Writing an Authentication Plugin |
|
The Process Platform Single Sign-On component comes with a plugin for SAML authentication against the Process Platform LDAP backend. If you want to handle SAML requests for another backend, you have to create a custom plugin. Currently only the authentication query is supported, and authorization will be added in future releases. Refer to Authorization for more information.
Authentication plugins have to implementcom.eibus.security.authentication.Authenticator. This API has the following interface:
package com.eibus.security.authentication;
import java.util.Properties;
import com.eibus.security.identity.Credentials;
import com.eibus.security.identity.InvalidCredentialsException;
/**
* The Authenticator interface This interface is implemented for authentication of Identities in the Process Platform The open and close Web
* service operations can be used to implement elements that have the lifetime of the full Autenticator implementation. (Via the
* AuthenticatorFactory a specific implementation is loaded) The authenticate Web service operation does the actual authentication for the
* credentials.
*
* @see com.eibus.security.identity.Identity
* @see com.eibus.security.identity.Credentials
*/
public interface Authenticator
{
/**
* Open the implementation of the Authenticator with properties. It depends on the implementation what properties are expected.
*
* @param props
* The properties used for opening.
* @throws InvalidAuthenticatorException
*/
void open(Properties props) throws InvalidAuthenticatorException;
/**
* Authenticate the credentials with the implementation. Credentials are authentication type specific. It is advised to check wether the
* implementation understands the credentials given (Use instanceof in order to check the type)
*
* @param credentials
* given credentials to authenticate.
* @return true when the authentication credentials are valid, false when the credentials are not valid
* @throws InvalidCredentialsException
* @throws AuthenticationException
* @see com.eibus.security.identity.Credentials
*/
public boolean authenticate(Credentials credentials) throws InvalidCredentialsException, AuthenticationException;
/**
* Close the implementation of the Authenticator
*/
void close();
}