Package se.swedenconnect.spring.saml.idp.authentication.provider

Interface UserAuthenticationProvider

All Superinterfaces:
org.springframework.security.authentication.AuthenticationProvider
All Known Subinterfaces:
UserRedirectAuthenticationProvider
All Known Implementing Classes:
AbstractUserAuthenticationProvider, AbstractUserRedirectAuthenticationProvider
public interface UserAuthenticationProvider extends org.springframework.security.authentication.AuthenticationProvider
Interface for an AuthenticationProvider that implements SAML2 Identity Provider user authentication. The authenticate(org.springframework.security.core.Authentication) method returns a Saml2UserAuthentication.

Note: The authentication provider should release all possible attributes about an authentication (user). These will be filtered by an AttributeProducer before adding attributes to an assertion. The reason for this is that in SSO-cases another set of attributes may be requested, and if attributes are filtered by the provider we may not be able to re-use and authentication.

Note that the authenticate(org.springframework.security.core.Authentication) must only return null under one condition and that is when the requested authentication context(s) can not be met by the authentication provider.

Author:
Martin Lindström

  • Method Details

    • getName

      String getName()
      Gets the name of the provider.
      Returns:
      the name of the provider

    • authenticate

      default org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Maps to authenticateUser(Saml2UserAuthenticationInputToken).
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException

    • authenticateUser

      org.springframework.security.core.Authentication authenticateUser(Saml2UserAuthenticationInputToken token) throws Saml2ErrorStatusException
      Performs the user authentication.
      Parameters:
      token - the input token
      Returns:
      the authentication token or null if the requested authentication context(s) can not be met by the authentication provider.
      Throws:
      Saml2ErrorStatusException - for authentication errors

    • supports

      default boolean supports(Class<?> authentication)
      Supports Saml2UserAuthenticationInputToken.
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider

    • getSupportedAuthnContextUris

      List<String> getSupportedAuthnContextUris()
      Gets the supported authentication context URI:s for the provider.
      Returns:
      a list of the authenticator's supported authentication context URI:s

    • getEntityCategories

      List<String> getEntityCategories()
      Gets a list of all SAML entity categories that this AuthenticationProvider declares.
      Returns:
      a list of entity category URI:s