Package net.shibboleth.idp.plugin.authn.duo.impl

Class PopulateDuoAuthenticationContext

    • Constructor Detail

      • PopulateDuoAuthenticationContext

        public PopulateDuoAuthenticationContext()
        Constructor.

    • Method Detail

      • setClientRegistry

        public void setClientRegistry​(@Nonnull
                              DuoOIDCClientRegistry duoRegistry)
        Set the Duo client registry.
        Parameters:
        duoRegistry - the registry

      • setUsernameLookupStrategy

        public void setUsernameLookupStrategy​(@Nonnull
                                      Function<ProfileRequestContext,​String> strategy)
        Set the lookup strategy to use for the username to match against Duo identity.
        Parameters:
        strategy - lookup strategy

      • setRedirectURICreationStrategy

        public void setRedirectURICreationStrategy​(@Nonnull
                                           BiFunction<javax.servlet.http.HttpServletRequest,​DynamicDuoOIDCIntegration,​String> strategy)
        Set the redirect URI creation strategy. The strategy is free to use or create a redirectURI based either on runtime parameters, or static information in the DuoOIDCIntegration.
        Parameters:
        strategy - the creation strategy.

      • setDuoIntegrationLookupStrategy

        public void setDuoIntegrationLookupStrategy​(@Nonnull
                                            Function<ProfileRequestContext,​DuoOIDCIntegration> strategy)
        Set DuoIntegration lookup strategy to use.
        Parameters:
        strategy - lookup strategy

      • doExecute

        protected void doExecute​(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)
        Overrides:
        doExecute in class net.shibboleth.idp.authn.AbstractAuthenticationAction

      • computeAndStoreRedirectURIIfSupported

        private void computeAndStoreRedirectURIIfSupported​(@Nonnull
                                                   DuoOIDCIntegration duoIntegration,
                                                   @Nonnull
                                                   javax.servlet.http.HttpServletRequest request,
                                                   @Nonnull
                                                   DuoOIDCAuthenticationContext context)
                                            throws DuoException

        For DynamicDuoOIDCIntegrations, apply the redirect_uri creation strategy to compute a redirect_uri to use.

        The redirect_uri is computed for each request, but is only set once as the usable redirect_uri on the integration itself i.e. for the client to read using DuoOIDCIntegration.getRedirectURI(). This allows all clients to see a computed (by the redirectURICreationStrategy) redirect_uri from the first request onward.

        The computed redirect_uri is also added to the context as an override redirect_uri which - if supported by the client - can be used dynamically when creating authorization or token exchange requests.

        Parameters:
        duoIntegration - the Duo integration pertaining to this request.
        request - the http servlet request.
        context - the Duo authentication context to store the computed override redirect_uri.
        Throws:
        DuoException - if the redirect_uri could not be created by the strategy.