This feature depends on V3.4.0 of the IdP software.
Current File(s): conf/authn/function-authn-config.xml
Format: Native Spring
The authn/Function login flow is an extension point that allows authentication to be handled by a deployer-supplied Function object, which can be written in Java, a scripting language, etc. It simplifies authoring certain kinds of custom login flows (essentially it provides the "flow" part) and potentially simpifies some MultiFactorAuthnConfiguration scenarios by moving some of the logic into a separate component.
Use authn/function-authn-config.xml to configure this flow. Only a couple of beans are defined, chiefly the core of the flow, a required bean named shibboleth.authn.Function.ResultLookupStrategy, of type Function<ProfileRequestContext,Object>
If the function returns a null, then authentication fails (this is how to signal a controlled failure). Otherwise, the function can return a String (the username), a Principal, or a Subject, and the system will construct an appropriate AuthenticationResult around whatever is returned.
|shibboleth.authn.Function.resultLookupStrategy||Function<ProfileRequestContext,Object>||A function to produce the authentication result (see above)|
|An optional bean that can be defined to control whether to preserve the authentication result in an IdP session|
|shibboleth.authn.Function.addDefaultPrincipals||Boolean||true||Whether to add the content of the |
supportedPrincipals property of the underlying flow descriptor to the resulting Subject