Package com.inductiveautomation.ignition.gateway.auth.idp

Interface IdpAdapterManager

public interface IdpAdapterManager

An IdpAdapterManager is the source of record for all IdpAdapters configured in the system

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	IdpAdapterManager.ChangeEvent	Encapsulates a change event which occurred to an IdpAdapter in the IdpAdapterManager
static class	IdpAdapterManager.NotFoundException	An Exception capturing the scenario where an IdP Adapter with a given ID does not exist in the system

Method Summary

Modifier and Type	Method	Description
java.lang.String	addConfig(IdpAdapterConfig config)	Add a new Identity Provider Adapter
WebAuthSession	createSession(java.lang.String idpId, com.google.common.collect.ImmutableCollection<java.lang.String> securityZones)	Creates a WebAuthSession given the targeted IdP Adapter's ID
java.net.URI	generateLogoutRequestUri(java.lang.String idpId, java.net.URI requestUri, WebAuthState.Builder webAuthStateBuilder, java.lang.String signedAttributesDocument)	Generates the URI to redirect the end user for performing logout with an external IdP.
java.net.URI	generateLogoutRequestUri(java.lang.String idpId, java.net.URI requestUri, WebAuthState.Builder webAuthStateBuilder, java.lang.String signedAttributesDocument, FragileFunction<java.lang.String,java.net.URI,java.lang.Exception> deepLinkCreator)	Generates the URI to redirect the end user for performing logout indirectly with an external IdP through a broker.
java.net.URI	generateWebAuthRequestUri(java.lang.String idpId, java.net.URI requestUri, WebAuthState.Builder webAuthStateBuilder)	Generates the URI to redirect the end user for performing web auth with an external IdP.
java.net.URI	generateWebAuthRequestUri(java.lang.String idpId, java.net.URI requestUri, WebAuthState.Builder webAuthStateBuilder, FragileFunction<java.lang.String,java.net.URI,java.lang.Exception> deepLinkCreator)	Generates the URI to redirect the end user for performing web auth indirectly with an external IdP through a broker.
com.google.common.collect.ImmutableCollection<IdpAdapterMeta>	getAllConfigs()
com.google.common.collect.ImmutableCollection<org.apache.commons.lang3.tuple.Triple<java.lang.String,java.lang.String,java.lang.String>>	getAllTypes()
java.util.Optional<IdpAdapterConfig>	getConfig(java.lang.String id)	Fetch the IdpAdapterConfig associated with the given IdP ID
com.google.common.eventbus.EventBus	getEventBus()
void	removeProviderConfig(java.lang.String id)	Remove an Identity Provider Adapter from the system
com.google.common.collect.ImmutableCollection<java.lang.String>	search(java.lang.String idpId, UserAttribute attributeName, java.lang.String attributeValue)	Search for a user against a database of historical login information.
void	updateProviderConfig(java.lang.String id, IdpAdapterConfig config)	Update an existing Identity Provider Adapter

Method Detail

getAllTypes

@Nonnull
com.google.common.collect.ImmutableCollection<org.apache.commons.lang3.tuple.Triple<java.lang.String,java.lang.String,java.lang.String>> getAllTypes()

Returns:

an ImmutableCollection of all triples of all registered Identity Provider Adapter type ids, their names, and their descriptions

getAllConfigs

@Nonnull
com.google.common.collect.ImmutableCollection<IdpAdapterMeta> getAllConfigs()

Returns:

an ImmutableCollection of IdpAdapterMeta for each Identity Provider Adapter configured in the system

getConfig

@Nonnull
java.util.Optional<IdpAdapterConfig> getConfig(@Nonnull
                                               java.lang.String id)

Fetch the IdpAdapterConfig associated with the given IdP ID

Parameters:

id - The targeted IdP ID

Returns:

An Optional which contains the IdpAdapterConfig associated with the given IdP ID or an empty Optional if there exists no IdP Adapter with the given ID

addConfig

@Nonnull
java.lang.String addConfig(@Nonnull
                           IdpAdapterConfig config)
                    throws IdpAdapterManagerException

Add a new Identity Provider Adapter

Parameters:

config - the configuration of the new IdP Adapter

Returns:

The new IdP Adapter's ID

Throws:

IdpAdapterManagerException - if there is a problem adding the new config

updateProviderConfig

void updateProviderConfig(@Nonnull
                          java.lang.String id,
                          @Nonnull
                          IdpAdapterConfig config)
                   throws IdpAdapterManagerException,
                          IdpAdapterManager.NotFoundException

Update an existing Identity Provider Adapter

Parameters:

id - the ID of the IdP Adapter to update

config - the new configuration which will replace the IdP Adapter's current configuration

Throws:

IdpAdapterManagerException - if there is a problem updating the config

IdpAdapterManager.NotFoundException

removeProviderConfig

void removeProviderConfig(@Nonnull
                          java.lang.String id)
                   throws IdpAdapterManagerException,
                          IdpAdapterManager.NotFoundException

Remove an Identity Provider Adapter from the system

Parameters:

id - the ID of the IdP Adapter to remove

Throws:

IdpAdapterManagerException - if there is a problem removing the config

IdpAdapterManager.NotFoundException

generateWebAuthRequestUri

@Nonnull
java.net.URI generateWebAuthRequestUri(@Nonnull
                                       java.lang.String idpId,
                                       @Nonnull
                                       java.net.URI requestUri,
                                       @Nonnull
                                       WebAuthState.Builder webAuthStateBuilder)
                                throws IdpAdapterManagerException

Generates the URI to redirect the end user for performing web auth with an external IdP.

Parameters:

idpId - the targeted IdP Adapter ID

requestUri - the incoming request URI

webAuthStateBuilder - the WebAuthState.Builder to attach state to be linked from pre- to post-web-auth

Returns:

the URI to redirect the end user for performing web auth with the targeted external IdP

Throws:

IdpAdapterManagerException - if there is an unexpected problem generating the web auth request URI

generateWebAuthRequestUri

@Nonnull
java.net.URI generateWebAuthRequestUri(@Nonnull
                                       java.lang.String idpId,
                                       @Nonnull
                                       java.net.URI requestUri,
                                       @Nonnull
                                       WebAuthState.Builder webAuthStateBuilder,
                                       @Nonnull
                                       FragileFunction<java.lang.String,java.net.URI,java.lang.Exception> deepLinkCreator)
                                throws IdpAdapterManagerException

Generates the URI to redirect the end user for performing web auth indirectly with an external IdP through a broker.

Parameters:

idpId - the targeted IdP Adapter ID

requestUri - the incoming request URI

webAuthStateBuilder - the WebAuthState.Builder to attach state to be linked from pre- to post-web-auth

deepLinkCreator - a FragileFunction which takes a brokered web auth response token and creates a deep link URI which will direct a native application to redirect the user to the broker web auth callback endpoint with the token

Returns:

the URI to redirect the end user for performing web auth indirectly with the targeted external IdP through a broker

Throws:

IdpAdapterManagerException - if there is an unexpected problem generating the web auth request URI

generateLogoutRequestUri

@Nonnull
java.net.URI generateLogoutRequestUri(@Nonnull
                                      java.lang.String idpId,
                                      @Nonnull
                                      java.net.URI requestUri,
                                      @Nonnull
                                      WebAuthState.Builder webAuthStateBuilder,
                                      @Nullable
                                      java.lang.String signedAttributesDocument)
                               throws IdpAdapterManagerException

Generates the URI to redirect the end user for performing logout with an external IdP.

Parameters:

idpId - the targeted IdP Adapter ID

requestUri - the incoming request URI

webAuthStateBuilder - the WebAuthState.Builder to attach state to be linked from pre- to post-logout

signedAttributesDocument - the optional signed attributes document from which authentication was asserted, to be used as a hint for some implementations to perform logout appropriately

Returns:

the URI to redirect the end user for performing logout with the targeted external IdP

Throws:

IdpAdapterManagerException - if there is an unexpected problem generating the logout request URI

java.lang.UnsupportedOperationException - if IdP Adapter does not support logout requests

generateLogoutRequestUri

@Nonnull
java.net.URI generateLogoutRequestUri(@Nonnull
                                      java.lang.String idpId,
                                      @Nonnull
                                      java.net.URI requestUri,
                                      @Nonnull
                                      WebAuthState.Builder webAuthStateBuilder,
                                      @Nullable
                                      java.lang.String signedAttributesDocument,
                                      @Nonnull
                                      FragileFunction<java.lang.String,java.net.URI,java.lang.Exception> deepLinkCreator)
                               throws IdpAdapterManagerException

Generates the URI to redirect the end user for performing logout indirectly with an external IdP through a broker.

Parameters:

idpId - the targeted IdP Adapter ID

requestUri - the incoming request URI

webAuthStateBuilder - the WebAuthState.Builder to attach state to be linked from pre- to post-logout

signedAttributesDocument - the optional signed attributes document from which authentication was asserted, to be used as a hint for some implementations to perform logout appropriately

deepLinkCreator - a FragileFunction which takes a brokered web auth response token and creates a deep link URI which will direct a native application to redirect the user to the broker web auth callback endpoint with the token

Returns:

the URI to redirect the end user for performing logout indirectly with the targeted external IdP through a broker

Throws:

IdpAdapterManagerException - if there is an unexpected problem generating the logout request URI

java.lang.UnsupportedOperationException - if IdP Adapter does not support logout requests

createSession

@Nonnull
WebAuthSession createSession(@Nullable
                             java.lang.String idpId,
                             @Nonnull
                             com.google.common.collect.ImmutableCollection<java.lang.String> securityZones)

Creates a WebAuthSession given the targeted IdP Adapter's ID

Parameters:

idpId - the targeted IdP Adapter ID

securityZones - the security zones of the context in which the WebAuthSession will run

search

@Nonnull
com.google.common.collect.ImmutableCollection<java.lang.String> search(@Nonnull
                                                                       java.lang.String idpId,
                                                                       @Nonnull
                                                                       UserAttribute attributeName,
                                                                       @Nonnull
                                                                       java.lang.String attributeValue)

Search for a user against a database of historical login information.

Parameters:

idpId - the IdP ID to search

attributeName - the UserAttribute to search

attributeValue - the search string

Returns:

the attribute values which closely match the search string

getEventBus

@Nonnull
com.google.common.eventbus.EventBus getEventBus()

Returns:

the EventBus where this IdpAdapterManager publishes change events