ProcessDelegatedAssertion (Shibboleth IdP :: SAML Profile Implementation 3.3.2 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.saml.saml2.profile.delegation.impl.ProcessDelegatedAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, org.opensaml.profile.action.ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
@Prototype
public class ProcessDelegatedAssertion
extends AbstractProfileAction
```
Process the pre-validated inbound Assertion WS-Security token, and set up the resulting NameID for subject canonicalization as the effective subject of the request.
A SubjectCanonicalizationContext is added containing a NameIDPrincipal with the token's NameID.
Event:

AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_SUBJECT

Precondition:
```
assertionTokenStrategy.apply(profileRequestContext).getSubject().getNameID() != null
```
Postcondition:
```
profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
```

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`class`	`ProcessDelegatedAssertion.DefaultC14NRequesterLookupFunction` Default strategy for resolving the requester entityID for SAML subject c14n.

Field Summary

Fields
Modifier and Type	Field and Description
`private org.opensaml.saml.saml2.core.Assertion`	`assertion` The SAML 2 Assertion token being processed.
`private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion>`	`assertionTokenStrategy` Function used to resolve the assertion token to process.
`private org.slf4j.Logger`	`log` Logger.
`private org.opensaml.saml.saml2.core.NameID`	`nameID` The SAML 2 NameID representing the authenticated user.
`private Function<org.opensaml.profile.context.ProfileRequestContext,String>`	`requesterLookupStrategy` Function used to obtain the requester ID, for purposes of Subject c14n.
`private Function<org.opensaml.profile.context.ProfileRequestContext,String>`	`responderLookupStrategy` Function used to obtain the responder ID, for purposes of Subject c14n.

Constructor Summary

Constructors
Constructor and Description

ProcessDelegatedAssertion()
Constructor.

Constructors
Constructor and Description
`ProcessDelegatedAssertion()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)`
`protected boolean`	`doPreExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)`
`void`	`setAssertionTokenStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> strategy)` Set the strategy used to locate the inbound assertion token to process.
`void`	`setRequesterLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)` Set the strategy used to locate the requester ID for subject canonicalization.
`void`	`setResponderLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)` Set the strategy used to locate the responder ID for subject canonicalization.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log
```
private org.slf4j.Logger log
```
Logger.

requesterLookupStrategy

@Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,String> requesterLookupStrategy

Function used to obtain the requester ID, for purposes of Subject c14n.

responderLookupStrategy

@Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,String> responderLookupStrategy

Function used to obtain the responder ID, for purposes of Subject c14n.

assertionTokenStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> assertionTokenStrategy

Function used to resolve the assertion token to process.

assertion

private org.opensaml.saml.saml2.core.Assertion assertion

The SAML 2 Assertion token being processed.

nameID
```
private org.opensaml.saml.saml2.core.NameID nameID
```
The SAML 2 NameID representing the authenticated user.

Constructor Detail
- ProcessDelegatedAssertion
```
public ProcessDelegatedAssertion()
```
  Constructor.

Method Detail

setAssertionTokenStrategy

public void setAssertionTokenStrategy(@Nonnull
                             Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> strategy)

Set the strategy used to locate the inbound assertion token to process.

Parameters:: strategy - lookup strategy

setRequesterLookupStrategy

public void setRequesterLookupStrategy(@Nullable
                              Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)

Set the strategy used to locate the requester ID for subject canonicalization.

Parameters:: strategy - lookup strategy

setResponderLookupStrategy

public void setResponderLookupStrategy(@Nullable
                              Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)

Set the strategy used to locate the responder ID for subject canonicalization.

Parameters:: strategy - lookup strategy

doPreExecute

protected boolean doPreExecute(@Nonnull
                   org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:: doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
             org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:: doExecute in class org.opensaml.profile.action.AbstractProfileAction

Class ProcessDelegatedAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent