net.shibboleth.idp.saml.saml1.profile.impl

Class AddAuthenticationStatementToAssertion

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

net.shibboleth.idp.saml.saml1.profile.impl.AddAuthenticationStatementToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, org.opensaml.profile.action.ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class AddAuthenticationStatementToAssertion
extends BaseAddAuthenticationStatementToAssertion

Action that builds an AuthenticationStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId().

The AuthenticationStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The method property will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains an AuthenticationMethodPrincipal from the profile context.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_MSG_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private class	AddAuthenticationStatementToAssertion.AssertionStrategy Default strategy for obtaining assertion to modify.

Field Summary

Fields

Modifier and Type	Field and Description
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml1.core.Assertion>	assertionLookupStrategy Strategy used to locate the Assertion to operate on.
private IdentifierGenerationStrategy	idGenerator The generator to use.
private org.slf4j.Logger	log Class logger.
private Function<org.opensaml.profile.context.ProfileRequestContext,AuthenticationMethodPrincipal>	methodLookupStrategy Strategy used to determine the AuthenticationMethod attribute.

Constructor Summary

Constructors

Constructor and Description
AddAuthenticationStatementToAssertion()

Method Summary

Methods

Modifier and Type	Method and Description
private org.opensaml.saml.saml1.core.AuthenticationStatement	buildAuthenticationStatement(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext) Build the AuthenticationStatement to be added to the Response.
protected void	doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected void	doInitialize()
void	setAssertionLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml1.core.Assertion> strategy) Set the strategy used to locate the Assertion to operate on.
void	setAuthenticationMethodLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,AuthenticationMethodPrincipal> strategy) Set the strategy function to use to obtain the authentication method to use.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

doPreExecute, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

assertionLookupStrategy

@NonnullAfterInit
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml1.core.Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

methodLookupStrategy

@NonnullAfterInit
private Function<org.opensaml.profile.context.ProfileRequestContext,AuthenticationMethodPrincipal> methodLookupStrategy

Strategy used to determine the AuthenticationMethod attribute.

idGenerator

@Nullable
private IdentifierGenerationStrategy idGenerator

The generator to use.

Constructor Detail

AddAuthenticationStatementToAssertion

public AddAuthenticationStatementToAssertion()

Method Detail

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
                              Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml1.core.Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:

strategy - strategy used to locate the Assertion to operate on

setAuthenticationMethodLookupStrategy

public void setAuthenticationMethodLookupStrategy(@Nonnull
                                         Function<org.opensaml.profile.context.ProfileRequestContext,AuthenticationMethodPrincipal> strategy)

Set the strategy function to use to obtain the authentication method to use.

Parameters:

strategy - authentication method lookup strategy

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doExecute

protected void doExecute(@Nonnull
             org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

buildAuthenticationStatement

@Nonnull
private org.opensaml.saml.saml1.core.AuthenticationStatement buildAuthenticationStatement(@Nonnull
                                                                                        org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
                                                                                        @Nullable
                                                                                        RequestedPrincipalContext requestedPrincipalContext)

Build the AuthenticationStatement to be added to the Response.

Parameters:

profileRequestContext - current request context

requestedPrincipalContext - context specifying request requirements for authn method

Returns:

the authentication statement