Package net.shibboleth.idp.plugin.authn.duo.impl
Duo OIDC 2FA login flow implementation classes.
-
Class Summary Class Description DefaultDuoOIDCClientRegistry The default Duo Client registry for mapping aDuoOIDCIntegrationto either a new or existingDuoOIDCClient(assumed thread-safe) singleton instance.DefaultRedirectURICreationStrategy Constructive, pure, function that returns a redirect_uri from one of (ordered): A pre-registered redirect_uri on the Duo integration,DynamicDuoOIDCIntegration.getRegisteredRedirectURI().DuoAudienceClaimLookupStrategy Looks up the audience from the clientID in theDuoOIDCIntegrationinside the context.DuoIssuerClaimLookupStrategy Find the issuer from theDuoOIDCIntegration.DuoNonceClaimLookupStrategy Find the nonce from theDuoAuthenticationContext.DuoOIDCAuthnController MVC controller for managing Duo 2FA exchanges implemented as anExternalAuthenticationmechanism.DuoSupport Helper methods for Duo 2FA.DuoUsernameClaimLookupStrategy Find the authenticating principals username from theDuoAuthenticationContext.ExchangeCodeForDuoToken Action to exchange the authorization code in the Duo 2FA response for a Duo id_token that describes the result of 2FA.HealthCheckDuoOIDCAuthAPI An action that checks the health of the Duo 2FA endpoint for the established Duo integration.PopulateDuoAuthenticationContext An action to create (or lookup) and populate theDuoOIDCAuthenticationContextwith the username, chosenDuoOIDCIntegration, andDuoOIDCClientappropriate for this request.ValidateDuoResponseState Authentication action that validates the Duo response state parameter (which is required in the Duo flow) matches that in the 2FA request.ValidateDuoTokenAuthenticationResult A validation action that checks for a valid Duo authentication token and directly produces anAuthenticationResultbased on the identity described by the token.ValidateDuoTokenAuthenticationResult.DuoOIDCCleanupHook A default cleanup hook that removes theDuoOIDCAuthenticationContextfrom the tree.ValidateExternalAuthenticationContext An action that checks for anExternalAuthenticationContextfor a signaled event via theExternalAuthenticationContext.getAuthnError()method.ValidateTokenClaims Action that validates the claims of the Duo id_token using the suppliedclaims validator.ValidateTokenClaims.DuoOIDAuthenticationContextCleanupHook A cleanup hook that removes the 'nonce' parameter from theDuoOIDCAuthenticationContextso it could not be reused.ValidateTokenSignature Action to validate the JWT signature.