public class DiscoveryFilter extends Object implements Filter
This class performs OpenID Provider Issuer discovery : determine the location of the OpenID Provider based on a given End-User input which can be an e-mail address or a URL Syntax or even a HostName and Port Syntax.
The user input is given
from the query parameters '?discovery=<userInput>'
.
Discovery is in two part. The first extracts the host name and a normalized
user input from the given input.
Then, IG verifies if an existing Issuer
already exists in the heap
corresponding to the extracted host name. If it exists, reuse it. If not,
IG verifies this host name is not part of an Issuer "supportedDomain".
If the host name belongs to an Issuer
supported Domain, this
Issuer
is used. Otherwise, discovery process continues...
In the second part, the WebFinger uses the extracted host name,
to get the corresponding OpenID Issuer location which match the selected
type of service ("http://openid.net/specs/connect/1.0/issuer") if it exists.
Based on the returned OpenID Issuer's location, the OpenID well-known
end-point is extracted and the filter builds a Issuer
which is
placed in the context and in the heap to be reused if needed.
public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
Filter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
Copyright 2011-2015 ForgeRock AS.