public class SAML2SPSessionCreationStrategy extends Object implements Function<org.opensaml.profile.context.ProfileRequestContext,net.shibboleth.idp.session.SPSession>
SAML2SPSession based on profile execution state.
This strategy is a default approach that uses a RelyingPartyContext via lookup strategy
to obtain a requester value, used as the SPSession's relying party ID. The authentication flow ID
comes from the AuthenticationResult in the
AuthenticationContext.
The session has a creation time based on the time of execution, and the expiration is based on a configurable
lifetime, bounded by the per-SP lifetime setting for the profile.
The SAML 2 specific data is extracted from the first assertion containing an authn statement
found in a Response message located via a lookup strategy, by default the outbound
message context. Failure to locate any of this data will cause a null return value.
| Modifier and Type | Field and Description |
|---|---|
private org.slf4j.Logger |
log
Class logger.
|
private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> |
relyingPartyContextLookupStrategy
RelyingPartyContext lookup strategy.
|
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Response> |
responseLookupStrategy
Response lookup strategy.
|
private long |
sessionLifetime
Lifetime of sessions to create.
|
| Constructor and Description |
|---|
SAML2SPSessionCreationStrategy(long lifetime)
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
net.shibboleth.idp.session.SPSession |
apply(org.opensaml.profile.context.ProfileRequestContext input) |
private Pair<org.opensaml.saml.saml2.core.Assertion,org.opensaml.saml.saml2.core.AuthnStatement> |
getAssertionAndStatement(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
Locate the first assertion and authentication statement, such that the assertion subject
contains a name identifier and the statement contains a session index.
|
void |
setRelyingPartyContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)
Set the strategy used to locate the
RelyingPartyContext to operate on. |
void |
setResponseLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Response> strategy)
Set the strategy used to locate the
Response to operate on. |
@Nonnull private final org.slf4j.Logger log
@Positive @Duration private final long sessionLifetime
@Nonnull private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy
public SAML2SPSessionCreationStrategy(@Positive@Duration long lifetime)
lifetime - lifetime in milliseconds, determines upper bound for expiration of
SAML2SPSession to be createdpublic void setRelyingPartyContextLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)
RelyingPartyContext to operate on.strategy - lookup strategypublic void setResponseLookupStrategy(@Nonnull Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Response> strategy)
Response to operate on.strategy - strategy used to locate the Response to operate on@Nullable public net.shibboleth.idp.session.SPSession apply(@Nullable org.opensaml.profile.context.ProfileRequestContext input)
@Nullable private Pair<org.opensaml.saml.saml2.core.Assertion,org.opensaml.saml.saml2.core.AuthnStatement> getAssertionAndStatement(@Nonnull org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
profileRequestContext - current profile request contextCopyright © 1999–2017 Shibboleth Consortium. All rights reserved.