Oct 16th, 2008, 01:34 PM
Using custom Authentication class
I'm reading the docs for Acegi Security 1.0.7 and I think I'm close to a design for my authentication scheme. I need to hook into Acegi for a SAML SSO integration.
I think I can achieve this by creating an AuthenticationProvider class that will look for an SSO token (in this case, a browser cookie) - if there is one and its valid, user is authenticated, if either is false, redirect to ServiceProvider to initialize SSO.
My problem of the moment is that I don't see how I can access the HttpRequest to fetch the cookie from within the 'authenticate' method.
From what I understand of the framework, I can create an implementation of Authentication (call it SsoCookieAuthentication) that makes the appropriate cookie (or not) available via getCredentials() and I can access the Authentication via:
But how do I configure or code so that the object returned by this call is my SsoCookieAuthentication ? Do I need to write a filter that explicitly creates and sets the Authentication object?
Tags for this Thread