LOG.debug("Recording authentication and service information in Shibboleth session for principal: {}",
principalName);
Subject subject = (Subject) httpRequest.getAttribute(LoginHandler.SUBJECT_KEY);
- AuthenticationMethodInformation authnMethodInfo = new AuthenticationMethodInformationImpl(subject, loginContext
- .getAuthenticationMethod(), new DateTime(), loginContext.getAuthenticationDuration());
+ String authnMethod = (String) httpRequest.getAttribute(LoginHandler.AUTHENTICATION_METHOD_KEY);
+ if (DatatypeHelper.isEmpty(authnMethod)) {
+ authnMethod = loginContext.getAuthenticationMethod();
+ }
+
+ AuthenticationMethodInformation authnMethodInfo = new AuthenticationMethodInformationImpl(subject, authnMethod,
+ new DateTime(), loginContext.getAuthenticationDuration());
shibSession.getAuthenticationMethods().put(authnMethodInfo.getAuthenticationMethod(), authnMethodInfo);
* the authentication process. This Subject is stored in the {@link AuthenticationMethodInformation}, created for this
* authentication, in the user's session.
*
+ * The handler may designate the a URI representing the authentication method actually used, for example if a handler is
+ * capable of performing multiple types of authentication, by binding the URI, as a String, to a request attribute
+ * identified by {@link #AUTHENTICATION_METHOD_KEY}.
+ *
* The handler may also bind an error message, if an error occurred during authentication to the request attribute
* identified by {@link LoginHandler#AUTHENTICATION_ERROR_KEY}.
*
/** Request attribute to which user's subject should be bound. */
public static final String SUBJECT_KEY = "subject";
+ /** Request attribute to which an authentication method URI may be bound. */
+ public static final String AUTHENTICATION_METHOD_KEY = "authnMethod";
+
/** Request attribute to which an error message may be bound. */
public static final String AUTHENTICATION_ERROR_KEY = "authnError";
projects / java-idp.git / commitdiff