Package org.forgerock.openig.openam
package org.forgerock.openig.openam
Integration classes specifically for ForgeRock Access Management.
-
ClassDescriptionAbstract
Filterbase class providing policy condition advice support.This heaplet represents an instance of anAmServicethat can shared amongst AM related filters such as theSingleSignOnFilterand thePolicyEnforcementFilter.ProvideAmServiceHeaplet'sComponentTypeDefinition.A CRESTFilterthat caches policy decisions.ACapturedUserPasswordContextto store the user's decrypted password.TheCapturedUserPasswordFilteris responsible for retrieving the user password from AM and to decrypt it.Creates and initializes the filter in a heap environment.ProvideCapturedUserPasswordFilter.Heaplet'sComponentTypeDefinition.This filter handles any condition advices returned from AM during a policy evaluation, which one will depend on the policy.Contextimplementation to maintain cross-domain SSO properties.Contextimplementation to hold error details, should an error occur during cross-domain SSO authentication.This filter verifies the presence of a JWT authentication token in the configured cookie name: If the JWT is present then its validity is checked and the request is forwarded to the next handler. If the JWT is not present, then the user-agent is redirected to Access Management via its OAuth2 authorization endpoint, to obtain user authentication.Creates and initialises an authentication filter in a heap environment.ProvideCrossDomainSingleSignOnFilter.Heaplet'sComponentTypeDefinition.Register all the aliases supported by the openig-openam module.APolicyDecisionContextconvey policy decision information to downstream filters and handlers.This filter requests policy decisions from Access Management which evaluates the original URI based on the context and the policies configured, and according to the decisions, allows or denies the current request.Creates and initializes a policy enforcement filter in a heap environment.ProvidePolicyEnforcementFilter.Heaplet'sComponentTypeDefinition.TheRequestResourceUriProviderhas the following configuration:Creates and initializes a RequestResourceUriProvider in a heap environment.ProvideRequestResourceUriProvider.Heaplet'sComponentTypeDefinition.Used to obtain the resource URI to include in policy requests.A scriptable resource URI provider.Creates and initializes a scriptable resource url provider in a heap environment.ProvideScriptableResourceUriProvider.Heaplet'sComponentTypeDefinition.Contextto store Access Management session info and properties.This filter requests user session info from Access Management and stores it on the context for later use.Creates and initialises a session info filter in a heap environment.ProvideSessionInfoFilter.Heaplet'sComponentTypeDefinition.This filter verifies the presence of a SSOToken in the given cookie name.Creates and initialises an authentication filter in a heap environment.ProvideSingleSignOnFilter'sComponentTypeDefinition.TheSsoTokenContextprovides access to the token and user information related to this session.AStsContextconvey the token transformation results to downstream filters and handlers.ATokenTransformationFilteris responsible for transforming a token issued by Access Management into a token of another type.Creates and initializes a token transformation filter in a heap environment.ProvideTokenTransformationFilter.Heaplet'sComponentTypeDefinition.Used by theUserProfileFilterto make the user's profile attributes available in the context.This filter requests user profile attributes from Access Management and stores them in the context for later use.Creates and initialises aUserProfileFilterin a heap environment.ProvideUserProfileFilterHeaplet'sComponentTypeDefinition.Creates and initializes aUserProfileServicein a heap environment.ProvideUserProfileServiceHeaplet'sComponentTypeDefinition.