public interface SessionAwareAuthenticationAdapter
PingFederate's Authentication Sessions capability allows any adapter to be wrapped in a session. If a session
has been created for a user and has not expired, PingFederate will use the stored authentication attributes
instead of invoking the adapter's lookupAuthN
method.
By implementing this interface, an adapter can exercise additional control over whether or not an existing session is used.
IdpAuthenticationAdapterV2
Modifier and Type | Method and Description |
---|---|
boolean |
checkUseAuthenticationSession(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
Map<String,Object> inParameters,
AuthenticationSession existingSession)
A method that the PingFederate server calls during processing of a single sign-on
transaction to determine whether an existing session can be used instead of invoking the adapter's
lookupAuthN method. |
boolean checkUseAuthenticationSession(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Map<String,Object> inParameters, AuthenticationSession existingSession)
lookupAuthN
method.
When a session exists for a user and the adapter implements this interface, this method
is called before the stored authentication attributes are used. If the adapter returns true from this method,
the stored attributes will be used and the adapter's lookupAuthN
method will not be invoked. Otherwise, the session will be ignored and the adapter's
lookupAuthN
method will be invoked.
req
- the HttpServletRequest can be used to read cookies, parameters, headers, etc. It can also be used to find
out more about the request like the full URL the request was made to.resp
- the HttpServletResponse is provided only in case the implementation needs to access
SessionStateSupport
in order to read session attributes. The implementation
should not write to the servlet response.inParameters
- A map that contains a set of input parameters. The input parameters provided are detailed in
IdpAuthenticationAdapterV2
, prefixed with IN_PARAMETER_NAME_*
.
If the adapter does not implement the IdpAuthenticationAdapterV2
interface, then this map
will be empty.existingSession
- An object representing the existing session.lookupAuthN
method should be invokedCopyright 2019 Ping Identity Corp. All rights reserved.