Index (Shibboleth IdP :: Plugins :: Duo 2FA Login Flow Impl 1.1.1 API)

A B C D E G H I L N P R S T U V
All Classes All Packages

A

accept(ProfileRequestContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult.DuoOIDCCleanupHook
accept(ProfileRequestContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims.DuoOIDAuthenticationContextCleanupHook
apply(HttpServletRequest, DynamicDuoOIDCIntegration) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultRedirectURICreationStrategy
apply(DuoOIDCIntegration) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry.CreateNewClientMappingFunction
apply(ProfileRequestContext, JWTClaimsSet) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoAudienceClaimLookupStrategy
apply(ProfileRequestContext, JWTClaimsSet) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoIssuerClaimLookupStrategy
apply(ProfileRequestContext, JWTClaimsSet) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoNonceClaimLookupStrategy
apply(ProfileRequestContext, JWTClaimsSet) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoUsernameClaimLookupStrategy
authorizationCallback(HttpServletRequest, HttpServletResponse) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: The redirect_uri endpoint for accepting an authorization code and resuming the flow execution.
authorizationRequest(HttpServletRequest, HttpServletResponse) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: Start the Duo ODIC authorization code flow.

B

blankState(DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoResponseState: Set the request and response states to null so they can't be reused.
buildAuthenticationResult(ProfileRequestContext, AuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult

C

callbackServletPath - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultRedirectURICreationStrategy: The path, excluding the context and servlet paths, to the Duo callback handler.
claimSet - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: The parsed claimset.
claimsSet - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: The parsed claimset.
claimsSet - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims: The parsed claimset.
claimsValidator - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims: The JWT claims validator used to verify the claimsset.
cleanupHook - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims: A cleanup hook to execute after either a successful or unsuccessful claims validation.
clientFactory - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Factory to produce Duo clients.
clientRegistry - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Registry of Duo client to Duo integration.
clientRegistry - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: The registry for locating the DuoClient for the established integration.
clientRegistryMappingFunction - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Function for creating a DuoClient from a DuoIntegration.
CODE_PARAMETER - Static variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: The name of the Http parameter that stores the authorisation code.
computeAndStoreRedirectURIIfSupported(DuoOIDCIntegration, HttpServletRequest, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: For DynamicDuoOIDCIntegrations, apply the redirect_uri creation strategy to compute a redirect_uri to use.
contextToPrincipalMappingStrategy - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: Hook to map context information (often Duo factors in the Duo token) to principal collections.
CreateNewClientMappingFunction() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry.CreateNewClientMappingFunction

D

DEFAULT_ISSUER_PATH - Static variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoIssuerClaimLookupStrategy: The default issuer path, specific to the v1 Duo flow.
DefaultDuoOIDCClientRegistry - Class in net.shibboleth.idp.plugin.authn.duo.impl: The default Duo Client registry for mapping a DuoOIDCIntegration to either a new or existing DuoOIDCClient (assumed thread-safe) singleton instance.
DefaultDuoOIDCClientRegistry() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Constructor.
DefaultDuoOIDCClientRegistry.CreateNewClientMappingFunction - Class in net.shibboleth.idp.plugin.authn.duo.impl: A function for creating a new Duo client from the configured client factory for the given Duo integration.
DefaultRedirectURICreationStrategy - Class in net.shibboleth.idp.plugin.authn.duo.impl: Constructive, pure, function that returns a redirect_uri from one of (ordered): A pre-registered redirect_uri on the Duo integration, DynamicDuoOIDCIntegration.getRegisteredRedirectURI().
DefaultRedirectURICreationStrategy(String) - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DefaultRedirectURICreationStrategy: Constructor.
doExecute(ProfileRequestContext, AuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext
doExecute(ProfileRequestContext, AuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult
doExecute(ProfileRequestContext, AuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateExternalAuthenticationContext
doExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ExchangeCodeForDuoToken
doExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.HealthCheckDuoOIDCAuthAPI
doExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoResponseState
doExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims
doExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature
doInitialize() - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry
doInitialize() - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext
doInitialize() - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims
doPreExecute(ProfileRequestContext, AuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult
doPreExecute(ProfileRequestContext, AuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateExternalAuthenticationContext
doPreExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims
doPreExecute(ProfileRequestContext, AuthenticationContext, DuoOIDCAuthenticationContext) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature
DuoAudienceClaimLookupStrategy - Class in net.shibboleth.idp.plugin.authn.duo.impl: Looks up the audience from the clientID in the DuoOIDCIntegration inside the context.
DuoAudienceClaimLookupStrategy() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DuoAudienceClaimLookupStrategy
duoAuthContextCreationStrategy - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Strategy used to locate or create the DuoOIDCAuthenticationContext to populate.
duoContext - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: Duo authentiction context.
duoContextLookupStrategy - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: Lookup strategy to locate the Duo authentication context.
duoIntegrationLookupStrategy - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Lookup strategy for Duo integration.
DuoIssuerClaimLookupStrategy - Class in net.shibboleth.idp.plugin.authn.duo.impl: Find the issuer from the DuoOIDCIntegration.
DuoIssuerClaimLookupStrategy(String) - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DuoIssuerClaimLookupStrategy: Constructor.
DuoNonceClaimLookupStrategy - Class in net.shibboleth.idp.plugin.authn.duo.impl: Find the nonce from the DuoAuthenticationContext.
DuoNonceClaimLookupStrategy() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DuoNonceClaimLookupStrategy
DuoOIDAuthenticationContextCleanupHook() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims.DuoOIDAuthenticationContextCleanupHook
DuoOIDCAuthnController - Class in net.shibboleth.idp.plugin.authn.duo.impl: MVC controller for managing Duo 2FA exchanges implemented as an ExternalAuthentication mechanism.
DuoOIDCAuthnController() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: Constructor.
DuoOIDCCleanupHook() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult.DuoOIDCCleanupHook
DuoSupport - Class in net.shibboleth.idp.plugin.authn.duo.impl: Helper methods for Duo 2FA.
DuoSupport() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DuoSupport: Private Constructor.
DuoUsernameClaimLookupStrategy - Class in net.shibboleth.idp.plugin.authn.duo.impl: Find the authenticating principals username from the DuoAuthenticationContext.
DuoUsernameClaimLookupStrategy() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.DuoUsernameClaimLookupStrategy

E

ExchangeCodeForDuoToken - Class in net.shibboleth.idp.plugin.authn.duo.impl: Action to exchange the authorization code in the Duo 2FA response for a Duo id_token that describes the result of 2FA.
ExchangeCodeForDuoToken() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ExchangeCodeForDuoToken
extContext - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateExternalAuthenticationContext: Context containing the result to examine.
extractKeyFromState(String) - Static method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoSupport: Extract the key component from the state.
extractNonceFromState(String) - Static method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoSupport: Extract the nonce component from the state.

G

generateNonce(Integer) - Static method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoSupport: Generates a random identifier to be used as a nonce.
generateState(String, String) - Static method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoSupport: Generate a state parameter from a nonce component and an execution key component.
getClientFactory() - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Internally synchronized method for obtaining the 'current' client factory.
getClientOrCreate(DuoOIDCIntegration) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry
getContextToPrincipalMappingStrategy() - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: Get the context to principal mapping strategy for mapping context information into principal collections e.g.
getDuoContextLookupStrategy() - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: Internally synchronized method for accessing the Duo context lookup strategy.

H

HealthCheckDuoOIDCAuthAPI - Class in net.shibboleth.idp.plugin.authn.duo.impl: An action that checks the health of the Duo 2FA endpoint for the established Duo integration.
HealthCheckDuoOIDCAuthAPI() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.HealthCheckDuoOIDCAuthAPI
HTTPS - Static variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoIssuerClaimLookupStrategy: HTTPS scheme protocol.

I

integration - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: The Duo integration appropriate for this request.
issuerPath - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoIssuerClaimLookupStrategy: The URL path component of the issuer.

L

log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry.CreateNewClientMappingFunction: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultRedirectURICreationStrategy: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ExchangeCodeForDuoToken: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.HealthCheckDuoOIDCAuthAPI: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoResponseState: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateExternalAuthenticationContext: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims: Class logger.
log - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: Class logger.

N

net.shibboleth.idp.plugin.authn.duo.impl - package net.shibboleth.idp.plugin.authn.duo.impl: Duo OIDC 2FA login flow implementation classes.

P

PopulateDuoAuthenticationContext - Class in net.shibboleth.idp.plugin.authn.duo.impl: An action to create (or lookup) and populate the DuoOIDCAuthenticationContext with the username, chosen DuoOIDCIntegration, and DuoOIDCClient appropriate for this request.
PopulateDuoAuthenticationContext() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Constructor.
populateSubject(Subject) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult
prc - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: The profile request context.

R

redirectURICreationStrategy - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Strategy used to compute the redirectURI from the given Duo integration if supported.

S

setClaimsValidator(JWTClaimsValidation) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims: Set the JWT claims verifier to use.
setCleanupHook(Consumer<ProfileRequestContext>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims: Set the cleanup hook to execute after either a successful or unsuccessful claims validation.
setClientFactory(DuoOIDCClientFactory) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoOIDCClientRegistry: Set the client factory to use.
setClientRegistry(DuoOIDCClientRegistry) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Set the Duo client registry.
setContextToPrincipalMappingStrategy(Function<ProfileRequestContext, Collection<Principal>>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: Set the context to principal mapping strategy for mapping context information into principal collections e.g.
setDuoContextCreationStrategy(Function<ProfileRequestContext, DuoOIDCAuthenticationContext>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Set the strategy used to locate the DuoOIDCAuthenticationContext to operate on.
setDuoContextLookupStrategy(Function<ProfileRequestContext, DuoOIDCAuthenticationContext>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: Set Duo authentication context lookup strategy to use.
setDuoIntegrationLookupStrategy(Function<ProfileRequestContext, DuoOIDCIntegration>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Set DuoIntegration lookup strategy to use.
setRedirectURICreationStrategy(BiFunction<HttpServletRequest, DynamicDuoOIDCIntegration, String>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Set the redirect URI creation strategy.
setSignatureAlgorithm(JWSAlgorithm) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: Set the signature algorithm to use.
setUsernameLookupStrategy(Function<ProfileRequestContext, String>) - Method in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Set the lookup strategy to use for the username to match against Duo identity.
signatureAlgorithm - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: The signature algorithm used.
STATE_PARAMETER - Static variable in class net.shibboleth.idp.plugin.authn.duo.impl.DuoOIDCAuthnController: The name of the Http parameter that stores the state value.
SUPPORTED_SIGNATURE_FAMILY - Static variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: The HMAC 'family' of signature algorithms is the only supported, based on the shared secret in the client integration.

T

token - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: The Duo authentication token.

U

username - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult: Attempted username.
usernameLookupStrategy - Variable in class net.shibboleth.idp.plugin.authn.duo.impl.PopulateDuoAuthenticationContext: Lookup strategy for username to match against Duo identity.

V

ValidateDuoResponseState - Class in net.shibboleth.idp.plugin.authn.duo.impl: Authentication action that validates the Duo response state parameter (which is required in the Duo flow) matches that in the 2FA request.
ValidateDuoResponseState() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoResponseState
ValidateDuoTokenAuthenticationResult - Class in net.shibboleth.idp.plugin.authn.duo.impl: A validation action that checks for a valid Duo authentication token and directly produces an AuthenticationResult based on the identity described by the token.
ValidateDuoTokenAuthenticationResult() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoTokenAuthenticationResult
ValidateDuoTokenAuthenticationResult.DuoOIDCCleanupHook - Class in net.shibboleth.idp.plugin.authn.duo.impl: A default cleanup hook that removes the DuoOIDCAuthenticationContext from the tree.
ValidateExternalAuthenticationContext - Class in net.shibboleth.idp.plugin.authn.duo.impl: An action that checks for an ExternalAuthenticationContext for a signaled event via the ExternalAuthenticationContext.getAuthnError() method.
ValidateExternalAuthenticationContext() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateExternalAuthenticationContext
ValidateTokenClaims - Class in net.shibboleth.idp.plugin.authn.duo.impl: Action that validates the claims of the Duo id_token using the supplied claims validator.
ValidateTokenClaims() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenClaims
ValidateTokenClaims.DuoOIDAuthenticationContextCleanupHook - Class in net.shibboleth.idp.plugin.authn.duo.impl: A cleanup hook that removes the 'nonce' parameter from the DuoOIDCAuthenticationContext so it could not be reused.
ValidateTokenSignature - Class in net.shibboleth.idp.plugin.authn.duo.impl: Action to validate the JWT signature.
ValidateTokenSignature() - Constructor for class net.shibboleth.idp.plugin.authn.duo.impl.ValidateTokenSignature: Constructor.

A B C D E G H I L N P R S T U V
All Classes All Packages