Authentication post process actions
This chapter will guide you through the steps required to implement authentication post process actions.
What is required?
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
- Onegini IDP must have the
Username & password
identity provider configured - Onegini IDP must have the
Email verification required
feature configured inConfiguration->Attributes
section - Onegini IDP must have the
Base URL
filled with extension base url provided inConfiguration->Ui Extension
section
Implementation
In your extension you must implement AuthenticationPostProcessExtension
interface.
This extension point will be called by core when you log in to gather what actions should be done or skipped during application flow.
The response of the AuthenticationPostProcessExtension.determinePostProcessActions()
method should contain a list of PostProcessAction
elements describing required flow modifiers.
For instance to skip email verification, the list should contain PostProcessAction.SKIP_REQUIRED_EMAIL_VERIFICATION,
to perform additional actions after login: AuthenticationPostProcessAction.UI_AUTHENTICATION_POST_PROCESS_REQUIRED.
For this we create such class in extension project
@Service
public class SampleAuthenticationPostProcessExtension implements AuthenticationPostProcessExtension {
@Override
public AuthenticationPostProcessResponseDto determinePostProcessActions(final AuthenticationPostProcessRequestDto requestData) {
final AuthenticationPostProcessResponseDto response = new AuthenticationPostProcessResponseDto();
final List<PostProcessAction> actions = new ArrayList<>();
response.setActions(actions);
if (requestData.getPersonActivityStatus().getLoginCount() <= 1) {
actions.add(AuthenticationPostProcessAction.SKIP_REQUIRED_EMAIL_VERIFICATION);
}
actions.add(AuthenticationPostProcessAction.UI_AUTHENTICATION_POST_PROCESS_REQUIRED);
return response;
}
}
In order to use UnP identity, the list should contain REQUIRE_IDENTITY_UNP
.
Example:
@Override
public AuthenticationPostProcessResponseDto determinePostProcessActions(final AuthenticationPostProcessRequestDto requestData) {
final AuthenticationPostProcessResponseDto response = new AuthenticationPostProcessResponseDto();
final List<AuthenticationPostProcessAction> actions = new ArrayList<>();
response.setActions(actions);
if (requireUnpIdentity) {
actions.add(AuthenticationPostProcessAction.REQUIRE_IDENTITY_UNP);
}
return response;
}
"UI Authentication post process" requires AuthenticationProcessExtension interface to be implemented in ui extension. Simple action may look like:
@Service
public class GenericAuthenticationProcessExtension implements AuthenticationProcessExtension {
private PersistableSessionDto sessionDto;
private static final Logger LOG = getLogger(GenericAuthenticationProcessExtension.class);
@Override
public String authenticationPostProcess(final PersistableSessionDto sessionDto, final Map<String, Object> requiredActionsForPerson) {
this.sessionDto = sessionDto;
LOG.info("Authentication Post Process Actions");
return processActions();
}
private String processActions() {
return "redirect:http://idp-core.dev.onegini.me/post-process-callback?extensionPoint=/authentication-post-process&extensionToken"
+ getToken(sessionDto.getUiCallbackTokens());
}
...
}
Class is provided with PersistableSessionDto and RequiredActionsForPersons objects which provides additional settings that might be required by extension. After performing all actions the ui extension should redirect user back to idp-core to "/post-process-callback" endpoint with parameters that will help core to identify the action that user was redirected from. We also provide token (received from sessionDto) not only to identify the action but also to make core mark action as "finished".
Testing
Skip email verification
Skip email verification can be tested by following below steps:
- On the login screen click register and go through registration process. At the end you should be logged in and see the dashboard.
- Logout of the application. Try to login in again with credentials used on the registration process. After submitting the login form you should see email not verified page.
Ui Authentication post process actions
Authentication post process action can be tested by following steps:
- In admin configuration provide http://idp-core.dev.onegini.me:8183 as base ui extension url
- On the login screen use credentials of existing user to log in or perform registration process.
Check application logs - there should be log "Authentication Post Process Actions" displayed.
Force UnP identity
Forcing required identity can be tested by following steps:
Log in with social IdP
- You should be redirected to username password page. Fill the fields and submit.
- You should see the dashboard. Log out.
- Log in with social IdP.
- You should be logged in.