Package com.pingidentity.sdk

Interface SessionAwareAuthenticationAdapter

public interface SessionAwareAuthenticationAdapter

An interface that allows an IdP adapter to decide whether or not an existing authentication session should be used.

PingFederate's Authentication Sessions capability allows any adapter to be wrapped in a session. If a session has been created for a user and has not expired, PingFederate will use the stored authentication attributes instead of invoking the adapter's lookupAuthN method.

By implementing this interface, an adapter can exercise additional control over whether or not an existing session is used.

Since:

9.0.3

See Also:

IdpAuthenticationAdapterV2

Method Summary

Modifier and Type	Method	Description
boolean	checkUseAuthenticationSession(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Map<String,Object> inParameters, AuthenticationSession existingSession)	A method that the PingFederate server calls during processing of a single sign-on transaction to determine whether an existing session can be used instead of invoking the adapter's lookupAuthN method.

Method Detail

checkUseAuthenticationSession

boolean checkUseAuthenticationSession(javax.servlet.http.HttpServletRequest req,
                                      javax.servlet.http.HttpServletResponse resp,
                                      Map<String,Object> inParameters,
                                      AuthenticationSession existingSession)

A method that the PingFederate server calls during processing of a single sign-on transaction to determine whether an existing session can be used instead of invoking the adapter's lookupAuthN method.

When a session exists for a user and the adapter implements this interface, this method is called before the stored authentication attributes are used. If the adapter returns true from this method, the stored attributes will be used and the adapter's lookupAuthN method will not be invoked. Otherwise, the session will be ignored and the adapter's lookupAuthN method will be invoked.

Parameters:

req - the HttpServletRequest can be used to read cookies, parameters, headers, etc. It can also be used to find out more about the request like the full URL the request was made to.

resp - the HttpServletResponse is provided only in case the implementation needs to access SessionStateSupport in order to read session attributes. The implementation should not write to the servlet response.

inParameters - A map that contains a set of input parameters. The input parameters provided are detailed in IdpAuthenticationAdapterV2, prefixed with IN_PARAMETER_NAME_*. If the adapter does not implement the IdpAuthenticationAdapterV2 interface, then this map will be empty.

existingSession - An object representing the existing session.

Returns:

True if the existing session should be used. False if the session should not be used and the adapter's lookupAuthN method should be invoked