Page tree
Skip to end of metadata
Go to start of metadata


This feature depends on V3.4.0 of the IdP software.

Current File(s): conf/authn/function-authn-config.xml

Format: Native Spring

Overview

The authn/Function login flow is an extension point that allows authentication to be handled by a deployer-supplied Function object, which can be written in Java, a scripting language, etc. It simplifies authoring certain kinds of custom login flows (essentially it provides the "flow" part) and potentially simpifies some MultiFactorAuthnConfiguration scenarios by moving some of the logic into a separate component.

General Configuration

Use authn/function-authn-config.xml to configure this flow. Only a couple of beans are defined, chiefly the core of the flow, a required bean named shibboleth.authn.Function.ResultLookupStrategy, of type Function<ProfileRequestContext,Object>

If the function returns a null, then authentication fails (this is how to signal a controlled failure). Otherwise, the function can return a String (the username), a Principal, or a Subject, and the system will construct an appropriate AuthenticationResult around whatever is returned.

Reference

Beans

Bean IDTypeDefaultFunction
shibboleth.authn.Function.resultLookupStrategyFunction<ProfileRequestContext,Object>
A function to produce the authentication result (see above)
shibboleth.authn.Function.resultCachingPredicate

Predicate<ProfileRequestContext>


An optional bean that can be defined to control whether to preserve the authentication result in an IdP session
shibboleth.authn.Function.addDefaultPrincipals
BooleantrueWhether to add the content of the supportedPrincipals property of the underlying flow descriptor to the resulting Subject

Notes

None


  • No labels