Class ProcessRequestedAuthnContext
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction<com.nimbusds.openid.connect.sdk.AuthenticationRequest>
-
- net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationRequestAction
-
- net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction
-
- net.shibboleth.idp.plugin.oidc.op.profile.impl.ProcessRequestedAuthnContext
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class ProcessRequestedAuthnContext extends AbstractOIDCAuthenticationResponseAction
An action that creates anRequestedPrincipalContextorPreferredPrincipalContextand attaches it to the currentAuthenticationContext.If the incoming message contains acr values we create principal context populated with matching
AuthenticationContextClassReferencePrincipal. Acr values may be be given in acr_values request parameter or as requested id token claim (acr) in requested claims parameter. If they are given in both, the outcome is unspecified. Essential acrs are set toRequestedPrincipalContextand non-essential ones toPreferredPrincipalContext.
-
-
Field Summary
Fields Modifier and Type Field Description private Predicate<ProfileRequestContext>acrAlwaysEssentialLookupStrategyStrategy used to obtain whether all arc claims requests should be treated as Essential.private com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest.EntryacrClaimrequested acr claim.private Function<ProfileRequestContext,List<com.nimbusds.openid.connect.sdk.claims.ACR>>acrLookupStrategyStrategy used to obtain the requested acr values.private List<com.nimbusds.openid.connect.sdk.claims.ACR>acrValuesacr values.private net.shibboleth.idp.authn.context.AuthenticationContextauthenticationContextAuthentication context.private org.slf4j.LoggerlogClass logger.
-
Constructor Summary
Constructors Constructor Description ProcessRequestedAuthnContext()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext)protected booleandoPreExecute(ProfileRequestContext profileRequestContext)voidsetAcrAlwaysEssentialLookupStrategy(Predicate<ProfileRequestContext> strategy)Set the strategy used to obtain whether all arc claims requests should be treated as Essential.voidsetAcrLookupStrategy(Function<ProfileRequestContext,List<com.nimbusds.openid.connect.sdk.claims.ACR>> strategy)Set the strategy used to locate the requested acr values.-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction
getMetadataContext, getOidcResponseContext
-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationRequestAction
getAuthenticationRequest
-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction
getRequest
-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
acrLookupStrategy
@Nonnull private Function<ProfileRequestContext,List<com.nimbusds.openid.connect.sdk.claims.ACR>> acrLookupStrategy
Strategy used to obtain the requested acr values.
-
acrAlwaysEssentialLookupStrategy
@Nonnull private Predicate<ProfileRequestContext> acrAlwaysEssentialLookupStrategy
Strategy used to obtain whether all arc claims requests should be treated as Essential.
-
authenticationContext
@Nullable private net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext
Authentication context.
-
acrValues
private List<com.nimbusds.openid.connect.sdk.claims.ACR> acrValues
acr values.
-
acrClaim
private com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest.Entry acrClaim
requested acr claim.
-
-
Method Detail
-
setAcrLookupStrategy
public void setAcrLookupStrategy(@Nonnull Function<ProfileRequestContext,List<com.nimbusds.openid.connect.sdk.claims.ACR>> strategy)Set the strategy used to locate the requested acr values.- Parameters:
strategy- lookup strategy
-
setAcrAlwaysEssentialLookupStrategy
public void setAcrAlwaysEssentialLookupStrategy(@Nonnull Predicate<ProfileRequestContext> strategy)Set the strategy used to obtain whether all arc claims requests should be treated as Essential.- Parameters:
strategy- lookup strategy
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doPreExecutein classAbstractOIDCAuthenticationResponseAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doExecutein classAbstractProfileAction
-
-