Package com.pingidentity.sdk
Interface TransactionAwareAuthenticationAdapter
-
public interface TransactionAwareAuthenticationAdapterAn IdP adapter may implement TransactionAwareAuthenticationAdapter interface to define post-processing behaviours upon success or failure of the SSO transaction. Only the adapters invoked along the path of the policy tree for a transaction will have their post processing methods called. In addition, the adapter's post-processing methods will only be called if the adapter returnedAuthnAdapterResponse.AUTHN_STATUS.SUCCESSorAuthnAdapterResponse.AUTHN_STATUS.ACTIONfromIdpAuthenticationAdapterV2.lookupAuthN(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>)- Since:
- 9.3
-
-
Field Summary
Fields Modifier and Type Field Description static org.apache.commons.logging.Loglogstatic StringPARAMETER_NAME_CHAINED_ATTRIBUTESWhen chaining authentication sources together, either by authentication policies or composite adapters, the attribute map that is returned from an authentication source is passed in to the next adapter in the chain via this "inParameter".static StringPARAMETER_NAME_OAUTH_CLIENT_IDThe input parameter name used to identify the incoming OAuth client id.static StringPARAMETER_NAME_PARTNER_ENTITYIDThe input parameter name for partner entity id in the "inParameters" map of lookupAuthN.static StringPARAMETER_NAME_REQUEST_IDThe input parameter name for the attribute that holds the request id.static StringPARAMETER_NAME_SP_ADAPTER_IDThe input parameter name used to identify the SP adapter ID.static StringPARAMETER_NAME_TRACKING_IDThe input parameter name used to identify related transactions.static StringPARAMETER_NAME_TRANSACTION_IDThe input parameter name for the attribute that holds the current transaction id.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description booleanisDeferAuthenticationSessionRegistration()When Authentication Sessions are enabled for an adapter instance, this controls when the authentication session is registered.voidonTransactionComplete(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap, AttributeMap policyResultMap)Deprecated.since 11.3 in favor ofonTransactionComplete(HttpServletRequest, HttpServletResponse, Map, AttributeMap, Map)default voidonTransactionComplete(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap, AttributeMap policyResultMap, Map<String,Object> parameters)Called at the end of the SSO transaction, and only if the SSO transaction completes successfully.default voidonTransactionFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap)Deprecated.since 11.3 in favor ofonTransactionFailure(HttpServletRequest, HttpServletResponse, Map, Map)default voidonTransactionFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap, Map<String,Object> parameters)Called at the end of the SSO transaction, and only if the SSO transaction completes with failure.
-
-
-
Field Detail
-
log
static final org.apache.commons.logging.Log log
-
PARAMETER_NAME_TRACKING_ID
static final String PARAMETER_NAME_TRACKING_ID
The input parameter name used to identify related transactions. This ID can be useful for debugging and support purposes. The value is a String.- Since:
- 11.3
- See Also:
- Constant Field Values
-
PARAMETER_NAME_REQUEST_ID
static final String PARAMETER_NAME_REQUEST_ID
The input parameter name for the attribute that holds the request id. The value is a String.- Since:
- 11.3
- See Also:
- Constant Field Values
-
PARAMETER_NAME_TRANSACTION_ID
static final String PARAMETER_NAME_TRANSACTION_ID
The input parameter name for the attribute that holds the current transaction id.- Since:
- 11.3
- See Also:
- Constant Field Values
-
PARAMETER_NAME_PARTNER_ENTITYID
static final String PARAMETER_NAME_PARTNER_ENTITYID
The input parameter name for partner entity id in the "inParameters" map of lookupAuthN. It is the entity id of the SP to whom the single sign-on will be sent. The value is a String.- Since:
- 11.3
- See Also:
- Constant Field Values
-
PARAMETER_NAME_OAUTH_CLIENT_ID
static final String PARAMETER_NAME_OAUTH_CLIENT_ID
The input parameter name used to identify the incoming OAuth client id. The value is a String.- Since:
- 11.3
- See Also:
- Constant Field Values
-
PARAMETER_NAME_SP_ADAPTER_ID
static final String PARAMETER_NAME_SP_ADAPTER_ID
The input parameter name used to identify the SP adapter ID. The value is a String.- Since:
- 11.3
- See Also:
- Constant Field Values
-
PARAMETER_NAME_CHAINED_ATTRIBUTES
static final String PARAMETER_NAME_CHAINED_ATTRIBUTES
When chaining authentication sources together, either by authentication policies or composite adapters, the attribute map that is returned from an authentication source is passed in to the next adapter in the chain via this "inParameter". Each adapter in the chain will have access to a merged attribute map of all the previous authentication sources' returned attributes. The attribute map is of type
Map<String, Object> with entry key being the previous authentication source's attribute name and the entry value of typeAttributeValue.This map should be treated as read-only. Updates to it are not guaranteed to persist between adapter invocations.
- Since:
- 11.3
- See Also:
- Constant Field Values
-
-
Method Detail
-
isDeferAuthenticationSessionRegistration
boolean isDeferAuthenticationSessionRegistration()
When Authentication Sessions are enabled for an adapter instance, this controls when the authentication session is registered. If this method returns false, the session is registered as soon as the adapter returns SUCCESS (this is the default behavior). If this method returns true, the session is registered at the end of the SSO transaction, and only if the transaction completes successfully.
-
onTransactionComplete
@Deprecated void onTransactionComplete(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap, AttributeMap policyResultMap)
Deprecated.since 11.3 in favor ofonTransactionComplete(HttpServletRequest, HttpServletResponse, Map, AttributeMap, Map)Called at the end of the SSO transaction, and only if the SSO transaction completes successfully. An SSO transaction is considered successful if either of the following conditions are true: 1. The policy tree ended with a successful Authentication Policy Contract mapping or Local Identity Profile mapping. 2. The policy tree ended with an authentication source (IdP adapter or IdP connection), and that last authentication was successful.- Parameters:
request- the HttpServletRequest can be used to read cookies, parameters, headers, etc. It can also be used to find out more about the request like the full URL the request was made to.response- the HttpServletResponse. Cookies and headers may be added to the response, but the response body should not be written to.authnIdentifiersMap- (pass-by-value) the authentication identifiers returned by theIdpAuthenticationAdapterV2.lookupAuthN(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>)method.policyResultMap- (pass-by-value) the authentication policy contract mapping upon completion of the SSO transaction, fulfilled with values from the authentication sources or with dynamic text values.
-
onTransactionComplete
default void onTransactionComplete(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap, AttributeMap policyResultMap, Map<String,Object> parameters)Called at the end of the SSO transaction, and only if the SSO transaction completes successfully. An SSO transaction is considered successful if either of the following conditions are true: 1. The policy tree ended with a successful Authentication Policy Contract mapping or Local Identity Profile mapping. 2. The policy tree ended with an authentication source (IdP adapter or IdP connection), and that last authentication was successful.- Parameters:
request- the HttpServletRequest can be used to read cookies, parameters, headers, etc. It can also be used to find out more about the request like the full URL the request was made to.response- the HttpServletResponse. Cookies and headers may be added to the response, but the response body should not be written to.authnIdentifiersMap- (pass-by-value) the authentication identifiers returned by theIdpAuthenticationAdapterV2.lookupAuthN(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>)method.policyResultMap- (pass-by-value) the authentication policy contract mapping upon completion of the SSO transaction, fulfilled with values from the authentication sources or with dynamic text values.parameters- A map that contains a set of input parameters. The input parameters provided are detailed in this class, prefixed withPARAMETER_NAME_*e.g.PARAMETER_NAME_TRACKING_ID.- Since:
- 11.3
-
onTransactionFailure
@Deprecated default void onTransactionFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap)
Deprecated.since 11.3 in favor ofonTransactionFailure(HttpServletRequest, HttpServletResponse, Map, Map)Called at the end of the SSO transaction, and only if the SSO transaction completes with failure. An SSO transaction is considered to have failed if theonTransactionComplete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>, org.sourceid.util.log.AttributeMap)success conditions are not satisfied.- Parameters:
request- the HttpServletRequest can be used to read cookies, parameters, headers, etc. It can also be used to find out more about the request like the full URL the request was made to.response- the HttpServletResponse. Cookies and headers may be added to the response, but the response body should not be written to.authnIdentifiersMap- (pass-by-value) the authentication identifiers returned by theIdpAuthenticationAdapterV2.lookupAuthN(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>)method.- Since:
- 10.2
-
onTransactionFailure
default void onTransactionFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> authnIdentifiersMap, Map<String,Object> parameters)Called at the end of the SSO transaction, and only if the SSO transaction completes with failure. An SSO transaction is considered to have failed if theonTransactionComplete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>, org.sourceid.util.log.AttributeMap)success conditions are not satisfied.- Parameters:
request- the HttpServletRequest can be used to read cookies, parameters, headers, etc. It can also be used to find out more about the request like the full URL the request was made to.response- the HttpServletResponse. Cookies and headers may be added to the response, but the response body should not be written to.authnIdentifiersMap- (pass-by-value) the authentication identifiers returned by theIdpAuthenticationAdapterV2.lookupAuthN(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Map<java.lang.String, java.lang.Object>)method.parameters- A map that contains a set of input parameters. The input parameters provided are detailed in this class, prefixed withPARAMETER_NAME_*e.g.PARAMETER_NAME_TRACKING_ID.- Since:
- 11.3
-
-