Package net.shibboleth.idp.authn.context

Class SubjectContext

java.lang.Object
org.opensaml.messaging.context.BaseContext
net.shibboleth.idp.authn.context.SubjectContext
All Implemented Interfaces:
Iterable<BaseContext>
public final class SubjectContext extends BaseContext
A context that holds information about the subject of a request.

The subject may or may not be authenticated, such as in a back-channel profile, but profiles that operate on subjects can treat the information as "trusted" for their purposes. This context must not be used to carry speculative or unverified subject information.

This is the ultimate product of a successful authentication process.

A second field is available to store an identity that is impersonating the effective subject identity. Profiles should operate on the effective subject unless they need to be aware of both identities.

Parent:
ProfileRequestContext
Added:
After the subject of a request is determined

  • Field Details

    • impersonatingPrincipalName

      @Nullable private String impersonatingPrincipalName
      Canonical principal name of an impersonating identity.

    • principalName

      @Nullable private String principalName
      Canonical principal name of subject.

    • authenticationResults

      @Nonnull @NonnullElements private final Map<String,AuthenticationResult> authenticationResults
      The active authentication results for the subject.

  • Constructor Details

    • SubjectContext

      public SubjectContext()
      Constructor.

  • Method Details

    • getPrincipalName

      @Nullable public String getPrincipalName()
      Get the canonical principal name of the subject.
      Returns:
      the canonical principal name

    • setPrincipalName

      @Nonnull public SubjectContext setPrincipalName(@Nullable String name)
      Set the canonical principal name of the subject.
      Parameters:
      name - the canonical principal name
      Returns:
      this context

    • getImpersonatingPrincipalName

      @Nullable public String getImpersonatingPrincipalName()
      Get the canonical principal name of an identity that is impersonating the subject.
      Returns:
      the canonical principal name of an impersonating identity
      Since:
      3.4.0

    • setImpersonatingPrincipalName

      @Nonnull public SubjectContext setImpersonatingPrincipalName(@Nullable String name)
      Set the canonical principal name of an identity that is impersonating the subject.
      Parameters:
      name - the canonical principal name of an impersonating identity
      Returns:
      this context
      Since:
      3.4.0

    • getAuthenticationResults

      @Nonnull @NonnullElements @Live public Map<String,AuthenticationResult> getAuthenticationResults()
      Get a mutable map of authentication flow IDs to authentication results.
      Returns:
      mutable map of authentication flow IDs to authentication results

    • getSubjects

      @Nonnull @NonnullElements @Unmodifiable @NotLive public List<Subject> getSubjects()
      Get an immutable list of Subjects extracted from every AuthenticationResult associated with the context.
      Returns:
      immutable list of Subjects