public class SingleSignOnFilter extends Object implements Filter
If the SSOToken is not valid or if cookie header is not present or empty, then the user-agent is redirected to Access Management login page. Once log in has been successful, the request is forwarded.
{
"type": "SingleSignOnFilter",
"config": {
"amService" : AmService [REQUIRED*]
"openamUrl" : uriExpression [REQUIRED*]
"cookieName" : String [OPTIONAL - default is
{@link AmService#DEFAULT_COOKIE_NAME}]
"realm" : String [OPTIONAL - default is {@link Realm#ROOT_REALM}]
"amHandler" : handler [OPTIONAL - by default it uses the
'ForgeRockClientHandler' provided in heap.]
"logoutEndpoint" : regexp [OPTIONAL - regular expression to match against the request
path to detect a requested logout.]
"defaultLogoutLandingPage": uriExpression [OPTIONAL - URI to redirect after a successful logout.]
"loginEndpoint" : uriExpression [OPTIONAL - URL to redirect to if the AM session is not
valid or if AM cookie is not present/empty.
openamUrl is used when loginEndpoint is not
specified.]
}
}
(*) One of either openamUrl or amService must be supplied for a configuration to be valid. If amService is set then it takes precedence over any openamUrl, realm and cookieName settings.
Modifier and Type | Class and Description |
---|---|
static class |
SingleSignOnFilter.Heaplet
Creates and initialises an authentication filter in a heap environment.
|
Constructor and Description |
---|
SingleSignOnFilter(AmService amService,
Pattern logoutEndpoint,
String defaultLogoutLandingPage,
Expression<String> loginEndpoint)
Creates a new SingleSignOnFilter.
|
Modifier and Type | Method and Description |
---|---|
Promise<Response,NeverThrowsException> |
filter(Context context,
Request request,
Handler next)
Filters the request and/or response of an exchange.
|
public SingleSignOnFilter(AmService amService, Pattern logoutEndpoint, String defaultLogoutLandingPage, Expression<String> loginEndpoint)
amService
- The AmService
which manages the login/logout.logoutEndpoint
- The logout endpoint.defaultLogoutLandingPage
- The URI to which a request is redirected after the user logs out of AM.loginEndpoint
- The login endpoint.public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
Filter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
Copyright 2011-2017 ForgeRock AS.