/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (!authenticationContext.isPassive()) { log.debug("{} Request does not have passive requirement, nothing to do", getLogPrefix()); return false; } return super.doPreExecute(profileRequestContext, authenticationContext); }
/** {@inheritDoc} */ @SuppressWarnings("deprecation") @Override protected void doStart(@Nonnull final HttpServletRequest request) throws ExternalAuthenticationException { final AuthenticationContext authnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (authnContext == null) { throw new ExternalAuthenticationException("No AuthenticationContext found"); } else if (authnContext.getAttemptedFlow() == null) { throw new ExternalAuthenticationException("No attempted authentication flow set"); } request.setAttribute(ProfileRequestContext.BINDING_KEY, profileRequestContext); request.setAttribute(EXTENDED_FLOW_PARAM, extendedFlow); request.setAttribute(PASSIVE_AUTHN_PARAM, authnContext.isPassive()); request.setAttribute(FORCE_AUTHN_PARAM, authnContext.isForceAuthn()); final Collection<Principal> principals = authnContext.getAttemptedFlow().getSupportedPrincipals(); if (!principals.isEmpty()) { request.setAttribute(AUTHN_METHOD_PARAM, principals.iterator().next().getName()); } final RelyingPartyContext rpCtx = relyingPartyContextLookupStrategy.apply(profileRequestContext); if (rpCtx != null) { request.setAttribute(RELYING_PARTY_PARAM, rpCtx.getRelyingPartyId()); } }
/** * Return the first inactive potential flow not found in the intermediate flows collection that applies * to the request. * * @param profileRequestContext the current profile request context * @param authenticationContext the current authentication context * @return an eligible flow, or null */ @Nullable private AuthenticationFlowDescriptor getUnattemptedInactiveFlow( @Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { AuthenticationFlowDescriptor selectedFlow = null; for (final AuthenticationFlowDescriptor flow : authenticationContext.getPotentialFlows().values()) { if (!authenticationContext.getIntermediateFlows().containsKey(flow.getId())) { if (!authenticationContext.isPassive() || flow.isPassiveAuthenticationSupported()) { if (flow.apply(profileRequestContext)) { selectedFlow = flow; if (preferredPrincipalCtx == null || preferredPrincipalCtx.isAcceptable(flow)) { break; } } } } } return selectedFlow; }
if (!authenticationContext.getIntermediateFlows().containsKey(descriptor.getId()) && predicate.apply(descriptor) && descriptor.apply(profileRequestContext)) { if (!authenticationContext.isPassive() || descriptor.isPassiveAuthenticationSupported()) { selectInactiveFlow(profileRequestContext, authenticationContext, descriptor); return; authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.REQUEST_UNSUPPORTED);
log.error("{} Targeted login flow '{}' is not configured, check available flow descriptors", getLogPrefix(), flowId); ActionSupport.buildEvent(profileRequestContext, authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.NO_POTENTIAL_FLOW); return; if (authenticationContext.isPassive() && !flow.isPassiveAuthenticationSupported()) { log.error("{} Targeted login flow '{}' does not support passive authentication", getLogPrefix(), flowId); log.error("{} Targeted login flow '{}' does not support non-browser authentication", getLogPrefix(), flowId); ActionSupport.buildEvent(profileRequestContext, authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.REQUEST_UNSUPPORTED); return;
if (result == null || !descriptor.getReuseCondition().apply(profileRequestContext) || !predicate.apply(result)) { if (!authenticationContext.isPassive() || descriptor.isPassiveAuthenticationSupported()) { selectInactiveFlow(profileRequestContext, authenticationContext, descriptor); authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.REQUEST_UNSUPPORTED);
log.info("{} No potential flows left to choose from, authentication failed", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.NO_POTENTIAL_FLOW); return; log.info("{} No potential flows left to choose from, authentication failed", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.NO_POTENTIAL_FLOW); return;
authenticationContext.getSignaledFlowId()); ActionSupport.buildEvent(profileRequestContext, authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.NO_POTENTIAL_FLOW); authenticationContext.setSignaledFlowId(null); return; if (authenticationContext.isPassive() && !flow.isPassiveAuthenticationSupported()) { log.error("{} Signaled flow {} does not support passive authentication", getLogPrefix(), flow.getId()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_PASSIVE); authenticationContext.isPassive() ? AuthnEventIds.NO_PASSIVE : AuthnEventIds.NO_POTENTIAL_FLOW);