Package com.inductiveautomation.ignition.gateway.auth.web.strategy

Interface WebAuthStrategy

All Known Implementing Classes:

AbstractWebAuthStrategy

public interface WebAuthStrategy

A WebAuthStrategy provides methods for an end user to initiate authentication requests which may require a User Agent to visit an external Identity Provider (IdP) to prove their Identity. The methods exposed here are broken out in a way which is web-friendly. Expected implementations include Open ID Connect (OIDC) and Security Assertion Markup Language (SAML).

Method Summary

Modifier and Type	Method	Description
URI	generateWebAuthEndSessionRequestUri(URI authRedirectUri, WebAuthState.Builder webAuthStateBuilder, String signedAttributesDocument)	Generates the appropriate IdP request URI to which the user should be redirected in order to end their session.
URI	generateWebAuthRequestUri(URI authRedirectUri, WebAuthState.Builder webAuthStateBuilder, boolean forceAuth)	Generates the appropriate IdP request URI to which the user should be redirected in order to satisfy the requirements to generate an auth response which will establish an authenticated user.
String	getType()
boolean	isLogoutSupported()
void	parseWebAuthEndSessionResponse(WebAuthResponseContext webAuthResponseContext)	Parse the Web Auth End Session Response from the incoming Http Request details.
AttributeSource	parseWebAuthResponse(WebAuthResponseContext warc)	Parses the WebAuthResponseContext from the IdP's auth response (encapsulated in the incoming HTTP request)

Method Details

getType

@Nonnull
String getType()

Returns:

the type of this WebAuthStrategy

isLogoutSupported

boolean isLogoutSupported()

Returns:

true if this WebAuthStrategy supports end session requests, false otherwise

generateWebAuthRequestUri

@Nonnull
URI generateWebAuthRequestUri(@Nonnull
 URI authRedirectUri,
 @Nonnull
 WebAuthState.Builder webAuthStateBuilder,
 boolean forceAuth)
                       throws WebAuthStrategyException

Generates the appropriate IdP request URI to which the user should be redirected in order to satisfy the requirements to generate an auth response which will establish an authenticated user.

Parameters:

authRedirectUri - The URI to which the IdP will redirect in order to route the IdP auth response to this strategy for parsing

webAuthStateBuilder - The WebAuthState.Builder to which certain state may be added by the WebAuthStrategy implementation to be passed in the WebAuthResponseContext

forceAuth - force the IdP to re-authenticate the user

Returns:

The URI to initiate auth at the IdP

Throws:

WebAuthStrategyException - if there is a problem generating the IdP auth request URI

parseWebAuthResponse

@Nonnull
AttributeSource parseWebAuthResponse(@Nonnull
 WebAuthResponseContext warc)
                              throws WebAuthStrategyException

Parses the WebAuthResponseContext from the IdP's auth response (encapsulated in the incoming HTTP request)

Parameters:

warc - The WebAuthResponseContext which contains the WebAuthState associated with the Web Auth Request that is connected to this Web Auth Response as well as the HttpRequest details which contain the IdP's auth response

Returns:

The AttributeSource based on the given auth response + auth strategy configuration details

Throws:

WebAuthStrategyException - if there is a problem parsing the WebAuthResponseContext

generateWebAuthEndSessionRequestUri

@Nonnull
URI generateWebAuthEndSessionRequestUri(@Nonnull
 URI authRedirectUri,
 @Nonnull
 WebAuthState.Builder webAuthStateBuilder,
 @Nullable
 String signedAttributesDocument)
                                 throws WebAuthStrategyException

Generates the appropriate IdP request URI to which the user should be redirected in order to end their session.

Parameters:

authRedirectUri - The URI to which the IdP will redirect in order to route the IdP end session response to this strategy for parsing

webAuthStateBuilder - The WebAuthState.Builder to which certain state may be added by the WebAuthStrategy implementation to be passed in the WebAuthResponseContext

signedAttributesDocument - The optional signed attributes document from which authentication was asserted, to be used as a hint for some implementations to perform logout appropriately

Returns:

The URI to initiate the end session request at the IdP

Throws:

UnsupportedOperationException - if this WebAuthStrategy does not support end session requests

WebAuthStrategyException - if there is a problem generating the IdP end session request URI

parseWebAuthEndSessionResponse

void parseWebAuthEndSessionResponse(@Nonnull
 WebAuthResponseContext webAuthResponseContext)
                             throws WebAuthStrategyException

Parse the Web Auth End Session Response from the incoming Http Request details. Returns the original app redirect URI.

Parameters:

webAuthResponseContext - The WebAuthResponseContext which contains the WebAuthState associated with the Web Auth Request that is connected to this Web Auth Response as well as the HttpRequest details which contain the IdP's end session response

Throws:

UnsupportedOperationException - if this WebAuthStrategy does not support end session requests

WebAuthStrategyException - if there is a problem parsing web auth end session response