/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final Map<String, AuthenticationFlowDescriptor> potentialFlows = authenticationContext.getPotentialFlows(); final Iterator<Entry<String, AuthenticationFlowDescriptor>> descriptorItr = potentialFlows.entrySet().iterator(); while (descriptorItr.hasNext()) { final AuthenticationFlowDescriptor descriptor = descriptorItr.next().getValue(); if (descriptor.isPassiveAuthenticationSupported()) { log.debug("{} Retaining flow {}, it supports passive authentication", getLogPrefix(), descriptor.getId()); } else { log.debug("{} Removing flow {}, it does not support passive authentication", getLogPrefix(), descriptor.getId()); descriptorItr.remove(); } } if (potentialFlows.size() == 0) { log.info("{} No potential authentication flows remain after filtering", getLogPrefix()); } else { log.debug("{} Potential authentication flows left after filtering: {}", getLogPrefix(), potentialFlows); } } }
/** * Return the first inactive potential flow not found in the intermediate flows collection that applies * to the request. * * @param profileRequestContext the current profile request context * @param authenticationContext the current authentication context * @return an eligible flow, or null */ @Nullable private AuthenticationFlowDescriptor getUnattemptedInactiveFlow( @Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { AuthenticationFlowDescriptor selectedFlow = null; for (final AuthenticationFlowDescriptor flow : authenticationContext.getPotentialFlows().values()) { if (!authenticationContext.getIntermediateFlows().containsKey(flow.getId())) { if (!authenticationContext.isPassive() || flow.isPassiveAuthenticationSupported()) { if (flow.apply(profileRequestContext)) { selectedFlow = flow; if (preferredPrincipalCtx == null || preferredPrincipalCtx.isAcceptable(flow)) { break; } } } } } return selectedFlow; }
if (!authenticationContext.getIntermediateFlows().containsKey(descriptor.getId()) && predicate.apply(descriptor) && descriptor.apply(profileRequestContext)) { if (!authenticationContext.isPassive() || descriptor.isPassiveAuthenticationSupported()) { selectInactiveFlow(profileRequestContext, authenticationContext, descriptor); return;
|| !predicate.apply(result)) { if (!authenticationContext.isPassive() || descriptor.isPassiveAuthenticationSupported()) { selectInactiveFlow(profileRequestContext, authenticationContext, descriptor); return;
if (authenticationContext.isPassive() && !flow.isPassiveAuthenticationSupported()) { log.error("{} Targeted login flow '{}' does not support passive authentication", getLogPrefix(), flowId);
if (authenticationContext.isPassive() && !flow.isPassiveAuthenticationSupported()) { log.error("{} Signaled flow {} does not support passive authentication", getLogPrefix(), flow.getId()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_PASSIVE);