IdPDevCustomAuthentication
Creating Custom Authentication
With the 2.1.3 IdP release, several helper classes are available which can be used to create and extend custom authentication plug-ins for Shibboleth. One of the major uses for this is to capture bookmarking of the login page by users. Another major use is to skin the login page based on the SP requesting user authentication. Both are handled in a similar manner.
The following code fragment can be placed in your custom login servlet or into the JAAS example servlet in order to determine which SP made the authentication request or that there is no request. It would be located in the servlet service method.
try { application = this.getServletContext(); loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application, request); entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(), HttpServletHelper.getRelyingPartyConfirmationManager(application)); // the entityID value is the unique SP entityID, it can be used to trigger customization // of the login page entityID = entityDescriptor.getEntityID(); DeviceConfig dc; // this line references the open source browser detection bean dc = mobi.javabeans.browserDetector.DeviceConfigDetector.detectCapabilities(request); if (dc.isMobileBrowser() == true) { log.debug("Found mobile browser request [" + dc.getBrowser() + "/" + dc.getManufacturer() + "]"); doMobile = true; } } catch (Exception e) { log.error("Exception determining SP entityID"); if (application == null) { log.error("application is null"); } if (loginContext == null) { log.error("loginContext is null"); } if (entityDescriptor == null) { log.error("entityDescriptor is null"); } // if we get here, then the user has us bookmarked, send them // to a portal page with some SP choices on it redirectToPage(request, response, null, noAuthnRequestPage); return; }
This code also makes use of the Java Mobile Browser Detection project to detect that a mobile browser is accessing the login page. Based on this detection, the IdP can use a specially crafted login page for mobile browsers.