Package net.shibboleth.idp.saml.saml2.profile.delegation.impl

Class AddAuthnStatementToAssertionFromInboundAssertionToken

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.saml2.profile.delegation.impl.AddAuthnStatementToAssertionFromInboundAssertionToken

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

@Prototype
public class AddAuthnStatementToAssertionFromInboundAssertionToken
extends AbstractProfileAction

Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

This action is designed specifically to be used with SAML 2 delegation. The AuthnStatement will be cloned directly from the inbound Assertion token obtained from via the setAssertionTokenStrategy(Function).

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId(ProfileRequestContext).

Event:

EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, EventIds.MESSAGE_PROC_ERROR

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	AddAuthnStatementToAssertionFromInboundAssertionToken.AssertionStrategy	Default strategy for obtaining assertion to modify.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,Assertion>	assertionLookupStrategy	Strategy used to locate the Assertion to operate on.
private Function<ProfileRequestContext,Assertion>	assertionTokenStrategy	Function used to resolve the inbound assertion token to process.
private IdentifierGenerationStrategy	idGenerator	The generator to use.
private Function<ProfileRequestContext,IdentifierGenerationStrategy>	idGeneratorLookupStrategy	Strategy used to locate the IdentifierGenerationStrategy to use.
private String	issuerId	EntityID to populate as assertion issuer.
private Function<ProfileRequestContext,String>	issuerLookupStrategy	Strategy used to obtain the assertion issuer value.
private org.slf4j.Logger	log	Class logger.
private AuthnStatement	sourceStatement	The authentication statement which is to be cloned into the new Assertion.
private boolean	statementInOwnAssertion	Whether the generated authentication statement should be placed in its own assertion or added to one if it exists.

Constructor Summary

Constructors

Constructor	Description
AddAuthnStatementToAssertionFromInboundAssertionToken()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
IdentifierGenerationStrategy	getIdGenerator()	Get the IdentifierGenerationStrategy to use if an assertion must be created.
String	getIssuerId()	Get the issuer name to use if an assertion must be created.
protected AuthnStatement	getNewAuthnStatement()	Obtain the new AuthnStatement to add by cloning the inbound token's statement which was previously stored.
boolean	isStatementInOwnAssertion()	Set whether the generated statement should be placed in its own assertion or added to one if it exists.
void	setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the Assertion to operate on.
void	setAssertionTokenStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the inbound assertion token to process.
void	setIdentifierGeneratorLookupStrategy(Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)	Set the strategy used to locate the IdentifierGenerationStrategy to use.
void	setIssuerLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set the strategy used to locate the issuer value to use.
void	setStatementInOwnAssertion(boolean inOwnAssertion)	Set whether the generated authentication statement should be placed in its own assertion or added to one if it exists.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

statementInOwnAssertion

private boolean statementInOwnAssertion

Whether the generated authentication statement should be placed in its own assertion or added to one if it exists.

idGeneratorLookupStrategy

@Nonnull
private Function<ProfileRequestContext,IdentifierGenerationStrategy> idGeneratorLookupStrategy

Strategy used to locate the IdentifierGenerationStrategy to use.

issuerLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> issuerLookupStrategy

Strategy used to obtain the assertion issuer value.

idGenerator

@Nullable
private IdentifierGenerationStrategy idGenerator

The generator to use.

issuerId

@Nullable
private String issuerId

EntityID to populate as assertion issuer.

assertionLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

assertionTokenStrategy

@Nonnull
private Function<ProfileRequestContext,Assertion> assertionTokenStrategy

Function used to resolve the inbound assertion token to process.

sourceStatement

@Nullable
private AuthnStatement sourceStatement

The authentication statement which is to be cloned into the new Assertion.

Constructor Detail

AddAuthnStatementToAssertionFromInboundAssertionToken

public AddAuthnStatementToAssertionFromInboundAssertionToken()

Constructor.

Method Detail

isStatementInOwnAssertion

public boolean isStatementInOwnAssertion()

Set whether the generated statement should be placed in its own assertion or added to one if it exists.

Returns:

whether the generated statement should be placed in its own assertion or added to one if it exists

setStatementInOwnAssertion

public void setStatementInOwnAssertion(boolean inOwnAssertion)

Set whether the generated authentication statement should be placed in its own assertion or added to one if it exists.

Parameters:

inOwnAssertion - whether the generated authentication statement should be placed in its own assertion or added to one if it exists

setAssertionTokenStrategy

public void setAssertionTokenStrategy(@Nonnull
                                      Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the inbound assertion token to process.

Parameters:

strategy - lookup strategy

setIdentifierGeneratorLookupStrategy

public void setIdentifierGeneratorLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)

Set the strategy used to locate the IdentifierGenerationStrategy to use.

Parameters:

strategy - lookup strategy

setIssuerLookupStrategy

public void setIssuerLookupStrategy(@Nonnull
                                    Function<ProfileRequestContext,String> strategy)

Set the strategy used to locate the issuer value to use.

Parameters:

strategy - lookup strategy

getIdGenerator

@Nonnull
public IdentifierGenerationStrategy getIdGenerator()

Get the IdentifierGenerationStrategy to use if an assertion must be created.

Returns:

the ID generation strategy

getIssuerId

@Nonnull
public String getIssuerId()

Get the issuer name to use if an assertion must be created.

Returns:

the issuer name

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
                                       Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:

strategy - strategy used to locate the Assertion to operate on

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

getNewAuthnStatement

@Nullable
protected AuthnStatement getNewAuthnStatement()

Obtain the new AuthnStatement to add by cloning the inbound token's statement which was previously stored.

Returns:

the cloned AuthnStatement, or null if an error is encountered