Package org.forgerock.am.iot
Class IotAuthenticationNode
- java.lang.Object
-
- org.forgerock.am.iot.IotAuthenticationNode
-
- All Implemented Interfaces:
Node
public class IotAuthenticationNode extends Object
This node handles the authentication of things. It is responsible for collecting the authentication Proof of Possession JWT for a thing and verifying that the JWT`s claims and signature are valid, that the thing's identity exists and that it contains a valid conformation key. If authentication is successful then it will add the username and verified claims to the shared state. It will also modify the resulting session by adding a proof of possession restriction. Any requests accompanied by the resulting session token must be signed, and those signatures must be verified by by the stored confirmation key.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
IotAuthenticationNode.AuthenticationOutcomeProvider
Defines the possible outcomes from this node.static interface
IotAuthenticationNode.Config
Configuration for the node.-
Nested classes/interfaces inherited from interface org.forgerock.openam.auth.node.api.Node
Node.Metadata
-
-
Field Summary
Fields Modifier and Type Field Description protected String
callbackId
protected org.forgerock.openam.core.CoreWrapper
coreWrapper
protected static String
FAILURE_OUTCOME
protected Realm
realm
protected static String
SUCCESS_OUTCOME
protected org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory
verifierFactory
-
Constructor Summary
Constructors Constructor Description IotAuthenticationNode(Realm realm, IotAuthenticationNode.Config config, org.forgerock.openam.core.CoreWrapper coreWrapper, org.forgerock.openam.identity.idm.IdentityUtils identityUtils, org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory verifierFactory)
Create an instance of theIotAuthenticationNode
.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Action
failureAction()
protected org.forgerock.am.iot.JwtProofOfPossessionVerifier
jwtVerifier(TreeContext context)
Action
process(TreeContext context)
Performs processing on the given shared state, which holds all the data gathered by nodes that have already executed as part of this authentication session in the tree.protected Action
successAction(JWK confirmationKey, org.forgerock.am.iot.JwtProofOfPossessionVerifier.VerifiedClaimSet verifiedClaims, TreeContext context)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.forgerock.openam.auth.node.api.Node
getAuditEntryDetail, getInputs, getOutputs
-
-
-
-
Field Detail
-
SUCCESS_OUTCOME
protected static final String SUCCESS_OUTCOME
- See Also:
- Constant Field Values
-
FAILURE_OUTCOME
protected static final String FAILURE_OUTCOME
- See Also:
- Constant Field Values
-
realm
protected final Realm realm
-
coreWrapper
protected final org.forgerock.openam.core.CoreWrapper coreWrapper
-
verifierFactory
protected final org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory verifierFactory
-
callbackId
protected final String callbackId
-
-
Constructor Detail
-
IotAuthenticationNode
@Inject public IotAuthenticationNode(Realm realm, IotAuthenticationNode.Config config, org.forgerock.openam.core.CoreWrapper coreWrapper, org.forgerock.openam.identity.idm.IdentityUtils identityUtils, org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory verifierFactory)
Create an instance of theIotAuthenticationNode
.- Parameters:
realm
- the realm in which to create the node.config
- the node configuration.coreWrapper
- wrapper for abstracting core AM functionality.identityUtils
- an instance of the IdentityUtils.verifierFactory
- factory for creating JwtProofOfPossessionVerifier.
-
-
Method Detail
-
process
public Action process(TreeContext context)
Description copied from interface:Node
Performs processing on the given shared state, which holds all the data gathered by nodes that have already executed as part of this authentication session in the tree.This method is invoked when the node is reached in the tree.
-
jwtVerifier
protected org.forgerock.am.iot.JwtProofOfPossessionVerifier jwtVerifier(TreeContext context) throws NodeProcessException
- Throws:
NodeProcessException
-
failureAction
protected Action failureAction()
-
successAction
protected Action successAction(JWK confirmationKey, org.forgerock.am.iot.JwtProofOfPossessionVerifier.VerifiedClaimSet verifiedClaims, TreeContext context) throws Exception
- Throws:
Exception
-
-