PingFederate Server

Performing additional validation

The deserializeAsModel() method performs some basic validation on the submitted JSON. Your adapter probably needs to perform more validation and send an AuthnError to the API client if it finds any errors. Here is how the TemplateRenderAdapter validates the names of the provided user attributes:

private void validateSubmittedAttributes(HttpServletRequest req, SubmitUserAttributes submitted) throws AuthnErrorException
{
	if (apiSupport.isApiRequest(req))
	{
		List<AuthnErrorDetail> errorDetails = new ArrayList<>();
		for (String attrName : submitted.getUserAttributes().keySet())
		{
			if (!extendedAttr.contains(attrName))
			{
				errorDetails.add(ErrorDetailSpec.INVALID_ATTRIBUTE_NAME.makeInstanceBuilder()
					.message("Invalid attribute name: " + attrName).build());
			}
		}
		if (!errorDetails.isEmpty())
		{
			AuthnError authnError = CommonErrorSpec.VALIDATION_ERROR.makeInstance();
			authnError.setDetails(errorDetails);
			throw new AuthnErrorException(authnError);
		}
	}
}