Package se.curity.identityserver.sdk.attribute

Class UserAuthenticationConfigAttributes

Object

se.curity.identityserver.sdk.attribute.MapAttributeValue

se.curity.identityserver.sdk.attribute.UserAuthenticationConfigAttributes

All Implemented Interfaces:

Iterable<Attribute>, AttributeContainer<MapAttributeValue>, AttributeOrAttributeValue<AttributeValue>, AttributeValue, SerializableAsMap, UserAuthenticationConfig

public final class UserAuthenticationConfigAttributes
extends MapAttributeValue
implements UserAuthenticationConfig

User authentication configuration settings.

Since:

8.4.0

"Implementation Note:"

this class was implemented to map directly to GraphQL parameters names in the UserAuthentication type, therefore it can be easily serialized to/from GraphQL objects. The only exception to that is allowed_backchannel_authenticators, which come from the BackchannelAuthenticationCapability type instead. That's why the backchannel-authenticators are treated separately and not serialized with this MapAttributeValue.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	UserAuthenticationConfigAttributes.Builder

Nested classes/interfaces inherited from interface se.curity.identityserver.sdk.attribute.AttributeContainer

AttributeContainer.TypeConversionStrategy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ALLOWED_AUTHENTICATORS
static final String	ALLOWED_POST_LOGOUT_REDIRECT_URIS
static final String	AUTHENTICATOR_FILTERS
static final String	BACKCHANNEL_LOGOUT_URI
static final String	CONSENT
static final String	CONTEXT_INFO
static final String	DEFAULT_CONTEXT_INFO
static final String	FORCE_AUTHENTICATION
static final String	FRESHNESS
static final String	FRONTCHANNEL_LOGOUT_URI
static final String	HTTP_CLIENT_ID
static final String	LOCALE
static final String	REQUIRED_CLAIMS
static final String	TEMPLATE_AREA

Constructor Summary

Constructors

Constructor	Description
UserAuthenticationConfigAttributes(Iterable<Attribute> attributeValue, Collection<String> backchannelAuthenticators)	Create a new instance of UserAuthenticationConfigAttributes that includes not only the attributes stored within it, but also external values which are required for implementing UserAuthenticationConfig.

Method Summary

Modifier and Type	Method	Description
List<String>	getAllowedAuthenticatorList()
List<String>	getAllowedBackchannelAuthenticatorList()
Set<URI>	getAllowedPostLogoutRedirectUris()
Set<String>	getAllowedPostLogoutRedirectUriStrings()
Set<String>	getAuthenticatorFilters()
Optional<String>	getBackChannelLogoutUri()
Optional<UserConsentAttributes>	getConsent()
String	getContextInfo()
Optional<Boolean>	getForceAuthn()
Optional<Long>	getFreshness()
Optional<String>	getFrontChannelLogoutUri()
Optional<String>	getHttpClient()
Optional<String>	getLocale()
Set<String>	getRequiredClaims()
Optional<String>	getTemplateArea()
static @Nullable UserAuthenticationConfigAttributes	of(@Nullable MapAttributeValue attributeValue, Collection<String> backchannelAuthenticators)

Methods inherited from class se.curity.identityserver.sdk.attribute.MapAttributeValue

append, append, asMap, delete, empty, equals, get, get, getAll, getAttributesByName, getMandatory, getMandatory, getMandatory, getUniqueValuesOfType, getUniqueValuesOfType, getValue, getValuesOfType, getValuesOfType, getValueWithAuthorities, getValueWithMetadata, hashCode, isEmpty, iterator, keys, map, map, map, mapEntries, mapNonRecursive, nullOrOfType, of, of, of, of, removeAttributes, removeNullAttributeValues, retainAttributes, size, stream, toString, with, with

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface se.curity.identityserver.sdk.attribute.AttributeContainer

contains, contains, getOptionalValue, getOptionalValue, getOptionalValue, removeAttribute, retainAttribute

Methods inherited from interface java.lang.Iterable

forEach, spliterator

Methods inherited from interface se.curity.identityserver.sdk.oauth.auth.UserAuthenticationConfig

getBackChannelLogoutSessionRequired, getFrontChannelLogoutSessionRequired

Field Details

ALLOWED_AUTHENTICATORS

public static final String ALLOWED_AUTHENTICATORS

See Also:

• Constant Field Values

REQUIRED_CLAIMS

public static final String REQUIRED_CLAIMS

See Also:

• Constant Field Values

CONTEXT_INFO

public static final String CONTEXT_INFO

See Also:

• Constant Field Values

TEMPLATE_AREA

public static final String TEMPLATE_AREA

See Also:

• Constant Field Values

FORCE_AUTHENTICATION

public static final String FORCE_AUTHENTICATION

See Also:

• Constant Field Values

FRESHNESS

public static final String FRESHNESS

See Also:

• Constant Field Values

LOCALE

public static final String LOCALE

See Also:

• Constant Field Values

AUTHENTICATOR_FILTERS

public static final String AUTHENTICATOR_FILTERS

See Also:

• Constant Field Values

FRONTCHANNEL_LOGOUT_URI

public static final String FRONTCHANNEL_LOGOUT_URI

See Also:

• Constant Field Values

BACKCHANNEL_LOGOUT_URI

public static final String BACKCHANNEL_LOGOUT_URI

See Also:

• Constant Field Values

HTTP_CLIENT_ID

public static final String HTTP_CLIENT_ID

See Also:

• Constant Field Values

ALLOWED_POST_LOGOUT_REDIRECT_URIS

public static final String ALLOWED_POST_LOGOUT_REDIRECT_URIS

See Also:

• Constant Field Values

CONSENT

public static final String CONSENT

See Also:

• Constant Field Values

DEFAULT_CONTEXT_INFO

public static final String DEFAULT_CONTEXT_INFO

See Also:

• Constant Field Values

Constructor Details

UserAuthenticationConfigAttributes

public UserAuthenticationConfigAttributes(Iterable<Attribute> attributeValue,
 Collection<String> backchannelAuthenticators)

Create a new instance of UserAuthenticationConfigAttributes that includes not only the attributes stored within it, but also external values which are required for implementing UserAuthenticationConfig. Notice that the external values must NOT be included in the serialized version of this class.

Parameters:

attributeValue - source attributes

backchannelAuthenticators - external data containing the backchannel authenticators

Method Details

of

@Nullable
public static @Nullable UserAuthenticationConfigAttributes of(@Nullable MapAttributeValue attributeValue,
 Collection<String> backchannelAuthenticators)

getAllowedBackchannelAuthenticatorList

public List<String> getAllowedBackchannelAuthenticatorList()

Specified by:

getAllowedBackchannelAuthenticatorList in interface UserAuthenticationConfig

Returns:

whitelist of allowed backchannel authenticator ids for a user; an empty list means all backchannel authenticators are allowed.

getConsent

public Optional<UserConsentAttributes> getConsent()

getAllowedAuthenticatorList

public List<String> getAllowedAuthenticatorList()

Specified by:

getAllowedAuthenticatorList in interface UserAuthenticationConfig

Returns:

whitelist of allowed authenticator ids for a user; an empty list means all authenticators are allowed.

getRequiredClaims

public Set<String> getRequiredClaims()

Specified by:

getRequiredClaims in interface UserAuthenticationConfig

Returns:

all required claims for a user.

getContextInfo

public String getContextInfo()

Specified by:

getContextInfo in interface UserAuthenticationConfig

Returns:

the context information for a user.

getTemplateArea

public Optional<String> getTemplateArea()

Specified by:

getTemplateArea in interface UserAuthenticationConfig

Returns:

optional template area for a user.

getForceAuthn

public Optional<Boolean> getForceAuthn()

Specified by:

getForceAuthn in interface UserAuthenticationConfig

Returns:

optional setting to force authentication.

getFreshness

public Optional<Long> getFreshness()

Specified by:

getFreshness in interface UserAuthenticationConfig

Returns:

optional freshness for a user.

getLocale

public Optional<String> getLocale()

Specified by:

getLocale in interface UserAuthenticationConfig

Returns:

optional locale for a user

getAuthenticatorFilters

public Set<String> getAuthenticatorFilters()

Specified by:

getAuthenticatorFilters in interface UserAuthenticationConfig

Returns:

the authentication filters for a user.

getFrontChannelLogoutUri

public Optional<String> getFrontChannelLogoutUri()

Specified by:

getFrontChannelLogoutUri in interface UserAuthenticationConfig

Returns:

the URI of the RP to use for front channel logout notification

getBackChannelLogoutUri

public Optional<String> getBackChannelLogoutUri()

Specified by:

getBackChannelLogoutUri in interface UserAuthenticationConfig

Returns:

the URI of the RP to use for back channel logout notification

getHttpClient

public Optional<String> getHttpClient()

Specified by:

getHttpClient in interface UserAuthenticationConfig

Returns:

the id of an HTTP Client that is able to connect to the backchannel logout uri; if not set, a default HTTP Client should be used

getAllowedPostLogoutRedirectUriStrings

public Set<String> getAllowedPostLogoutRedirectUriStrings()

Specified by:

getAllowedPostLogoutRedirectUriStrings in interface UserAuthenticationConfig

Returns:

the set of URI Strings that the client may provide as post logout redirect url. Prefer to use UserAuthenticationConfig.getAllowedPostLogoutRedirectUris() unless validating the URIs.

getAllowedPostLogoutRedirectUris

public Set<URI> getAllowedPostLogoutRedirectUris()

Specified by:

getAllowedPostLogoutRedirectUris in interface UserAuthenticationConfig

Returns:

the set of URIs that the client may provide as post logout redirect url.