Menu
▾
▴
Re: [Unity-idm-discuss] custom servlet endpoint authentication
|
From: Terefang V. <ter...@gm...> - 2015-01-23 13:08:24
|
hi!
now i am really stimped, the code in AuthenticatorImpl does not make sense
to me.
i use the following code accordung to the javadoc of the interface
---
for(AuthenticatorInstance authn : authnList)
{
AuthenticatorImpl authenticator = null;
if(!authn.getTypeDescription().isLocal() ||
authn.getLocalCredentialName()==null)
{
// remote auth
authenticator = new AuthenticatorImpl(
identityResolver,
authenticatorsRegistry,
authn.getId(),
authn
);
}
else
{
// local auth
authenticator = new AuthenticatorImpl(
identityResolver,
authenticatorsRegistry,
authn.getId(),
authn,
authn.getVerificatorJsonConfiguration()
);
}
...
}
---
yet AuthenticatorImpl does this:
---
public void updateConfiguration(String rConfiguration, String
vConfiguration, String localCredential)
{
if (rConfiguration == null)
rConfiguration = "";
retrieval.setSerializedConfiguration(rConfiguration);
instanceDescription.setRetrievalJsonConfiguration(rConfiguration);
verificator.setSerializedConfiguration(vConfiguration);
if (!(verificator instanceof LocalCredentialVerificator))
{
instanceDescription.setVerificatorJsonConfiguration(vConfiguration);
} else
{
--->>>
instanceDescription.setVerificatorJsonConfiguration(null);
((LocalCredentialVerificator)verificator).setCredentialName(localCredential);
instanceDescription.setLocalCredentialName(localCredential);
}
}
---
why is the instance-description's config different than the verifiers ?
why does a local verifier have no config ? for a configurable multi-factor
authentication you might want one !
yours,
--
terefang
|
