Package hudson.security

Class FederatedLoginService

java.lang.Object

hudson.security.FederatedLoginService

All Implemented Interfaces:

ExtensionPoint

public abstract class FederatedLoginService
extends Object
implements ExtensionPoint

Abstraction for a login mechanism through external authenticator/identity provider (instead of username/password.)

This extension point adds additional login mechanism for SecurityRealms that authenticate the user via username/password (which typically extends from AbstractPasswordBasedSecurityRealm.) The intended use case is protocols like OpenID, OAuth, and other SSO-like services.

The basic abstraction is that:

• The user can have (possibly multiple, possibly zero) opaque strings to their User object. Such opaque strings are called "identifiers." Think of them as OpenID URLs, twitter account names, etc. Identifiers are only comparable within the same FederatedLoginService implementation.
• After getting authenticated by some means, the user can add additional identifiers to their account. Your implementation would do protocol specific thing to verify that the user indeed owns the claimed identifier, create a FederatedLoginService.FederatedIdentity instance, then call FederatedLoginService.FederatedIdentity.addToCurrentUser() to record such association.
• In the login page, instead of entering the username and password, the user opts for authenticating via other services. Think of OpenID, OAuth, your corporate SSO service, etc. The user proves (by your protocol specific way) that they own some identifier, then create a FederatedLoginService.FederatedIdentity instance, and invoke FederatedLoginService.FederatedIdentity.signin() to sign in that user.

Views

loginFragment.jelly

Injected into the login form page, after the default "login" button but before the "create account" link. Use this to generate a button or a link so that the user can initiate login via your federated login service.

URL Binding

Each FederatedLoginService is exposed to the URL space via Jenkins.getFederatedLoginService(String). So for example if your url name is "openid", this object gets "/federatedLoginService/openid" as the URL.

Since:

1.394

Author:

Kohsuke Kawaguchi

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	FederatedLoginService.FederatedIdentity	Identity information as obtained from FederatedLoginService.
static class	FederatedLoginService.UnclaimedIdentityException	Used in FederatedLoginService.FederatedIdentity.signin() to indicate that the identifier is not currently associated with anyone.

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Constructor Summary

Constructors

Constructor	Description
FederatedLoginService()

Method Summary

Modifier and Type	Method	Description
static ExtensionList<FederatedLoginService>	all()
abstract String	getUrlName()	Returns the url name that determines where this FederatedLoginService is mapped to in the URL space.
abstract Class<? extends FederatedLoginServiceUserProperty>	getUserPropertyClass()	Returns your implementation of FederatedLoginServiceUserProperty that stores opaque identifiers.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

FederatedLoginService

public FederatedLoginService()

Method Details

getUrlName

@NonNull
public abstract String getUrlName()

Returns the url name that determines where this FederatedLoginService is mapped to in the URL space.

The object is bound to /federatedLoginService/URLNAME/. The url name needs to be unique among all FederatedLoginServices.

getUserPropertyClass

@NonNull
public abstract Class<? extends FederatedLoginServiceUserProperty> getUserPropertyClass()

Returns your implementation of FederatedLoginServiceUserProperty that stores opaque identifiers.

all

public static ExtensionList<FederatedLoginService> all()