Package net.shibboleth.idp.saml.profile.impl

Class InitializeAuthenticationContext

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class InitializeAuthenticationContext
extends AbstractProfileAction

An action that creates an AuthenticationContext and attaches it to the current ProfileRequestContext.

If the incoming message is a SAML 2.0 AuthnRequest, then basic authentication policy (IsPassive, ForceAuthn, Scoping) is copied into the context from the request.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.ACCESS_DENIED

Postcondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class) != true, SAML 2.0 AuthnRequest policy flags are (optionally) copied to the AuthenticationContext

Field Summary

Fields

Modifier and Type	Field	Description
private AuthnRequest	authnRequest	Incoming SAML 2.0 request, if present.
private Predicate<ProfileRequestContext>	forceAuthnPredicate	Extracts forceAuthn property from profile config.
private Predicate<ProfileRequestContext>	ignoreScopingPredicate	Extracts ignoreScoping property from profile config.
private org.slf4j.Logger	log	Class logger.
private Function<ProfileRequestContext,Integer>	proxyCountLookupStrategy	Strategy used to determine proxy count from configuration.
private Function<ProfileRequestContext,RelyingPartyContext>	relyingPartyContextLookupStrategy	Strategy used to look up a RelyingPartyContext for configuration options.
private Function<ProfileRequestContext,AuthnRequest>	requestLookupStrategy	Strategy used to locate the AuthnRequest to operate on, if any.

Constructor Summary

Constructors

Constructor	Description
InitializeAuthenticationContext()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
private boolean	processScoping(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)	Check an inbound AuthnRequest for a Scoping element.
void	setForceAuthnPredicate(Predicate<ProfileRequestContext> condition)	Set the predicate to apply to derive the message-independent forced authn default.
void	setIgnoreScopingPredicate(Predicate<ProfileRequestContext> condition)	Set the predicate to apply to determine whether to ignore any inbound Scoping element.
void	setProxyCountLookupStrategy(Function<ProfileRequestContext,Integer> strategy)	Set the lookup function to apply to derive the proxy count from the configuration.
void	setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,RelyingPartyContext> strategy)	Set the strategy used to return the RelyingPartyContext for configuration options.
void	setRequestLookupStrategy(Function<ProfileRequestContext,AuthnRequest> strategy)	Set the strategy used to locate the AuthnRequest to examine, if any.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

relyingPartyContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy used to look up a RelyingPartyContext for configuration options.

forceAuthnPredicate

@Nonnull
private Predicate<ProfileRequestContext> forceAuthnPredicate

Extracts forceAuthn property from profile config.

ignoreScopingPredicate

@Nonnull
private Predicate<ProfileRequestContext> ignoreScopingPredicate

Extracts ignoreScoping property from profile config.

proxyCountLookupStrategy

@Nullable
private Function<ProfileRequestContext,Integer> proxyCountLookupStrategy

Strategy used to determine proxy count from configuration.

requestLookupStrategy

@Nonnull
private Function<ProfileRequestContext,AuthnRequest> requestLookupStrategy

Strategy used to locate the AuthnRequest to operate on, if any.

authnRequest

@Nullable
private AuthnRequest authnRequest

Incoming SAML 2.0 request, if present.

Constructor Detail

InitializeAuthenticationContext

public InitializeAuthenticationContext()

Constructor.

Method Detail

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to return the RelyingPartyContext for configuration options.

Parameters:

strategy - lookup strategy

Since:

4.0.0

setForceAuthnPredicate

public void setForceAuthnPredicate(@Nonnull
                                   Predicate<ProfileRequestContext> condition)

Set the predicate to apply to derive the message-independent forced authn default.

Parameters:

condition - condition to set

Since:

3.4.0

setIgnoreScopingPredicate

public void setIgnoreScopingPredicate(@Nonnull
                                      Predicate<ProfileRequestContext> condition)

Set the predicate to apply to determine whether to ignore any inbound Scoping element.

Parameters:

condition - condition to set

Since:

4.0.0

setProxyCountLookupStrategy

public void setProxyCountLookupStrategy(@Nonnull
                                        Function<ProfileRequestContext,Integer> strategy)

Set the lookup function to apply to derive the proxy count from the configuration.

Parameters:

strategy - lookup strategy

Since:

4.0.0

setRequestLookupStrategy

public void setRequestLookupStrategy(@Nonnull
                                     Function<ProfileRequestContext,AuthnRequest> strategy)

Set the strategy used to locate the AuthnRequest to examine, if any.

Parameters:

strategy - strategy used to locate the AuthnRequest

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

processScoping

private boolean processScoping(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               AuthenticationContext authenticationContext)

Check an inbound AuthnRequest for a Scoping element.

Parameters:

profileRequestContext - current profile request context

authenticationContext - the context to populate

Returns:

true iff processing should continue