Package org.forgerock.openig.assertion.plugin

Interface IdentityAssertionPlugin

All Known Implementing Classes:
KerberosIdentityAssertionPlugin, ScriptableIdentityAssertionPlugin
public interface IdentityAssertionPlugin
Implementations of this interface carry out some user processing and returns the claims that should be included in the Identity Assertion JWT in the IdentityAssertionClaims. The processing may include some form of local authentication and/or authorization.

An IdentityRequestJwtContext is passed through to the plugin and contains any claims provided in the Identity Request JWT via IdentityRequestJwtContext.dataClaims().

If there is an issue during processing then throw an IdentityAssertionPluginException, the error message will be used to generate the assertionError claim.

  • Method Details

    • preProcessingFilter

      default Filter preProcessingFilter()
      Return a Filter to deal with any pre-processing requirements such as challenging the user for credentials by returning a WWW-Authenticate header. The default implementation simply calls the next Handler without doing any processing. This filter is only triggered after the Identity Request JWT has been validated.
      Returns:
      a Filter to deal with any pre-processing requirements.

    • process

      Promise<IdentityAssertionClaims,IdentityAssertionPluginException> process(Context context, Request request)
      Preform some processing and return a set of claims to be returned in the Identity Assertion JWT. The processing may include some form of local authentication and/or authorization.
      Parameters:
      context - The context.
      request - The request.
      Returns:
      An IdentityAssertionClaims promise that represents claims to be returned in the Assertion JWT.