/** * Locate a custom {@link Principal} matching a string, supported by the flow descriptor. * * @param descriptor flow descriptor * @param method method string * * @return a custom {@link Principal} or null */ @Nullable public Principal getPrincipal(@Nonnull final AuthenticationFlowDescriptor descriptor, @Nonnull @NotEmpty final String method) { for (final Principal p :descriptor.getSupportedPrincipals()) { if (p.getName().equals(method)) { return p; } } return null; }
/** * Process requested acr values if any. * * @param authorizationRequest the authorization request * @param principals the principals */ private void processRequestedAcrValuesIfAny(final AuthorizationRequest authorizationRequest, final List<Principal> principals) { if (authorizationRequest.getExtensions().containsKey(OIDCConstants.ACR_VALUES)) { final String[] acrValues = authorizationRequest.getExtensions() .get(OIDCConstants.ACR_VALUES).toString().split(" "); for (final String acrValue : acrValues) { final AuthnContextClassRefPrincipal requestedPrincipal = new AuthnContextClassRefPrincipal(acrValue.trim()); for (final AuthenticationFlowDescriptor flow : this.availableAuthenticationFlows) { if (!principals.contains(requestedPrincipal) && flow.getSupportedPrincipals().contains(requestedPrincipal)) { principals.add(requestedPrincipal); } } } } }
/** {@inheritDoc} */ @SuppressWarnings("deprecation") @Override protected void doStart(@Nonnull final HttpServletRequest request) throws ExternalAuthenticationException { final AuthenticationContext authnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (authnContext == null) { throw new ExternalAuthenticationException("No AuthenticationContext found"); } else if (authnContext.getAttemptedFlow() == null) { throw new ExternalAuthenticationException("No attempted authentication flow set"); } request.setAttribute(ProfileRequestContext.BINDING_KEY, profileRequestContext); request.setAttribute(EXTENDED_FLOW_PARAM, extendedFlow); request.setAttribute(PASSIVE_AUTHN_PARAM, authnContext.isPassive()); request.setAttribute(FORCE_AUTHN_PARAM, authnContext.isForceAuthn()); final Collection<Principal> principals = authnContext.getAttemptedFlow().getSupportedPrincipals(); if (!principals.isEmpty()) { request.setAttribute(AUTHN_METHOD_PARAM, principals.iterator().next().getName()); } final RelyingPartyContext rpCtx = relyingPartyContextLookupStrategy.apply(profileRequestContext); if (rpCtx != null) { request.setAttribute(RELYING_PARTY_PARAM, rpCtx.getRelyingPartyId()); } }
/** * Compare the flow's custom principal names to the string values of the attribute. * * @param flow flow to examine * * @return a match between the flow's principal names and the attribute's string values, or null */ @Nullable private String getMatch(@Nonnull final AuthenticationFlowDescriptor flow) { log.debug("{} Looking for match for flow {} against values for attribute {}", getLogPrefix(), flow.getId(), attribute.getId()); for (final Principal p : flow.getSupportedPrincipals()) { log.debug("{} Comparing principal {} against attribute values {}", getLogPrefix(), p.getName(), attribute.getValues()); for (final IdPAttributeValue val : attribute.getValues()) { if (val instanceof StringAttributeValue && Objects.equals(val.getValue(), p.getName())) { return p.getName(); } } } return null; }
log.debug("{} Adding custom Principal(s) defined on underlying flow descriptor", getLogPrefix()); getSubject().getPrincipals().addAll( authenticationContext.getAttemptedFlow().getSupportedPrincipals());