The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Architecture Overview

Owned by Former user (Deleted)
Last updated: Sept 23, 2013Version comment
2 min read

Architecture Overview

While the MCB plugs into Shibboleth as a normal login handler by the standard extension mechanism, the way that authentication is handled within the MCB itself follows its own pattern, similar to the OSU IdP extension, and uses the concept of a submodule.

As shown in the Spring Bean Configuration example above, each authentication submodule will be loaded as a bean. Each bean must implement the MCBSubmodule interface:

MCBSubmodule
public interface MCBSubmodule extends BeanNameAware {
	
	/**
	 * Display the necessary login form.
	 * 
	 * @param servlet
	 * @param request
	 * @param response
	 * @return true if the login form display was handled.
	 * @throws AuthenticationException
	 * @throws LoginException
	 */
    boolean displayLogin(MCBLoginServlet servlet, HttpServletRequest request, HttpServletResponse response)
    	throws AuthenticationException, LoginException;

    /**
     * Process the login. Validate credentials and return a true/false success status.
     * 
     * @param servlet
     * @param request
     * @param response
     * @return true if the login was successful.
     * @throws AuthenticationException
     * @throws LoginException
     */
    boolean processLogin(MCBLoginServlet servlet, HttpServletRequest request, HttpServletResponse response)
    	throws AuthenticationException, LoginException;

    /**
     * Called during startup to allow any one-time initialization to occur.
     */
    void init();
    
    public String getBeanName();
}

During authentication, the MCB will execute each submodule as configuration dictates. The submodule is expected to perform authentication and report the result back to the MCB. The MCB will then finish the authentication process if the login was successful. If the login was not successful, then the MCB will decide the next step based on configuration.

Via the servlet parameter, each submodule will have access to helper methods in the MCBLoginServlet such as:

  • doVelocity(HttpServletRequest request, HttpServletResponse response, String templateName, VelocityContext vCtx) – Helper method to display the requested login page to the user.

Each submodule may define an optional constructor and use standard Spring bean wiring to pass constructor arguments in the MCB Spring configuration file. This allows you to specify configuration values such as the name of the velocity template to use.