net.shibboleth.idp.authn

Class ExternalAuthentication

java.lang.Object

net.shibboleth.idp.authn.ExternalAuthentication

public class ExternalAuthentication
extends Object

Public interface supporting external authentication outside the webflow engine.

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHENTICATING_AUTHORITIES_KEY Request attribute to which a collection of authenticating authorities may be bound.
static String	AUTHENTICATION_ERROR_KEY Request attribute to which an error message may be bound.
static String	AUTHENTICATION_EXCEPTION_KEY Request attribute to which an exception may be bound.
static String	AUTHENTICATION_INSTANT_KEY Request attribute to which an authentication timestamp may be bound.
static String	AUTHN_METHOD_PARAM Deprecated.
static String	CONVERSATION_KEY Parameter supplied to identify the per-conversation structure in the session.
static String	DONOTCACHE_KEY Request attribute to which a signal not to cache the result may be bound.
static String	EXTENDED_FLOW_PARAM Request attribute that indicates whether we're being called as an extension of another login flow.
static String	FORCE_AUTHN_PARAM Request attribute that indicates whether the authentication request requires forced authentication.
static String	PASSIVE_AUTHN_PARAM Request attribute that indicates whether the authentication requires passive authentication.
static String	PREVIOUSRESULT_KEY Request attribute to which a signal to set AuthenticationResult.setPreviousResult(boolean) may be bound.
static String	PRINCIPAL_KEY Request attribute to which user's principal should be bound.
static String	PRINCIPAL_NAME_KEY Request attribute to which user's principal name should be bound.
static String	RELYING_PARTY_PARAM Request attribute that provides the entity ID of the relying party that is requesting authentication.
static String	REVOKECONSENT_KEY Request attribute to which a signal to revoke consent for attribute release may be bound.
static String	SUBJECT_KEY Request attribute to which user's subject should be bound.

Constructor Summary

Constructors

Constructor and Description
ExternalAuthentication()

Method Summary

Methods

Modifier and Type	Method and Description
protected void	doFinish(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.
protected void	doStart(javax.servlet.http.HttpServletRequest request) Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.
static void	finishExternalAuthentication(String key, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.
static String	getExternalRedirect(String baseLocation, String conversationValue) Computes the appropriate location to pass control to to invoke an external authentication mechanism.
protected ProfileRequestContext	getProfileRequestContext(javax.servlet.http.HttpServletRequest request) Get the ProfileRequestContext associated with a request.
static ProfileRequestContext	getProfileRequestContext(String key, javax.servlet.http.HttpServletRequest request) Get the ProfileRequestContext associated with a request.
static String	startExternalAuthentication(javax.servlet.http.HttpServletRequest request) Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CONVERSATION_KEY

@Nonnull
@NotEmpty
public static final String CONVERSATION_KEY

Parameter supplied to identify the per-conversation structure in the session.

See Also:

Constant Field Values

PRINCIPAL_KEY

@Nonnull
@NotEmpty
public static final String PRINCIPAL_KEY

Request attribute to which user's principal should be bound.

See Also:

Constant Field Values

PRINCIPAL_NAME_KEY

@Nonnull
@NotEmpty
public static final String PRINCIPAL_NAME_KEY

Request attribute to which user's principal name should be bound.

See Also:

Constant Field Values

SUBJECT_KEY

@Nonnull
@NotEmpty
public static final String SUBJECT_KEY

Request attribute to which user's subject should be bound.

See Also:

Constant Field Values

AUTHENTICATION_INSTANT_KEY

@Nonnull
@NotEmpty
public static final String AUTHENTICATION_INSTANT_KEY

Request attribute to which an authentication timestamp may be bound.

See Also:

Constant Field Values

AUTHENTICATING_AUTHORITIES_KEY

@Nonnull
@NotEmpty
public static final String AUTHENTICATING_AUTHORITIES_KEY

Request attribute to which a collection of authenticating authorities may be bound.

Since:

3.4.0

See Also:

Constant Field Values

AUTHENTICATION_ERROR_KEY

@Nonnull
@NotEmpty
public static final String AUTHENTICATION_ERROR_KEY

Request attribute to which an error message may be bound.

See Also:

Constant Field Values

AUTHENTICATION_EXCEPTION_KEY

@Nonnull
@NotEmpty
public static final String AUTHENTICATION_EXCEPTION_KEY

Request attribute to which an exception may be bound.

See Also:

Constant Field Values

DONOTCACHE_KEY

@Nonnull
@NotEmpty
public static final String DONOTCACHE_KEY

Request attribute to which a signal not to cache the result may be bound.

See Also:

Constant Field Values

REVOKECONSENT_KEY

@Nonnull
@NotEmpty
public static final String REVOKECONSENT_KEY

Request attribute to which a signal to revoke consent for attribute release may be bound.

Since:

3.2.0

See Also:

Constant Field Values

PREVIOUSRESULT_KEY

@Nonnull
@NotEmpty
public static final String PREVIOUSRESULT_KEY

Request attribute to which a signal to set AuthenticationResult.setPreviousResult(boolean) may be bound.

Since:

3.3.0

See Also:

Constant Field Values

FORCE_AUTHN_PARAM

@Nonnull
@NotEmpty
public static final String FORCE_AUTHN_PARAM

Request attribute that indicates whether the authentication request requires forced authentication.

See Also:

Constant Field Values

PASSIVE_AUTHN_PARAM

@Nonnull
@NotEmpty
public static final String PASSIVE_AUTHN_PARAM

Request attribute that indicates whether the authentication requires passive authentication.

See Also:

Constant Field Values

AUTHN_METHOD_PARAM

@Deprecated
@Nonnull
@NotEmpty
public static final String AUTHN_METHOD_PARAM

Deprecated.

Request attribute that provides which authentication method should be attempted.

See Also:

Constant Field Values

RELYING_PARTY_PARAM

@Nonnull
@NotEmpty
public static final String RELYING_PARTY_PARAM

Request attribute that provides the entity ID of the relying party that is requesting authentication.

See Also:

Constant Field Values

EXTENDED_FLOW_PARAM

@Nonnull
@NotEmpty
public static final String EXTENDED_FLOW_PARAM

Request attribute that indicates whether we're being called as an extension of another login flow.

Since:

3.2.0

See Also:

Constant Field Values

Constructor Detail

ExternalAuthentication

public ExternalAuthentication()

Method Detail

getExternalRedirect

@Nonnull
@NotEmpty
public static String getExternalRedirect(@Nonnull@NotEmpty
                                          String baseLocation,
                                          @Nonnull@NotEmpty
                                          String conversationValue)

Computes the appropriate location to pass control to to invoke an external authentication mechanism.

The input location should be suitable for use in a Spring "externalRedirect" expression, and may contain a query string. The result will include any additional parameters needed to invoke the mechanism.

Parameters:

baseLocation - the base location to build off of

conversationValue - the value to include as a conversation ID

Returns:

the computed location

Since:

3.2.0

startExternalAuthentication

@Nonnull
@NotEmpty
public static String startExternalAuthentication(@Nonnull
                                                  javax.servlet.http.HttpServletRequest request)
                                          throws ExternalAuthenticationException

Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.

Parameters:

request - servlet request

Returns:

a handle to subsequent use of finishExternalAuthentication(java.lang.String, HttpServletRequest, HttpServletResponse)

Throws:

ExternalAuthenticationException - if an error occurs

finishExternalAuthentication

public static void finishExternalAuthentication(@Nonnull@NotEmpty
                                String key,
                                @Nonnull
                                javax.servlet.http.HttpServletRequest request,
                                @Nonnull
                                javax.servlet.http.HttpServletResponse response)
                                         throws ExternalAuthenticationException,
                                                IOException

Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.

Parameters:

key - the value returned by startExternalAuthentication(HttpServletRequest)

request - servlet request

response - servlet response

Throws:

ExternalAuthenticationException - if an error occurs

IOException - if the redirect cannot be issued

getProfileRequestContext

@Nonnull
public static ProfileRequestContext getProfileRequestContext(@Nonnull@NotEmpty
                                                     String key,
                                                     @Nonnull
                                                     javax.servlet.http.HttpServletRequest request)
                                                      throws ExternalAuthenticationException

Get the ProfileRequestContext associated with a request.

Parameters:

key - the value returned by startExternalAuthentication(HttpServletRequest)

request - servlet request

Returns:

the profile request context

Throws:

ExternalAuthenticationException - if an error occurs

doStart

protected void doStart(@Nonnull
           javax.servlet.http.HttpServletRequest request)
                throws ExternalAuthenticationException

Initialize a request for external authentication by seeking out the information stored in the servlet session and exposing it as request attributes.

Parameters:

request - servlet request

Throws:

ExternalAuthenticationException - if an error occurs

doFinish

protected void doFinish(@Nonnull
            javax.servlet.http.HttpServletRequest request,
            @Nonnull
            javax.servlet.http.HttpServletResponse response)
                 throws ExternalAuthenticationException,
                        IOException

Complete a request for external authentication by seeking out the information stored in request attributes and transferring to the session's conversation state, and then transfer control back to the authentication web flow.

Parameters:

request - servlet request

response - servlet response

Throws:

ExternalAuthenticationException - if an error occurs

IOException - if the redirect cannot be issued

getProfileRequestContext

@Nonnull
protected ProfileRequestContext getProfileRequestContext(@Nonnull
                                                     javax.servlet.http.HttpServletRequest request)
                                                  throws ExternalAuthenticationException

Get the ProfileRequestContext associated with a request.

Parameters:

request - servlet request

Returns:

the profile request context

Throws:

ExternalAuthenticationException - if an error occurs