Package net.shibboleth.idp.authn.config
Interface AuthenticationProfileConfiguration
-
- All Superinterfaces:
Component,IdentifiedComponent,ProfileConfiguration
- All Known Subinterfaces:
AdministrativeFlowDescriptor
- All Known Implementing Classes:
BasicAdministrativeFlowDescriptor,BrowserSSOProfileConfiguration,BrowserSSOProfileConfiguration,ECPProfileConfiguration,LoginConfiguration,OneTimeAdministrativeFlowDescriptor,SSOSProfileConfiguration
public interface AuthenticationProfileConfiguration extends ProfileConfiguration
Configuration of profiles for authentication.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description Set<String>getAuthenticationFlows(ProfileRequestContext profileRequestContext)Get the allowable authentication flows for this profile.List<Principal>getDefaultAuthenticationMethods(ProfileRequestContext profileRequestContext)Get the default authentication methods to use, expressed as custom principals.List<String>getPostAuthenticationFlows(ProfileRequestContext profileRequestContext)Get an ordered list of post-authentication interceptor flows to run for this profile.IntegergetProxyCount(ProfileRequestContext profileRequestContext)Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.booleanisForceAuthn(ProfileRequestContext profileRequestContext)Get whether the authentication process should include a proof of user presence.default booleanisLocal()Get whether this profile is for functionality local to the IdP.-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration
getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration
-
-
-
-
Method Detail
-
getDefaultAuthenticationMethods
@Nonnull @NonnullElements @NotLive @Unmodifiable List<Principal> getDefaultAuthenticationMethods(@Nullable ProfileRequestContext profileRequestContext)
Get the default authentication methods to use, expressed as custom principals.- Parameters:
profileRequestContext- current profile request context- Returns:
- default authentication methods to use
-
getAuthenticationFlows
@Nonnull @NonnullElements @NotLive @Unmodifiable Set<String> getAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
Get the allowable authentication flows for this profile.The flow IDs returned MUST NOT contain the
AuthenticationFlowDescriptor.FLOW_ID_PREFIXprefix common to all interceptor flows.- Parameters:
profileRequestContext- current profile request context- Returns:
- a set of authentication flow IDs to allow
-
getPostAuthenticationFlows
@Nonnull @NonnullElements @NotLive @Unmodifiable List<String> getPostAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
Get an ordered list of post-authentication interceptor flows to run for this profile.The flow IDs returned MUST NOT contain the
ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIXprefix common to all interceptor flows.- Parameters:
profileRequestContext- current profile request context- Returns:
- a set of interceptor flow IDs to enable
-
isForceAuthn
boolean isForceAuthn(@Nullable ProfileRequestContext profileRequestContext)Get whether the authentication process should include a proof of user presence.- Parameters:
profileRequestContext- current profile request context- Returns:
- true iff authentication should require user presence
- Since:
- 4.0.0
-
getProxyCount
@NonNegative @Nullable Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.- Parameters:
profileRequestContext- current profile request context- Returns:
- maximum number of times an assertion or authentication may be proxied
- Since:
- 4.0.0
-
isLocal
default boolean isLocal()
Get whether this profile is for functionality local to the IdP.Most authentication profiles are non-local, designed to issue security tokens to other systems, so this is generally false.
- Returns:
- true iff the use of the associated profile is local to the IdP
-
-