Class ValidateDuoResponseState
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.idp.authn.AbstractAuthenticationAction
-
- net.shibboleth.idp.plugin.authn.duo.AbstractDuoAuthenticationAction
-
- net.shibboleth.idp.plugin.authn.duo.impl.ValidateDuoResponseState
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class ValidateDuoResponseState extends AbstractDuoAuthenticationAction
Authentication action that validates the Duo response state parameter (which is required in the Duo flow) matches that in the 2FA request.- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.NO_CREDENTIALS- Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class, false) != null,AuthenticationContext.getSubcontext(DuoOIDCAuthenticationContext.class, false) != null
-
-
Field Summary
Fields Modifier and Type Field Description private org.slf4j.LoggerlogClass logger.
-
Constructor Summary
Constructors Constructor Description ValidateDuoResponseState()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private voidblankState(DuoOIDCAuthenticationContext context)Set the request and response states to null so they can't be reused.protected voiddoExecute(ProfileRequestContext profileRequestContext, net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext, DuoOIDCAuthenticationContext duoContext)-
Methods inherited from class net.shibboleth.idp.plugin.authn.duo.AbstractDuoAuthenticationAction
doExecute, doPreExecute, doPreExecute, setDuoContextLookupStrategy
-
Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull @NotEmpty private final org.slf4j.Logger log
Class logger.
-
-
Method Detail
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext, @Nonnull DuoOIDCAuthenticationContext duoContext)- Overrides:
doExecutein classAbstractDuoAuthenticationAction
-
blankState
private void blankState(@Nonnull DuoOIDCAuthenticationContext context)Set the request and response states to null so they can't be reused. There is no control on how long they persist in-memory.- Parameters:
context- the duo context.
-
-