Class SingleSignOnFilter

  • All Implemented Interfaces:
    Filter

    public class SingleSignOnFilter
    extends Object
    implements Filter
    This filter verifies the presence of a SSOToken in the given cookie name. If the request cookie header contains a SSOToken, its validity is verified before the request is forwarded to the next handler.

    If the SSOToken is not valid or if cookie header is not present or empty, then the user-agent is redirected to Access Management login page. Once log in has been successful, the request is forwarded.

    IG appends a query parameter marker in generated redirect in order to determine, when the final redirect comes back without an iPlanetDirectoryPro (iPDP) cookie, if it should trigger a login or just fail because there is a cooke domain issue (properly authenticated on AM, but the iPDP cookie is not propagated back to IG).

     {
        "type": "SingleSignOnFilter",
        "config": {
            "amService"               :    AmService          [REQUIRED]
            "logoutExpression"        :    booleanExpression  [OPTIONAL - a boolean expression that if it evaluates as
                                                                          true, will be used to detect if a logout
                                                                          should be triggered.]
            "defaultLogoutLandingPage":    uriExpression      [OPTIONAL - URI to redirect after a successful logout.]
            "loginEndpoint"           :    uriExpression      [OPTIONAL - URL to redirect to if the AM session is not
                                                                          valid or if AM cookie is not present/empty.
                                                                          The URL of the AmService is used when
                                                                          loginEndpoint is not specified.]
            "authenticationService"   : stringExpression      [OPTIONAL - The name of the AM authentication service to use
                                                                          to authenticate the user. If not supplied then
                                                                          the AM-configured default service is used.]
        }
      }
      
     
    • Constructor Detail

      • SingleSignOnFilter

        public SingleSignOnFilter​(AmService amService,
                                  Realm realm,
                                  Expression<Boolean> logoutExpression,
                                  String defaultLogoutLandingPage,
                                  Expression<String> loginEndpoint,
                                  String authnService)
        Creates a new SingleSignOnFilter.
        Parameters:
        amService - The AmService which manages the login/logout.
        realm - Realm to authenticate the user to
        logoutExpression - The logout expression.
        defaultLogoutLandingPage - The URI to which a request is redirected after the user logs out of AM.
        loginEndpoint - The login endpoint.
        authnService - The AM authentication service to use to authenticate the user - may be null
    • Method Detail

      • filter

        public Promise<Response,​NeverThrowsException> filter​(Context context,
                                                                   Request request,
                                                                   Handler next)
        Description copied from interface: Filter
        Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

        This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

        Specified by:
        filter in interface Filter
        Parameters:
        context - The request context.
        request - The request.
        next - The next filter or handler in the chain to handle the request.
        Returns:
        A Promise representing the response to be returned to the client.