public class SingleSignOnFilter extends Object implements Filter
If the SSOToken is not valid or if cookie header is not present or empty, then the user-agent is redirected to Access Management login page. Once log in has been successful, the request is forwarded.
IG appends a query parameter marker in generated redirect in order to determine, when the final redirect comes back without an iPlanetDirectoryPro (iPDP) cookie, if it should trigger a login or just fail because there is a cooke domain issue (properly authenticated on AM, but the iPDP cookie is not propagated back to IG).
{
"type": "SingleSignOnFilter",
"config": {
"amService" : AmService [REQUIRED]
"logoutExpression" : booleanExpression [OPTIONAL - a boolean expression that if it evaluates as
true, will be used to detect if a logout
should be triggered.]
"defaultLogoutLandingPage": uriExpression [OPTIONAL - URI to redirect after a successful logout.]
"loginEndpoint" : uriExpression [OPTIONAL - URL to redirect to if the AM session is not
valid or if AM cookie is not present/empty.
The URL of the AmService is used when
loginEndpoint is not specified.]
}
}
Modifier and Type | Class and Description |
---|---|
static class |
SingleSignOnFilter.Heaplet
Creates and initialises an authentication filter in a heap environment.
|
Constructor and Description |
---|
SingleSignOnFilter(AmService amService,
Realm realm,
Expression<Boolean> logoutExpression,
String defaultLogoutLandingPage,
Expression<String> loginEndpoint)
Creates a new SingleSignOnFilter.
|
Modifier and Type | Method and Description |
---|---|
Promise<Response,NeverThrowsException> |
filter(Context context,
Request request,
Handler next)
Filters the request and/or response of an exchange.
|
public SingleSignOnFilter(AmService amService, Realm realm, Expression<Boolean> logoutExpression, String defaultLogoutLandingPage, Expression<String> loginEndpoint)
amService
- The AmService
which manages the login/logout.realm
- Realm to authenticate the user tologoutExpression
- The logout expression.defaultLogoutLandingPage
- The URI to which a request is redirected after the user logs out of AM.loginEndpoint
- The login endpoint.public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
Filter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
Copyright 2011-2017 ForgeRock AS.