LOG.debug("Beginning user authentication process");
try {
Session idpSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+ if(idpSession != null){
+ LOG.debug("Existing IdP session available for principal {}", idpSession.getPrincipalName());
+ }
+
Map<String, LoginHandler> possibleLoginHandlers = determinePossibleLoginHandlers(loginContext);
+ LOG.debug("Possible authentication handlers for this request: {}", possibleLoginHandlers);
// Filter out possible candidate login handlers by forced and passive authentication requirements
if (loginContext.isForceAuthRequired()) {
if (loginContext.isPassiveAuthRequired()) {
filterByPassiveAuthentication(loginContext, possibleLoginHandlers);
}
-
+
// If the user already has a session and its usage is acceptable than use it
// otherwise just use the first candidate login handler
+ LOG.debug("Possible authentication handlers after filtering: {}", possibleLoginHandlers);
if (idpSession != null
&& possibleLoginHandlers.containsKey(PreviousSessionLoginHandler.PREVIOUS_SESSION_AUTHN_METHOD)) {
authenticateUserWithPreviousSession(loginContext, possibleLoginHandlers, httpRequest, httpResponse);
loginContext.setAuthenticationFailure(e);
returnToProfileHandler(loginContext, httpRequest, httpResponse);
}
-
}
/**
Entry<String, LoginHandler> supportedLoginHandler;
while (supportedLoginHandlerItr.hasNext()) {
supportedLoginHandler = supportedLoginHandlerItr.next();
- if (supportedLoginHandler.getKey().equals(PreviousSessionLoginHandler.PREVIOUS_SESSION_AUTHN_METHOD)
- || !loginContext.getRequestedAuthenticationMethods().contains(supportedLoginHandler.getKey())) {
+ if (!(supportedLoginHandler.getKey().equals(PreviousSessionLoginHandler.PREVIOUS_SESSION_AUTHN_METHOD))
+ && !loginContext.getRequestedAuthenticationMethods().contains(supportedLoginHandler.getKey())) {
supportedLoginHandlerItr.remove();
continue;
}
}
}
}
+
+ LOG.debug("Authentication handlers remaining after forced authentication requirement filtering: {}",
+ loginHandlers);
if (loginHandlers.isEmpty()) {
LOG.error("Force authentication required but no login handlers available to support it");
authnMethodItr.remove();
}
}
+
+ LOG.debug("Authentication handlers remaining after passive authentication requirement filtering: {}",
+ loginHandlers);
if (loginHandlers.isEmpty()) {
LOG.error("Passive authentication required but no login handlers available to support it");
}
loginContext.setPrincipalName(idpSession.getPrincipalName());
+ loginContext.setAuthenticationAttempted();
httpRequest.getSession().setAttribute(LoginContext.LOGIN_CONTEXT_KEY, loginContext);
loginHandler.login(httpRequest, httpResponse);
}
*/
protected void completeAuthentication(LoginContext loginContext, HttpServletRequest httpRequest,
HttpServletResponse httpResponse) {
+ LOG.debug("Completing user authentication process");
// We check if the principal name was already set in the login context
// if not attempt to pull it from where login handlers are supposed to provide it
- String principalName = loginContext.getPrincipalName();
+ String principalName = DatatypeHelper.safeTrimOrNullString(loginContext.getPrincipalName());
if (principalName == null) {
- DatatypeHelper.safeTrimOrNullString((String) httpRequest.getAttribute(LoginHandler.PRINCIPAL_NAME_KEY));
+ principalName = DatatypeHelper.safeTrimOrNullString((String) httpRequest
+ .getAttribute(LoginHandler.PRINCIPAL_NAME_KEY));
if (principalName != null) {
loginContext.setPrincipalName(principalName);
- }else{
+ } else {
loginContext.setPrincipalAuthenticated(false);
loginContext.setAuthenticationFailure(new AuthenticationException(
"No principal name returned from authentication handler."));
}
}
loginContext.setPrincipalAuthenticated(true);
-
+
// We allow a login handler to override the authentication method in the event that it supports multiple methods
String actualAuthnMethod = DatatypeHelper.safeTrimOrNullString((String) httpRequest
.getAttribute(LoginHandler.AUTHENTICATION_METHOD_KEY));
projects / java-idp.git / blobdiff