Package net.shibboleth.idp.saml.profile.impl

Class PopulateBindingAndEndpointContexts

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class PopulateBindingAndEndpointContexts
extends AbstractProfileAction

Action that populates the outbound SAMLBindingContext and when appropriate the SAMLEndpointContext based on the inbound request.

If the inbound binding is found in the set of supported bindings, and it is "synchronous", then there is no endpoint (the response is sent directly back to the requester), and an endpoint context is not created. A binding context is created based on the inbound binding.

Otherwise, the endpoint context is populated by constructing a "template" endpoint, with content based on the inbound request, and relying on an injected EndpointResolver and an injected list of acceptable bindings.

The binding context is populated based on the computed endpoint's binding, and the inbound SAMLBindingContext's relay state.

If the outbound binding is an artifact-based binding, then the action also creates a SAMLArtifactContext populated by settings from the SAMLArtifactConfiguration.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, SAMLEventIds.ENDPOINT_RESOLUTION_FAILED

Field Summary

Fields

Modifier and Type	Field	Description
private SAMLArtifactConfiguration	artifactConfiguration	Artifact configuration.
private Function<ProfileRequestContext,SAMLArtifactContext>	artifactContextLookupStrategy	Strategy function for access to SAMLArtifactContext to populate.
private boolean	artifactImpliesSecureChannel	Whether an artifact-based binding implies the use of a secure channel.
private Function<ProfileRequestContext,BestMatchLocationCriterion>	bestMatchCriterionLookupStrategy	Optional strategy function to obtain a BestMatchLocationCriterion to inject.
private Function<ProfileRequestContext,SAMLBindingContext>	bindingContextLookupStrategy	Strategy function for access to SAMLBindingContext to populate.
private List<BindingDescriptor>	bindingDescriptors	List of possible bindings, in preference order.
private Function<ProfileRequestContext,List<BindingDescriptor>>	bindingDescriptorsLookupStrategy	Lookup strategy for bindings.
private XMLObjectBuilder<?>	endpointBuilder	Builder for template endpoints.
private Function<ProfileRequestContext,SAMLEndpointContext>	endpointContextLookupStrategy	Strategy function for access to SAMLEndpointContext to populate.
private EndpointResolver<?>	endpointResolver	Endpoint resolver.
private QName	endpointType	The type of endpoint to resolve.
private Object	inboundMessage	Optional inbound message.
private org.slf4j.Logger	log	Class logger.
private SAMLMetadataContext	mdContext	Optional metadata for use in endpoint derivation/validation.
private Function<ProfileRequestContext,SAMLMetadataContext>	metadataContextLookupStrategy	Strategy function for access to SAMLMetadataContext for input to resolver.
private Function<ProfileRequestContext,RelyingPartyContext>	relyingPartyContextLookupStrategy	Strategy function for access to RelyingPartyContext.
private String	relyingPartyId	Optional RP name for logging.
private boolean	skipValidationSinceSigned	Whether to bypass endpoint validation because message is signed.
private boolean	verified	Is the relying party "verified" in SAML terms?

Constructor Summary

Constructors

Constructor	Description
PopulateBindingAndEndpointContexts()	Constructor.

Method Summary

Modifier and Type	Method	Description
private EndpointCriterion<?>	buildEndpointCriterion(String unverifiedBinding)	Build a template Endpoint object to use as input criteria to the resolution process and wrap it in a criterion object.
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
private boolean	handleSynchronousRequest(ProfileRequestContext profileRequestContext)	Check for an inbound request binding that is synchronous and handle appropriately.
void	setArtifactContextLookupStrategy(Function<ProfileRequestContext,SAMLArtifactContext> strategy)	Set lookup strategy for SAMLArtifactContext to populate.
void	setArtifactImpliesSecureChannel(boolean flag)	Set whether an artifact-based binding implies that the eventual channel for SAML message exchange will be secured, overriding the integrity and confidentiality properties of the current channel.
void	setBestMatchCriterionLookupStrategy(Function<ProfileRequestContext,BestMatchLocationCriterion> strategy)	Set lookup strategy for BestMatchLocationCriterion to inject.
void	setBindingContextLookupStrategy(Function<ProfileRequestContext,SAMLBindingContext> strategy)	Set lookup strategy for SAMLBindingContext to populate.
void	setBindingDescriptorsLookupStrategy(Function<ProfileRequestContext,List<BindingDescriptor>> strategy)	Set lookup strategy to return the bindings to evaluate for use, in preference order.
void	setEndpointContextLookupStrategy(Function<ProfileRequestContext,SAMLEndpointContext> strategy)	Set lookup strategy for SAMLEndpointContext to populate.
void	setEndpointResolver(EndpointResolver<?> resolver)	Set a custom EndpointResolver to use.
void	setEndpointType(QName type)	Set the type of endpoint to resolve, defaults to <AssertionConsumerService>.
void	setMetadataContextLookupStrategy(Function<ProfileRequestContext,SAMLMetadataContext> strategy)	Set lookup strategy for SAMLMetadataContext for input to resolution.
void	setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,RelyingPartyContext> strategy)	Set lookup strategy for RelyingPartyContext.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

endpointType

@Nonnull
private QName endpointType

The type of endpoint to resolve.

endpointResolver

@NonnullAfterInit
private EndpointResolver<?> endpointResolver

Endpoint resolver.

bindingDescriptorsLookupStrategy

@Nonnull
private Function<ProfileRequestContext,List<BindingDescriptor>> bindingDescriptorsLookupStrategy

Lookup strategy for bindings.

relyingPartyContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy function for access to RelyingPartyContext.

metadataContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,SAMLMetadataContext> metadataContextLookupStrategy

Strategy function for access to SAMLMetadataContext for input to resolver.

bindingContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,SAMLBindingContext> bindingContextLookupStrategy

Strategy function for access to SAMLBindingContext to populate.

endpointContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,SAMLEndpointContext> endpointContextLookupStrategy

Strategy function for access to SAMLEndpointContext to populate.

artifactContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,SAMLArtifactContext> artifactContextLookupStrategy

Strategy function for access to SAMLArtifactContext to populate.

bestMatchCriterionLookupStrategy

@Nullable
private Function<ProfileRequestContext,BestMatchLocationCriterion> bestMatchCriterionLookupStrategy

Optional strategy function to obtain a BestMatchLocationCriterion to inject.

bindingDescriptors

@Nonnull
@NonnullElements
private List<BindingDescriptor> bindingDescriptors

List of possible bindings, in preference order.

artifactImpliesSecureChannel

private boolean artifactImpliesSecureChannel

Whether an artifact-based binding implies the use of a secure channel.

endpointBuilder

@NonnullAfterInit
private XMLObjectBuilder<?> endpointBuilder

Builder for template endpoints.

artifactConfiguration

@Nullable
private SAMLArtifactConfiguration artifactConfiguration

Artifact configuration.

inboundMessage

@Nullable
private Object inboundMessage

Optional inbound message.

relyingPartyId

@Nullable
private String relyingPartyId

Optional RP name for logging.

mdContext

@Nullable
private SAMLMetadataContext mdContext

Optional metadata for use in endpoint derivation/validation.

verified

private boolean verified

Is the relying party "verified" in SAML terms?

skipValidationSinceSigned

private boolean skipValidationSinceSigned

Whether to bypass endpoint validation because message is signed.

Constructor Detail

PopulateBindingAndEndpointContexts

public PopulateBindingAndEndpointContexts()

Constructor.

Method Detail

setEndpointType

public void setEndpointType(@Nullable
                            QName type)

Set the type of endpoint to resolve, defaults to <AssertionConsumerService>.

Parameters:

type - type of endpoint to resolve

setEndpointResolver

public void setEndpointResolver(@Nonnull
                                EndpointResolver<?> resolver)

Set a custom EndpointResolver to use.

Parameters:

resolver - endpoint resolver to use

setBindingDescriptorsLookupStrategy

public void setBindingDescriptorsLookupStrategy(@Nonnull
                                                Function<ProfileRequestContext,List<BindingDescriptor>> strategy)

Set lookup strategy to return the bindings to evaluate for use, in preference order.

Parameters:

strategy - lookup strategy

Since:

4.0.0

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,RelyingPartyContext> strategy)

Set lookup strategy for RelyingPartyContext.

Parameters:

strategy - lookup strategy

setMetadataContextLookupStrategy

public void setMetadataContextLookupStrategy(@Nonnull
                                             Function<ProfileRequestContext,SAMLMetadataContext> strategy)

Set lookup strategy for SAMLMetadataContext for input to resolution.

Parameters:

strategy - lookup strategy

setBindingContextLookupStrategy

public void setBindingContextLookupStrategy(@Nonnull
                                            Function<ProfileRequestContext,SAMLBindingContext> strategy)

Set lookup strategy for SAMLBindingContext to populate.

Parameters:

strategy - lookup strategy

setEndpointContextLookupStrategy

public void setEndpointContextLookupStrategy(@Nonnull
                                             Function<ProfileRequestContext,SAMLEndpointContext> strategy)

Set lookup strategy for SAMLEndpointContext to populate.

Parameters:

strategy - lookup strategy

setArtifactContextLookupStrategy

public void setArtifactContextLookupStrategy(@Nonnull
                                             Function<ProfileRequestContext,SAMLArtifactContext> strategy)

Set lookup strategy for SAMLArtifactContext to populate.

Parameters:

strategy - lookup strategy

setBestMatchCriterionLookupStrategy

public void setBestMatchCriterionLookupStrategy(@Nullable
                                                Function<ProfileRequestContext,BestMatchLocationCriterion> strategy)

Set lookup strategy for BestMatchLocationCriterion to inject.

Parameters:

strategy - lookup strategy

setArtifactImpliesSecureChannel

public void setArtifactImpliesSecureChannel(boolean flag)

Set whether an artifact-based binding implies that the eventual channel for SAML message exchange will be secured, overriding the integrity and confidentiality properties of the current channel.

This has the effect of suppressing signing and encryption when an artifact binding is used, which is normally desirable.

Defaults to true.

Parameters:

flag - flag to set

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

handleSynchronousRequest

private boolean handleSynchronousRequest(@Nonnull
                                         ProfileRequestContext profileRequestContext)

Check for an inbound request binding that is synchronous and handle appropriately.

Parameters:

profileRequestContext - profile request context

Returns:

true iff a synchronous binding was handled

buildEndpointCriterion

@Nonnull
private EndpointCriterion<?> buildEndpointCriterion(@Nonnull @NotEmpty
                                                    String unverifiedBinding)

Build a template Endpoint object to use as input criteria to the resolution process and wrap it in a criterion object.

Parameters:

unverifiedBinding - default binding to use for an unverified requester with no Binding specified

Returns:

criterion to give to resolver