Closed
Description
Implementations of Saml2AuthenticationRequestFactory may need additional context other than what Saml2AuthenticationRequestContext gives by default.
For example, it is at times desirable to force authentication by setting the ForceAuthN attribute in the AuthnRequest message. In an implementation of Saml2AuthenticationRequestFactory, an application would need to hard-code this setting or use a global variable to adjust it:
public class MySaml2AuthenticationRequestFactory
implements Saml2AuthenticationRequestFactory {
// ...
public Saml2PostAuthenticationRequest createPostAuthenticationRequest(
Saml2AuthenticationRequestContext context) {
AuthnRequest authnRequest = // ...
if (SomeHolder.shouldForceAuthn()) {
authnRequest.setForceAuthN(true);
}
// ...
}
}It would be better if Saml2AuthenticationRequestContext could be extended, allowing applications to pass additional context into the method:
Saml2AuthenticationRequestContext context = new MyContext(...);
// ....
AuthnRequest authnRequest = // ...
if (context.isForceAuthn()) {
authnRequest.setForceAuthN(true);
}
// ...Saml2AuthenticationRequestContext should be enhanced in the following ways:
- It should no longer be
final - Its constructor should be
protected