Retrieving data in custom Authentication class

Hi,

I’m implementing a custom authentication using a SSO custom solution and a custom Authentication class.
Is there a way to intercept the “authenticate” method in my custom Authentication class? When I debug my class code I can intercept only the checkAuth method, so I’m not able to retrieve the user password because I have only the XWikiContext in that method firm.
I’d like to have user credentials because I wish to manage in two separate ways REST calls and normal authentication (via user interface).

Thank you for support.
Kind regards

Well it all depends when and where those user and password are provided. Usually when you have a SSO in front of XWiki you only get some id or token in the request (you usually get it using xcontext.getRequest().getRemoteUser() in your authenticator) and are supposed to use this information to find user details from some service or database.

Yes, I understand, in fact I use SSO for normal user authentication, this case works well as it is already implemented.
My problem is that I want to use basic authentication for REST api calls (I don’t want to pass through SSO), in this case I need to get user name and password in my custom authentication class and in that class I have only XWiki context object.
My custom class is called in both cases.
Thank you for support

Actually in a custom authenticator there is several entry points.

You overwritten checkAuth(XWikiContext context) but in case of BASIC or form authentication you should overwrite authenticate(String username, String password, XWikiContext context). But you need to make sure your checkAuth calls super.checkAuth when you don’t find what you expect in the request so that it fallback on standard system (and end up calling authenticate).

You can take a look at ldap/ldap-authenticator/src/main/java/org/xwiki/contrib/ldap/XWikiLDAPAuthServiceImpl.java at master · xwiki-contrib/ldap · GitHub for inspiration.

1 Like

Thank you! Your suggestion works like a charm!