public class PopulateBindingAndEndpointContexts extends AbstractProfileAction
SAMLBindingContext and when appropriate the
SAMLEndpointContext based on the inbound request.
If the inbound binding is found in the set of supported bindings, and it is "synchronous", then there is no endpoint (the response is sent directly back to the requester), and an endpoint context is not created. A binding context is created based on the inbound binding.
Otherwise, the endpoint context is populated by constructing a "template" endpoint,
with content based on the inbound request, and relying on an injected EndpointResolver
and an injected list of acceptable bindings.
The binding context is populated based on the computed endpoint's binding, and the
inbound SAMLBindingContext's relay state.
If the outbound binding is an artifact-based binding, then the action also creates
a SAMLArtifactContext populated by settings from the SAMLArtifactConfiguration.
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, SAMLEventIds.ENDPOINT_RESOLUTION_FAILED| Modifier and Type | Field and Description |
|---|---|
private SAMLArtifactConfiguration |
artifactConfiguration
Artifact configuration.
|
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLArtifactContext> |
artifactContextLookupStrategy
Strategy function for access to
SAMLArtifactContext to populate. |
private boolean |
artifactImpliesSecureChannel
Whether an artifact-based binding implies the use of a secure channel.
|
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLBindingContext> |
bindingContextLookupStrategy
Strategy function for access to
SAMLBindingContext to populate. |
private List<org.opensaml.saml.common.binding.BindingDescriptor> |
bindingDescriptors
List of possible bindings, in preference order.
|
private org.opensaml.core.xml.XMLObjectBuilder<?> |
endpointBuilder
Builder for template endpoints.
|
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLEndpointContext> |
endpointContextLookupStrategy
Strategy function for access to
SAMLEndpointContext to populate. |
private org.opensaml.saml.common.binding.EndpointResolver<?> |
endpointResolver
Endpoint resolver.
|
private QName |
endpointType
The type of endpoint to resolve.
|
private Object |
inboundMessage
Optional inbound message.
|
private org.slf4j.Logger |
log
Class logger.
|
private org.opensaml.saml.common.messaging.context.SAMLMetadataContext |
mdContext
Optional metadata for use in endpoint derivation/validation.
|
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLMetadataContext> |
metadataContextLookupStrategy
Strategy function for access to
SAMLMetadataContext for input to resolver. |
private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> |
relyingPartyContextLookupStrategy
Strategy function for access to
RelyingPartyContext. |
private String |
relyingPartyId
Optional RP name for logging.
|
private boolean |
skipValidationSinceSigned
Whether to bypass endpoint validation because message is signed.
|
private boolean |
verified
Is the relying party "verified" in SAML terms?
|
| Constructor and Description |
|---|
PopulateBindingAndEndpointContexts()
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
private org.opensaml.saml.criterion.EndpointCriterion |
buildEndpointCriterion(String unverifiedBinding)
Build a template Endpoint object to use as input criteria to the resolution process and wrap it in
a criterion object.
|
protected void |
doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext) |
protected void |
doInitialize() |
protected boolean |
doPreExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext) |
private boolean |
handleSynchronousRequest(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
Check for an inbound request binding that is synchronous and handle appropriately.
|
void |
setArtifactContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLArtifactContext> strategy)
Set lookup strategy for
SAMLArtifactContext to populate. |
void |
setArtifactImpliesSecureChannel(boolean flag)
Set whether an artifact-based binding implies that the eventual channel for SAML message exchange
will be secured, overriding the integrity and confidentiality properties of the current channel.
|
void |
setBindingContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLBindingContext> strategy)
Set lookup strategy for
SAMLBindingContext to populate. |
void |
setBindings(List<org.opensaml.saml.common.binding.BindingDescriptor> bindings)
Set the bindings to evaluate for use, in preference order.
|
void |
setEndpointContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLEndpointContext> strategy)
Set lookup strategy for
SAMLEndpointContext to populate. |
void |
setEndpointResolver(org.opensaml.saml.common.binding.EndpointResolver<?> resolver)
Set a custom
EndpointResolver to use. |
void |
setEndpointType(QName type)
Set the type of endpoint to resolve, defaults to
<AssertionConsumerService>. |
void |
setMetadataContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLMetadataContext> strategy)
Set lookup strategy for
SAMLMetadataContext for input to resolution. |
void |
setRelyingPartyContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)
Set lookup strategy for
RelyingPartyContext. |
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategygetActivationCondition, setActivationConditiondoPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponsedestroy, doDestroy, initialize, isDestroyed, isInitializedclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitinitialize, isInitialized@Nonnull private final org.slf4j.Logger log
@NonnullAfterInit private org.opensaml.saml.common.binding.EndpointResolver<?> endpointResolver
@Nonnull @NonnullElements private List<org.opensaml.saml.common.binding.BindingDescriptor> bindingDescriptors
@Nonnull private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy
RelyingPartyContext.@Nonnull private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLMetadataContext> metadataContextLookupStrategy
SAMLMetadataContext for input to resolver.@Nonnull private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLBindingContext> bindingContextLookupStrategy
SAMLBindingContext to populate.@Nonnull private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLEndpointContext> endpointContextLookupStrategy
SAMLEndpointContext to populate.@Nonnull private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLArtifactContext> artifactContextLookupStrategy
SAMLArtifactContext to populate.private boolean artifactImpliesSecureChannel
@NonnullAfterInit private org.opensaml.core.xml.XMLObjectBuilder<?> endpointBuilder
@Nullable private SAMLArtifactConfiguration artifactConfiguration
@Nullable private org.opensaml.saml.common.messaging.context.SAMLMetadataContext mdContext
private boolean verified
private boolean skipValidationSinceSigned
public PopulateBindingAndEndpointContexts()
public void setEndpointType(@Nullable QName type)
<AssertionConsumerService>.type - type of endpoint to resolvepublic void setEndpointResolver(@Nonnull org.opensaml.saml.common.binding.EndpointResolver<?> resolver)
EndpointResolver to use.resolver - endpoint resolver to usepublic void setBindings(@Nonnull@NonnullElements List<org.opensaml.saml.common.binding.BindingDescriptor> bindings)
bindings - bindings to considerpublic void setRelyingPartyContextLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)
RelyingPartyContext.strategy - lookup strategypublic void setMetadataContextLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLMetadataContext> strategy)
SAMLMetadataContext for input to resolution.strategy - lookup strategypublic void setBindingContextLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLBindingContext> strategy)
SAMLBindingContext to populate.strategy - lookup strategypublic void setEndpointContextLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLEndpointContext> strategy)
SAMLEndpointContext to populate.strategy - lookup strategypublic void setArtifactContextLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLArtifactContext> strategy)
SAMLArtifactContext to populate.strategy - lookup strategypublic void setArtifactImpliesSecureChannel(boolean flag)
This has the effect of suppressing signing and encryption when an artifact binding is used, which is normally desirable.
Defaults to true.
flag - flag to setprotected void doInitialize()
throws ComponentInitializationException
doInitialize in class AbstractInitializableComponentComponentInitializationExceptionprotected boolean doPreExecute(@Nonnull org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileActionprotected void doExecute(@Nonnull org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
doExecute in class org.opensaml.profile.action.AbstractProfileActionprivate boolean handleSynchronousRequest(@Nonnull org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
profileRequestContext - profile request context@Nonnull private org.opensaml.saml.criterion.EndpointCriterion buildEndpointCriterion(@Nonnull@NotEmpty String unverifiedBinding)
unverifiedBinding - default binding to use for an unverified requester with no Binding specifiedCopyright © 1999–2017 Shibboleth Consortium. All rights reserved.