public class DiscoveryFilter extends Object implements org.forgerock.http.Filter
This class performs OpenID Provider Issuer discovery : determine the location of the OpenID Provider based on a given End-User input which can be an e-mail address or a URL Syntax or even a HostName and Port Syntax.
The user input is given
from the query parameters '?discovery=<userInput>'.
Discovery is in two part. The first extracts the host name and a normalized
user input from the given input.
Then, IG verifies if an existing Issuer already exists in the heap
corresponding to the extracted host name. If it exists, reuse it. If not,
IG verifies this host name is not part of an Issuer "supportedDomain".
If the host name belongs to an Issuer supported Domain, this
Issuer is used. Otherwise, discovery process continues...
In the second part, the WebFinger uses the extracted host name,
to get the corresponding OpenID Issuer location which match the selected
type of service ("http://openid.net/specs/connect/1.0/issuer") if it exists.
Based on the returned OpenID Issuer's location, the OpenID well-known
end-point is extracted and the filter builds a Issuer which is
placed in the context and in the heap to be reused if needed.
| Modifier and Type | Method and Description |
|---|---|
org.forgerock.util.promise.Promise<org.forgerock.http.protocol.Response,org.forgerock.util.promise.NeverThrowsException> |
filter(org.forgerock.services.context.Context context,
org.forgerock.http.protocol.Request request,
org.forgerock.http.Handler next) |
public org.forgerock.util.promise.Promise<org.forgerock.http.protocol.Response,org.forgerock.util.promise.NeverThrowsException> filter(org.forgerock.services.context.Context context,
org.forgerock.http.protocol.Request request,
org.forgerock.http.Handler next)
filter in interface org.forgerock.http.FilterCopyright © 2025 Open Identity Platform Community. All rights reserved.