Class IotAuthenticationNode

  • All Implemented Interfaces:
    Node

    public class IotAuthenticationNode
    extends Object
    This node handles the authentication of things. It is responsible for collecting the authentication Proof of Possession JWT for a thing and verifying that the JWT`s claims and signature are valid, that the thing's identity exists and that it contains a valid conformation key. If authentication is successful then it will add the username and verified claims to the shared state. It will also modify the resulting session by adding a proof of possession restriction. Any requests accompanied by the resulting session token must be signed, and those signatures must be verified by by the stored confirmation key.
    • Field Detail

      • realm

        protected final Realm realm
      • coreWrapper

        protected final org.forgerock.openam.core.CoreWrapper coreWrapper
      • verifierFactory

        protected final org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory verifierFactory
      • callbackId

        protected final String callbackId
    • Constructor Detail

      • IotAuthenticationNode

        @Inject
        public IotAuthenticationNode​(Realm realm,
                                     IotAuthenticationNode.Config config,
                                     org.forgerock.openam.core.CoreWrapper coreWrapper,
                                     org.forgerock.openam.identity.idm.IdentityUtils identityUtils,
                                     org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory verifierFactory)
        Create an instance of the IotAuthenticationNode.
        Parameters:
        realm - the realm in which to create the node.
        config - the node configuration.
        coreWrapper - wrapper for abstracting core AM functionality.
        identityUtils - an instance of the IdentityUtils.
        verifierFactory - factory for creating JwtProofOfPossessionVerifier.
    • Method Detail

      • process

        public Action process​(TreeContext context)
        Description copied from interface: Node
        Performs processing on the given shared state, which holds all the data gathered by nodes that have already executed as part of this authentication session in the tree.

        This method is invoked when the node is reached in the tree.

        Specified by:
        process in interface Node
        Parameters:
        context - The context of the tree authentication.
        Returns:
        The next action to perform. Must not be null.
      • failureAction

        protected Action failureAction()
      • successAction

        protected Action successAction​(JWK confirmationKey,
                                       org.forgerock.am.iot.JwtProofOfPossessionVerifier.VerifiedClaimSet verifiedClaims,
                                       TreeContext context)
                                throws Exception
        Throws:
        Exception