com.adobe.idp.um.api
Interface AuthenticationManager

All Known Implementing Classes:

AuthenticationManagerServiceClient

public interface AuthenticationManager

This is the primary interface for authenticating users.

Method Summary

AuthResult	authenticate(byte[] ssoToken, boolean createAssertion) This is the primary method for authenticating a user from the single sign-on (SSO) servlet.
AuthResult	authenticate(org.w3c.dom.Element wssecHeaderElement) This method authenticates a WS-Security header element in a SOAP request.
AuthResult	authenticate(org.w3c.dom.Element wssecHeaderElement, java.util.List domainList) This method authenticates a WS-Security header element in a SOAP request.
AuthResult	authenticate(HttpRequestToken requestToken) Authenticates using the given HttpRequestToken.
AuthResult	authenticate(java.lang.String wssecHeader) This method authenticates a WS-Security header in a SOAP request.
AuthResult	authenticate(java.lang.String username, byte[] password) This is the primary method for authenticating a user.
AuthResult	authenticate(java.lang.String username, byte[] password, java.util.List domainList) This is the primary method for authenticating a user.
AuthResult	authenticate(java.lang.String wssecHeader, java.util.List domainList) This method authenticates a WS-Security header in a SOAP request.
AuthResult	authenticate(java.lang.String unsignedData, java.lang.String signatureValue) This method is for certificate-based authentication.
AuthResult	authenticate(java.lang.String unsignedData, java.lang.String signatureValue, java.util.List domainList) This method is for certificate-based authentication.
AuthResult	getAuthResultOnBehalfOfUser(java.lang.String canonicalName, java.lang.String domainName, Context caller) This method retrieves an authentication result on behalf of a user.
java.util.List	getAuthSchemes() This method retrieves a List of all the authentication schemes.
SSOToken	getSSOToken(Context context) Retrieves the single sign-on (SSO) token used in the SSO servlet.
byte[]	getSSOTokenBytes(Context context) Retrieves a byte array representing the single sign-on (SSO) token used in the SSO servlet.
AuthResult	renewAssertion(java.lang.String assertionId, Context context) Renews the SAML assertion referred by the given assertionId.
Context	validateAssertion(Context ctx) This method creates and returns a Context after validating the assertion contained in the context.
AuthResult	validateAssertion(java.lang.String assertion) This method creates and returns an authentication result after validating the assertion.

Method Detail

authenticate

AuthResult authenticate(java.lang.String username,
                        byte[] password)
                        throws UMException

This is the primary method for authenticating a user. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

username - The user name.

password - The password.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(java.lang.String username,
                        byte[] password,
                        java.util.List domainList)
                        throws UMException

This is the primary method for authenticating a user. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

username - The user name.

password - The password.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(java.lang.String unsignedData,
                        java.lang.String signatureValue)
                        throws UMException

This method is for certificate-based authentication. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

unsignedData - The unsigned data used in certificate-based authentication.

signatureValue - A base64-encoded, PKCS7-Detached digital signature.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(java.lang.String unsignedData,
                        java.lang.String signatureValue,
                        java.util.List domainList)
                        throws UMException

This method is for certificate-based authentication. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

unsignedData - The unsigned data used in certificate-based authentication.

signatureValue - A base64-encoded, PKCS7-Detached digital signature.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(java.lang.String wssecHeader)
                        throws UMException

This method authenticates a WS-Security header in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

wssecHeader - The WS-Security header.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(java.lang.String wssecHeader,
                        java.util.List domainList)
                        throws UMException

This method authenticates a WS-Security header in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

wssecHeader - The WS-Security header.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(org.w3c.dom.Element wssecHeaderElement)
                        throws UMException

This method authenticates a WS-Security header element in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

wssecHeaderElement - The WS-Security header element.

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(org.w3c.dom.Element wssecHeaderElement,
                        java.util.List domainList)
                        throws UMException

This method authenticates a WS-Security header element in a SOAP request. It returns an authentication result indicating whether authentication was successful. That result can then be used in the Context.

Parameters:

wssecHeaderElement - The WS-Security header element.

domainList - List of domains against which user should be authenticated

Returns:

The authentication result.

Throws:

UMException

See Also:

Context

authenticate

AuthResult authenticate(byte[] ssoToken,
                        boolean createAssertion)
                        throws UMException

This is the primary method for authenticating a user from the single sign-on (SSO) servlet.

Parameters:

ssoToken - The SSO token.

createAssertion - Used to determine whether an assertion is created.

Returns:

The authentication result.

Throws:

IDException

IDPSystemException

UMException

getSSOToken

SSOToken getSSOToken(Context context)
                     throws UMException

Retrieves the single sign-on (SSO) token used in the SSO servlet.

Parameters:

context - The context.

Returns:

The SSO token.

Throws:

UMException

getSSOTokenBytes

byte[] getSSOTokenBytes(Context context)
                        throws UMException

Retrieves a byte array representing the single sign-on (SSO) token used in the SSO servlet.

Parameters:

context - The context.

Returns:

A byte array containing the SSO token information.

Throws:

UMException

getAuthSchemes

java.util.List getAuthSchemes()
                              throws UMException

This method retrieves a List of all the authentication schemes.

Returns:

A List containing all the authentication schemes.

Throws:

UMException

getAuthResultOnBehalfOfUser

AuthResult getAuthResultOnBehalfOfUser(java.lang.String canonicalName,
                                       java.lang.String domainName,
                                       Context caller)
                                       throws UMException

This method retrieves an authentication result on behalf of a user. This method can be used to impersonate a user (typically a system user) who has higher privilege.

Parameters:

canonicalName - The canonical name of the user.

domainName - The domain name to which the user belongs. This parameter is case sensitive. For example, the domain names "adobe" and "Adobe" would be treated differently.

caller - The context of the caller.

Returns:

The authentication result.

Throws:

UMException

validateAssertion

AuthResult validateAssertion(java.lang.String assertion)
                             throws UMException

This method creates and returns an authentication result after validating the assertion.

Parameters:

assertion - The assertion.

Returns:

The authentication result.

Throws:

UMException

validateAssertion

Context validateAssertion(Context ctx)
                          throws UMException

This method creates and returns a Context after validating the assertion contained in the context. Returns the same context back if it is localOnly

Parameters:

ctx - The context.

Returns:

The validated context.

Throws:

UMException

authenticate

AuthResult authenticate(HttpRequestToken requestToken)
                        throws UMException

Authenticates using the given HttpRequestToken. Returns null in case the token is pointing to a stale session data.

Parameters:

requestToken - token containing authentication related data

Returns:

AuthResult if authentication is successful. In case the http token contains reference to a sso session which has expired then an UMException would be thrown

Throws:

UMException - with error code UMConstants.ErrorCodes.E_ASSERTION_ID_INVALID if the assertionId is not valid

renewAssertion

AuthResult renewAssertion(java.lang.String assertionId,
                          Context context)
                          throws UMException

Renews the SAML assertion referred by the given assertionId. The assertion would be renewed only if following conditions are met

• Renewal should be done before the SAML assertion gets expired
• The api for renewal should pass a Context with it. The Context user must have UMConstants.FGACConstants.PERM_USER_MANAGER_RENEW_ASSERTION permission
• The renewal would be allowed for only certain number of times(which is configurable) only. The default value is set to 10. If the renewal count exceed this limit then a UMException exception would be thrown with error code UMConstants.ErrorCodes.E_ASSERTION_RENEWAL_COUNT_EXCEEDED

The assertionId is the value of the cookie set by the UM during the authentication process. The cookie name is specified by UMConstants.SSOConstants.LIVECYCLE_AUTH_TOKEN. The value can also be obtained using HttpRequestToken. For example

        String assertionId = new HttpRequestToken(servletRequest).getAssertionId();
 

Here the servletRequest is an object of type HttpServletRequest

Parameters:

assertionId - - The id of the assertion for the which renewal is required

context - - Context of the user with specified permission as mentioned above.This context must be a valid context.

Returns:

an AuthResult containing the renewed assertion

Throws:

UMException - if the assertion is already expired or the renewal count has exceeded the specified limit