Package net.shibboleth.idp.saml.saml1.profile.impl

Class AddAuthenticationStatementToAssertion

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

net.shibboleth.idp.saml.saml1.profile.impl.AddAuthenticationStatementToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class AddAuthenticationStatementToAssertion
extends BaseAddAuthenticationStatementToAssertion

Action that builds an AuthenticationStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId(ProfileRequestContext).

The AuthenticationStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The method property will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains an AuthenticationMethodPrincipal from the profile context.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_MSG_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	AddAuthenticationStatementToAssertion.AssertionStrategy	Default strategy for obtaining assertion to modify.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,Assertion>	assertionLookupStrategy	Strategy used to locate the Assertion to operate on.
private IdentifierGenerationStrategy	idGenerator	The generator to use.
private org.slf4j.Logger	log	Class logger.
private Function<ProfileRequestContext,AuthenticationMethodPrincipal>	methodLookupStrategy	Strategy used to determine the AuthenticationMethod attribute.

Constructor Summary

Constructors

Constructor	Description
AddAuthenticationStatementToAssertion()

Method Summary

Modifier and Type	Method	Description
private AuthenticationStatement	buildAuthenticationStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext)	Build the AuthenticationStatement to be added to the Response.
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected void	doInitialize()
void	setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the Assertion to operate on.
void	setAuthenticationMethodLookupStrategy(Function<ProfileRequestContext,AuthenticationMethodPrincipal> strategy)	Set the strategy function to use to obtain the authentication method to use.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

doPreExecute, getAddressLookupStrategy, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setAddressLookupStrategy, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

assertionLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

methodLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,AuthenticationMethodPrincipal> methodLookupStrategy

Strategy used to determine the AuthenticationMethod attribute.

idGenerator

@Nullable
private IdentifierGenerationStrategy idGenerator

The generator to use.

Constructor Detail

AddAuthenticationStatementToAssertion

public AddAuthenticationStatementToAssertion()

Method Detail

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
                                       Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:

strategy - strategy used to locate the Assertion to operate on

setAuthenticationMethodLookupStrategy

public void setAuthenticationMethodLookupStrategy(@Nonnull
                                                  Function<ProfileRequestContext,AuthenticationMethodPrincipal> strategy)

Set the strategy function to use to obtain the authentication method to use.

Parameters:

strategy - authentication method lookup strategy

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class BaseAddAuthenticationStatementToAssertion

Throws:

ComponentInitializationException

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

buildAuthenticationStatement

@Nonnull
private AuthenticationStatement buildAuthenticationStatement(@Nonnull
                                                             ProfileRequestContext profileRequestContext,
                                                             @Nullable
                                                             RequestedPrincipalContext requestedPrincipalContext)

Build the AuthenticationStatement to be added to the Response.

Parameters:

profileRequestContext - current request context

requestedPrincipalContext - context specifying request requirements for authn method

Returns:

the authentication statement