Class AbstractMSALCredentialProvider
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.core.authentication.AbstractCredentialProvider
org.ametys.plugins.extrausermgt.authentication.msal.AbstractMSALCredentialProvider
- All Implemented Interfaces:
BlockingCredentialProvider
,CredentialProvider
,NonBlockingCredentialProvider
,LogEnabled
,Component
,Contextualizable
- Direct Known Subclasses:
ADFSCredentialProvider
,EntraIDCredentialProvider
public abstract class AbstractMSALCredentialProvider
extends AbstractCredentialProvider
implements BlockingCredentialProvider, NonBlockingCredentialProvider, Contextualizable
Sign in through Azure AD, using the OpenId Connect protocol.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionblockingGetUserIdentity
(Redirector redirector) Method called by AuthenticateAction each time a request need authentication.boolean
Method called by AuthenticateAction before asking for credentials.boolean
blockingIsStillConnected
(UserIdentity userIdentity, Redirector redirector) Validates that the user specify is still connectedvoid
blockingUserAllowed
(UserIdentity userIdentity, Redirector redirector) Method called by AuthenticateAction after authentication process succeededvoid
blockingUserNotAllowed
(Redirector redirector) Method called by AuthenticateAction each a user could not get authenticated.void
contextualize
(Context context) protected abstract String
Returns the URL to send authorization and token requests to.Returns all needed OIDC scopes.protected void
Set the mandatory properties.nonBlockingGetUserIdentity
(Redirector redirector) Method called by AuthenticateAction each time a request need authentication.boolean
Method called by AuthenticateAction before asking for credentials.boolean
nonBlockingIsStillConnected
(UserIdentity userIdentity, Redirector redirector) Validates that the user specify is still connectedvoid
nonBlockingUserAllowed
(UserIdentity userIdentity, Redirector redirector) Method called by AuthenticateAction after authentication process succeededvoid
nonBlockingUserNotAllowed
(Redirector redirector) Method called by AuthenticateAction each a user could not get authenticated.boolean
Does this blocking credential provider requires a new window to process.Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider
equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode, init
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.ametys.core.authentication.CredentialProvider
getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, init, isStillConnected, userAllowed, userNotAllowed
-
Constructor Details
-
AbstractMSALCredentialProvider
public AbstractMSALCredentialProvider()
-
-
Method Details
-
contextualize
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
init
Set the mandatory properties. Should be called by implementors as early as possible.- Parameters:
cliendId
- the OIDC app idclientSecret
- the client secretprompt
- whether the user should be explicitely forced to enter its usernamesilent
- whether we should try to silently log the user in
-
getAuthority
Returns the URL to send authorization and token requests to.- Returns:
- the OIDC authority URL
-
blockingIsStillConnected
public boolean blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception Description copied from interface:BlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
blockingIsStillConnected
in interfaceBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
- Throws:
Exception
- If an error occurred
-
nonBlockingIsStillConnected
public boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception Description copied from interface:NonBlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
nonBlockingIsStillConnected
in interfaceNonBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
- Throws:
Exception
- If an error occurred
-
blockingGrantAnonymousRequest
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.- Specified by:
blockingGrantAnonymousRequest
in interfaceBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
nonBlockingGrantAnonymousRequest
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.- Specified by:
nonBlockingGrantAnonymousRequest
in interfaceNonBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
getScopes
Returns all needed OIDC scopes. Defaults to ["openid"]- Returns:
- all needed OIDC scopes
-
blockingGetUserIdentity
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
blockingGetUserIdentity
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
nonBlockingGetUserIdentity
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
nonBlockingGetUserIdentity
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
blockingUserNotAllowed
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
blockingUserNotAllowed
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.
-
nonBlockingUserNotAllowed
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
nonBlockingUserNotAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
blockingUserAllowed
public void blockingUserAllowed(UserIdentity userIdentity, Redirector redirector) throws ProcessingException, IOException Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
blockingUserAllowed
in interfaceBlockingCredentialProvider
- Parameters:
userIdentity
- The user correctly connectedredirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
ProcessingException
IOException
-
nonBlockingUserAllowed
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
nonBlockingUserAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
userIdentity
- The user correctly connectedredirector
- the cocoon Redirector that can be used for redirecting response.
-
requiresNewWindow
Description copied from interface:BlockingCredentialProvider
Does this blocking credential provider requires a new window to process.- Specified by:
requiresNewWindow
in interfaceBlockingCredentialProvider
- Returns:
- true to ask the client to process this credential provider throught a new window
-