategy for the SubjectCanonicalizationContext to access.Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategyMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponseMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
sessionManager
SessionManager. -
sessionContextLookupStrategy
Lookup function for SessionContext. -
c14nContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,SubjectCanonicalizationContext> c14nContextLookupStrategyLookup function for SubjectCanonicalizationContext. -
sessionCtx
SessionContext to operate on. -
newPrincipalName
A newly established principal name to check.
-
-
Constructor Details
-
DetectIdentitySwitch
public DetectIdentitySwitch()Constructor.
-
-
Method Details
-
setSessionManager
Set theSessionManagerto use.- Parameters:
manager- session manager to use
-
setSessionContextLookupStrategy
public void setSessionContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SessionContext> strategy) Set the lookup strategy for the SessionContext to access.- Parameters:
strategy- lookup strategy
-
setSubjectCanonicalizationContextLookupStrategy
public void setSubjectCanonicalizationContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SubjectCanonicalizationContext> strategy) Set the lookup strategy for the SubjectCanonicalizationContext to access.- Parameters:
strategy- lookup strategy
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) Performs this authentication action's pre-execute step. Default implementation just returns true.- Overrides:
doPreExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context- Returns:
- true iff execution should continue
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) Performs this authentication action. Default implementation throws an exception.- Overrides:
doExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context
-