Interface OpenIdConnectTokenAuthnContextMapper


  • @SupportedAll
    public interface OpenIdConnectTokenAuthnContextMapper
    OpenIdConnect tokens can include an Authentication Context Class Reference (acr) claim which indicates how the subject asserted by the OIDC token was authenticated. For the rest-sts, this will ultimately be a function of the input token in the token transformation invocation. A default implementation of this interface will be provided, but if users wish to customize the default mappings, or support a specific acr value for a custom token implementation, then they can implement this interface with a classpath-resident class, and specify the name of this class in the OpenIdConnectTokenConfig state associated with the published sts, and that class will be consulted to provide the value of the acr claim corresponding to the input token state.
    • Method Detail

      • getAuthnContextClassReference

        String getAuthnContextClassReference​(TokenTypeId inputTokenType,
                                             JsonValue inputToken)
        Returns the AuthnContext value corresponding to the TokenType inputToken.
        Parameters:
        inputTokenType - The TokenType validated as part of the token transformation
        inputToken - The json representation of the validated token, as presented to the REST STS in the token transformation invocation. This state can be used by custom implementations of this interface to make more elaborate decisions regarding the returned AuthnContext class reference.
        Returns:
        A valid AuthnContext value, as specified in the acr claim here: http://openid.net/specs/openid-connect-core-1_0.html#IDToken