Apex Developer Guide
jNewer Version Available
MyDomainLoginDiscoveryHandler Interface
Namespace
Usage
Implement MyDomainLoginDiscoveryHandler to let My Domain users log in with something other than their username and password. This handler contains the logic to look up the user based on the identifier value entered on the login page. The Auth.MyDomainLoginDiscoveryHandler.login method is invoked when the identifier page is submitted and finds the user that corresponds to the submitted identifier. The Auth.SessionManagement.finishLoginDiscovery method sends the user to the authentication mechanism and then logs in the user.
Register the handler from the My Domain Setup page. Under Authentication Configuration, select the Discovery Login Page Type. For Login Discovery Handler, select this handler from the list of Apex classes.
For an example, see MyDomainLoginDiscoveryHandler Example Implementation. For more details, search for My Domain Login Discovery in Salesforce Help.
MyDomainLoginDiscoveryHandler Method
MyDomainLoginDiscoveryHandler has the following method.
login(identifier, startUrl, requestAttributes)
Signature
public System.PageReference login(String identifier, String startUrl, Map<String,String> requestAttributes)
Parameters
- identifier
- Type: String
- Identifier the Salesforce user entered at the login prompt, for example, an email address or phone number.
- startUrl
- Type: String
- The page users see after successfully logging in to the My Domain subdomain.
- requestAttributes
- Type: Map <String, String>
- Information about the login request based on the user’s browser state when accessing the login page. requestAttributes passes in the MyDomainUrl, IpAddress, UserAgent, Platform, Application, City, Country, and Subdivision values. The City, Country, and Subdivision values come from IP address geolocation.
Return Value
Type: System.PageReference
The URL of the page where the user is redirected to complete authentication.
Example
Here’s a sample requestAttributes response.
1CommunityUrl=http://my-dev-ed.my.salesforce.com:5555/discover
2IpAddress=55.255.0.0
3UserAgent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15
4Platform=Mac OSX
5Application=Browser
6City=San Mateo
7Country=United States
8Subdivision=CaliforniaMyDomainLoginDiscoveryHandler Example Implementation
Here's an example of the Auth.MyDomainLoginDiscoveryHandler interface. This sample class contains the default logic for My Domain login discovery using password authentication. You can customize the code to ensure it meets your needs. The requestAttributes parameter provides additional information that you can use in the discovery logic. Attributes include MyDomainUrl, IpAddress, UserAgent, and location information (such as Country and City). Use Auth.DiscoveryCustomErrorException to throw custom errors to display on the login page.
To implement this interface, the My Domain login page type must be set to Discovery.
1// This sample class contains the default logic for My Domain login discovery by password.
2// You can customize the code to ensure it meets your needs. The requestAttributes parameter
3// provides additional information you can use in the discovery logic. Attributes include MyDomainUrl,
4// IpAddress, UserAgent, and location information (such as Country and City).
5// Use Auth.DiscoveryCustomErrorException to throw custom errors which will be shown on login page.
6 global class MyDomainDiscLoginDefaultHandler implements Auth.MyDomainLoginDiscoveryHandler {
7 global PageReference login(String identifier, String startUrl, Map<String, String> requestAttributes)
8{
9 if (identifier != null) {
10 // Search for user by email
11 List<User> users = [SELECT Id FROM User WHERE Email = :identifier AND IsActive = TRUE];
12 if (!users.isEmpty() && users.size() == 1) {
13 return discoveryResult(users[0], startUrl, requestAttributes);
14 } else {
15 throw new Auth.LoginDiscoveryException('No unique user found. User count=' + users.size());
16 }
17 }
18 throw new Auth.LoginDiscoveryException('Invalid Identifier');
19 }
20 private PageReference getSsoRedirect(User user, String startUrl, Map<String, String> requestAttributes) {
21 // You can look up if the user should log in with SAML or an Auth Provider and return the URL to initialize SSO. For example:
22 // SamlSsoConfig SSO = [select Id from SamlSsoConfig where DeveloperName='SamlTest' limit 1];
23 // String ssoUrl = Auth.AuthConfiguration.getSamlSsoUrl(requestAttributes.get('MyDomainUrl'), startUrl, SSO.Id);
24 // return new PageReference(ssoUrl);
25 return null;
26 }
27 private PageReference discoveryResult(User user, String startUrl, Map<String, String> requestAttributes)
28 {
29 PageReference ssoRedirect = getSsoRedirect(user, startUrl, requestAttributes);
30 if (ssoRedirect != null) {
31 return ssoRedirect;
32 }
33 else {
34 return Auth.SessionManagement.finishLoginDiscovery(Auth.LoginDiscoveryMethod.password, user.Id);
35 }
36 }
37}Test Class for MyDomainDiscLoginDefaultHandler Class
The following is the test class for MyDomainDiscoveryLoginHandler. For the test to work, your org must have the My Domain login page type set to Discovery.
1// Test class for MyDomainDiscLoginDefaultHandler
2@isTest
3class MyDomainDiscLoginDefaultHandlerTest {
4 /* Test Discoverable handler login.
5 Create a user with specific email identifier and invoke login.
6 Expected : User should be discovered and pagereference should be returned.
7 */
8 @isTest static void testLogin() {
9 // Create user
10 String identifierEmail = getUniqueName() + '@test.org';
11 createTestUser(identifierEmail);
12 Map<String, String> requestAttributes = new Map<String, String>();
13 String startUrl = '';
14 MyDomainDiscLoginDefaultHandler myDomainDiscLoginDefaultHandler = new MyDomainDiscLoginDefaultHandler();
15 // Invoke login method from handler with the email of user created
16 PageReference pageReference = myDomainDiscLoginDefaultHandler.login(identifierEmail, startUrl, requestAttributes);
17 // Asser page reference is returned
18 System.assertNotEquals(null, pageReference, 'Page reference was not returned');
19 }
20 /* Test Discoverable handler login with invalid (non-existing) user.
21 Expected : Auth.LoginDiscoveryException
22 */
23 @isTest static void testLoginWithInvalidUser() {
24 try {
25 Map<String, String> requestAttributes = new Map<String, String>();
26 String startUrl = '';
27 String uniqueName = getUniqueName();
28 String email = uniqueName + '@test.org';
29 MyDomainDiscLoginDefaultHandler myDomainDiscLoginDefaultHandler = new MyDomainDiscLoginDefaultHandler();
30 // Invoke login method from handler with non-existing user
31 myDomainDiscLoginDefaultHandler.login(email, startUrl, requestAttributes);
32 }catch (Auth.LoginDiscoveryException loginDiscoveryException) {
33 // Assert exception message
34 System.assert(loginDiscoveryException.getMessage().contains('No unique user found'), 'message=' + loginDiscoveryException.getMessage());
35 }
36 }
37 /*
38 Generate a random name
39 */
40 private static String getUniqueName() {
41 String orgId = UserInfo.getOrganizationId();
42 String dateString = String.valueof(Datetime.now()).replace(' ','').replace(':','').replace('-','');
43 Integer randomInt = Integer.valueOf(math.rint(math.random()*1000000));
44 String uniqueName = orgId + dateString + randomInt;
45 return uniqueName;
46 }
47 /*
48 Create user with given email.
49 */
50 private static void createTestUser(String identifierEmail)
51 {
52 String uniqueName = getUniqueName();
53 Profile pf = [SELECT Id FROM Profile WHERE Name='Standard User'];
54 String profileID = pf.Id;
55 String fName = 'fname';
56 String lName = uniqueName + '-lname';
57 User tuser = new User( firstname = fName,
58 lastName = lName,
59 email = identifierEmail,
60 Username = uniqueName + '@test.org',
61 EmailEncodingKey = 'ISO-8859-1',
62 Alias = uniqueName.substring(18, 23),
63 TimeZoneSidKey = 'America/Los_Angeles',
64 LocaleSidKey = 'en_US',
65 LanguageLocaleKey = 'en_US',
66 ProfileId = profileID);
67 insert tuser;
68 }
69}