java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction
  - - org.opensaml.profile.action.AbstractConditionalProfileAction
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.authn.AbstractAuthenticationAction
        
        net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
        
        net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
```
public class AddAuthnStatementToAssertion
extends BaseAddAuthenticationStatementToAssertion
```
Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId(ProfileRequestContext).

The AuthnStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The AuthnContext will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains a custom principal from the profile context.

The SessionIndex and optionally SessionNotOnOrAfter attributes will also be set.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes
Modifier and Type Class Description

private class AddAuthnStatementToAssertion.AssertionStrategy
Default strategy for obtaining assertion to modify.

Field Summary

Fields
Modifier and Type	Field	Description
`private Function<ProfileRequestContext,Assertion>`	`assertionLookupStrategy`	Strategy used to locate the `Assertion` to operate on.
`private Function<ProfileRequestContext,AuthnContextClassRefPrincipal>`	`classRefLookupStrategy`	Strategy used to determine the AuthnContextClassRef.
`private org.slf4j.Logger`	`log`	Class logger.
`private Function<ProfileRequestContext,Duration>`	`sessionLifetimeLookupStrategy`	Strategy used to determine SessionNotOnOrAfter value to set.
`private Predicate<ProfileRequestContext>`	`suppressAuthenticatingAuthorityPredicate`	Strategy used to determine whether to suppress AuthenticatingAuthority.

Constructor Summary

Constructors
Constructor Description

AddAuthnStatementToAssertion()
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`private void`	`addAuthenticatingAuthorities(ProfileRequestContext profileRequestContext, AuthnContext authnContext)`
`private AuthnStatement`	`buildAuthnStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext)`	Build the `AuthnStatement` to be added to the `Response`.
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected void`	`doInitialize()`
`void`	`setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)`	Set the strategy used to locate the `Assertion` to operate on.
`void`	`setClassRefLookupStrategy(Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)`	Set the strategy function to use to obtain the authentication context class reference to use.
`void`	`setSessionLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)`	Set the strategy used to locate the SessionNotOnOrAfter value to use.
`void`	`setSuppressAuthenticatingAuthorityPredicate(Predicate<ProfileRequestContext> condition)`	Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
doPreExecute, getAddressLookupStrategy, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setAddressLookupStrategy, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

assertionLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

classRefLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,AuthnContextClassRefPrincipal> classRefLookupStrategy

Strategy used to determine the AuthnContextClassRef.

sessionLifetimeLookupStrategy

@Nullable
private Function<ProfileRequestContext,Duration> sessionLifetimeLookupStrategy

Strategy used to determine SessionNotOnOrAfter value to set.

suppressAuthenticatingAuthorityPredicate
```
@Nonnull
private Predicate<ProfileRequestContext> suppressAuthenticatingAuthorityPredicate
```
Strategy used to determine whether to suppress AuthenticatingAuthority.

Constructor Detail
- AddAuthnStatementToAssertion
```
public AddAuthnStatementToAssertion()
```
  Constructor.

Method Detail

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
                                       Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:: strategy - strategy used to locate the Assertion to operate on

setClassRefLookupStrategy

public void setClassRefLookupStrategy(@Nonnull
                                      Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)

Set the strategy function to use to obtain the authentication context class reference to use.

Parameters:: strategy - authentication context class reference lookup strategy

setSessionLifetimeLookupStrategy

public void setSessionLifetimeLookupStrategy(@Nullable
                                             Function<ProfileRequestContext,Duration> strategy)

Set the strategy used to locate the SessionNotOnOrAfter value to use.

Parameters:: strategy - lookup strategy

setSuppressAuthenticatingAuthorityPredicate

public void setSuppressAuthenticatingAuthorityPredicate(@Nonnull
                                                        Predicate<ProfileRequestContext> condition)

Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.

Parameters:: condition - condition to set

doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
Overrides:

doInitialize in class BaseAddAuthenticationStatementToAssertion

Throws:

ComponentInitializationException

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:: doExecute in class AbstractAuthenticationAction

buildAuthnStatement

@Nonnull
private AuthnStatement buildAuthnStatement(@Nonnull
                                           ProfileRequestContext profileRequestContext,
                                           @Nullable
                                           RequestedPrincipalContext requestedPrincipalContext)

Build the AuthnStatement to be added to the Response.

Parameters:: profileRequestContext - current request context; requestedPrincipalContext - context specifying request requirements for authn context
Returns:: the authentication statement

addAuthenticatingAuthorities

private void addAuthenticatingAuthorities(@Nonnull
                                          ProfileRequestContext profileRequestContext,
                                          @Nonnull
                                          AuthnContext authnContext)

Class AddAuthnStatementToAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent