org.picketlink.identity.federation.bindings.wildfly.sp

Class SPFormAuthenticationMechanism

java.lang.Object

io.undertow.security.impl.FormAuthenticationMechanism

io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism

org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism

All Implemented Interfaces:

AuthenticationMechanism

@WebListener
public class SPFormAuthenticationMechanism
extends ServletFormAuthenticationMechanism

PicketLink SP Authentication Mechanism that falls back to FORM

Since:

November 04, 2013

Author:

Anil Saldhana

Nested Class Summary

Nested classes/interfaces inherited from class io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism

ServletFormAuthenticationMechanism.Factory

Nested classes/interfaces inherited from interface io.undertow.security.api.AuthenticationMechanism

AuthenticationMechanism.AuthenticationMechanismOutcome, AuthenticationMechanism.ChallengeResult

Field Summary

Fields

Modifier and Type	Field and Description
protected PicketLinkAuditHelper	auditHelper
protected String	canonicalizationMethod
protected SAML2HandlerChain	chain
protected Map<String,Object>	chainConfigOptions
protected Lock	chainLock A Lock for Handler operations in the chain
protected String	configFile
protected SAMLConfigurationProvider	configProvider The user can inject a fully qualified name of a SAMLConfigurationProvider
protected PicketLinkType	configuration
static String	EMPTY_PASSWORD
protected boolean	enableAudit
static String	FORM_ACCOUNT_NOTE
static String	FORM_REQUEST_NOTE
protected FormParserFactory	formParserFactory
protected String	identityURL
protected X509Certificate	idpCertificate If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata
static String	INITIAL_LOCATION_STORED
protected String	issuerID
protected TrustKeyManager	keyManager
protected String	samlHandlerChainClass
protected boolean	saveRestoreRequest
protected String	serviceURL
protected ServletContext	servletContext
protected SPType	spConfiguration
protected Timer	timer
protected int	timerInterval

Fields inherited from class io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism

FACTORY, SAVE_ORIGINAL_REQUEST

Fields inherited from class io.undertow.security.impl.FormAuthenticationMechanism

DEFAULT_POST_LOCATION, LOCATION_ATTRIBUTE

Constructor Summary

Constructors

Constructor and Description
SPFormAuthenticationMechanism(FormParserFactory parserFactory, String name, String loginPage, String errorPage, ServletContext servletContext, PicketLinkType configuration, PicketLinkAuditHelper auditHelper)
SPFormAuthenticationMechanism(FormParserFactory parserFactory, String name, String loginPage, String errorPage, ServletContext servletContext, SAMLConfigurationProvider configProvider, PicketLinkAuditHelper auditHelper)

Method Summary

Modifier and Type	Method and Description
void	audit(PicketLinkAuditEvent event)
AuthenticationMechanism.AuthenticationMechanismOutcome	authenticate(HttpServerExchange exchange, SecurityContext securityContext) Perform authentication of the request.
protected boolean	doSupportSignature() Indicates if digital signatures/validation of SAML assertions are enabled.
String	getIdentityURL() Get the Identity URL
protected IDPSSODescriptorType	getIdpMetadataFromFile(SPType configuration)
protected IDPSSODescriptorType	getIDPSSODescriptor(EntitiesDescriptorType entities)
protected IDPSSODescriptorType	handleMetadata(EntitiesDescriptorType entities)
protected IDPSSODescriptorType	handleMetadata(EntityDescriptorType entityDescriptor)
AuthenticationMechanism.AuthenticationMechanismOutcome	handleSAML11UnsolicitedResponse(HttpServletRequest request, HttpServletResponse response, SecurityContext securityContext)
protected void	initializeHandlerChain()
protected void	initKeyProvider(ServletContext context) Initialize the KeyProvider configurations.
protected boolean	isHttpPostBinding() Indicates if the SP is configure with HTTP POST Binding.
protected AuthenticationMechanism.AuthenticationMechanismOutcome	localAuthentication(HttpServerExchange httpServerExchange, SecurityContext securityContext) Fall back on local authentication at the service provider side
protected boolean	matchRequest(HttpServletRequest request)
protected void	populateChainConfig()
protected void	processConfiguration()
protected void	register(SecurityContext securityContext, Account account)
protected String	savedRequestURL(HttpSession session)
AuthenticationMechanism.ChallengeResult	sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) Send an authentication challenge to the remote client.
protected boolean	sessionIsValid(HttpSession session)
protected void	startPicketLink()

Methods inherited from class io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism

handleRedirectBack, servePage, storeInitialLocation, storeInitialLocation

Methods inherited from class io.undertow.security.impl.FormAuthenticationMechanism

runFormAuth

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

INITIAL_LOCATION_STORED

public static final String INITIAL_LOCATION_STORED

See Also:

Constant Field Values

samlHandlerChainClass

protected transient String samlHandlerChainClass

servletContext

protected final ServletContext servletContext

chainConfigOptions

protected Map<String,Object> chainConfigOptions

configProvider

protected SAMLConfigurationProvider configProvider

The user can inject a fully qualified name of a SAMLConfigurationProvider

idpCertificate

protected transient X509Certificate idpCertificate

If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata

timerInterval

protected int timerInterval

timer

protected Timer timer

EMPTY_PASSWORD

public static final String EMPTY_PASSWORD

See Also:

Constant Field Values

enableAudit

protected boolean enableAudit

FORM_ACCOUNT_NOTE

public static final String FORM_ACCOUNT_NOTE

See Also:

Constant Field Values

FORM_REQUEST_NOTE

public static final String FORM_REQUEST_NOTE

See Also:

Constant Field Values

chain

protected transient SAML2HandlerChain chain

spConfiguration

protected SPType spConfiguration

configuration

protected PicketLinkType configuration

serviceURL

protected String serviceURL

identityURL

protected String identityURL

issuerID

protected String issuerID

configFile

protected String configFile

saveRestoreRequest

protected boolean saveRestoreRequest

chainLock

protected Lock chainLock

A Lock for Handler operations in the chain

canonicalizationMethod

protected String canonicalizationMethod

auditHelper

protected PicketLinkAuditHelper auditHelper

keyManager

protected TrustKeyManager keyManager

formParserFactory

protected FormParserFactory formParserFactory

Constructor Detail

SPFormAuthenticationMechanism

public SPFormAuthenticationMechanism(FormParserFactory parserFactory,
                                     String name,
                                     String loginPage,
                                     String errorPage,
                                     ServletContext servletContext,
                                     PicketLinkType configuration,
                                     PicketLinkAuditHelper auditHelper)

SPFormAuthenticationMechanism

public SPFormAuthenticationMechanism(FormParserFactory parserFactory,
                                     String name,
                                     String loginPage,
                                     String errorPage,
                                     ServletContext servletContext,
                                     SAMLConfigurationProvider configProvider,
                                     PicketLinkAuditHelper auditHelper)
                              throws ProcessingException

Throws:

ProcessingException

Method Detail

sendChallenge

public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange exchange,
                                                             SecurityContext securityContext)

Description copied from interface: AuthenticationMechanism

Send an authentication challenge to the remote client.

The individual mechanisms should update the response headers and body of the message as appropriate however they should not set the response code, instead that should be indicated in the AuthenticationMechanism.ChallengeResult and the most appropriate overall response code will be selected. This method should not return null.

Specified by:

sendChallenge in interface AuthenticationMechanism

Overrides:

sendChallenge in class FormAuthenticationMechanism

Parameters:

exchange - The exchange

securityContext - The security context

Returns:

A AuthenticationMechanism.ChallengeResult indicating if a challenge was sent and the desired response code.

authenticate

public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange,
                                                                           SecurityContext securityContext)

Description copied from interface: AuthenticationMechanism

Perform authentication of the request. Any potentially blocking work should be performed in the handoff executor provided

Specified by:

authenticate in interface AuthenticationMechanism

Overrides:

authenticate in class FormAuthenticationMechanism

Parameters:

exchange - The exchange

Returns:

matchRequest

protected boolean matchRequest(HttpServletRequest request)

register

protected void register(SecurityContext securityContext,
                        Account account)

localAuthentication

protected AuthenticationMechanism.AuthenticationMechanismOutcome localAuthentication(HttpServerExchange httpServerExchange,
                                                                                     SecurityContext securityContext)
                                                                              throws IOException

Fall back on local authentication at the service provider side

Parameters:

httpServerExchange -

securityContext -

Returns:

Throws:

IOException

isHttpPostBinding

protected boolean isHttpPostBinding()

Indicates if the SP is configure with HTTP POST Binding.

Returns:

sessionIsValid

protected boolean sessionIsValid(HttpSession session)

savedRequestURL

protected String savedRequestURL(HttpSession session)

startPicketLink

protected void startPicketLink()

initKeyProvider

protected void initKeyProvider(ServletContext context)

Initialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.

Parameters:

context -

doSupportSignature

protected boolean doSupportSignature()

Indicates if digital signatures/validation of SAML assertions are enabled. Subclasses that supports signature should override this method.

Returns:

processConfiguration

protected void processConfiguration()

getIdpMetadataFromFile

protected IDPSSODescriptorType getIdpMetadataFromFile(SPType configuration)

handleMetadata

protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entities)

getIDPSSODescriptor

protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entities)

handleMetadata

protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptor)

initializeHandlerChain

protected void initializeHandlerChain()
                               throws ConfigurationException,
                                      ProcessingException

Throws:

ConfigurationException

ProcessingException

populateChainConfig

protected void populateChainConfig()
                            throws ConfigurationException,
                                   ProcessingException

Throws:

ConfigurationException

ProcessingException

handleSAML11UnsolicitedResponse

public AuthenticationMechanism.AuthenticationMechanismOutcome handleSAML11UnsolicitedResponse(HttpServletRequest request,
                                                                                              HttpServletResponse response,
                                                                                              SecurityContext securityContext)

audit

public void audit(PicketLinkAuditEvent event)

getIdentityURL

public String getIdentityURL()

Get the Identity URL

Returns: