Package net.shibboleth.idp.saml.saml2.profile.impl

Class ProcessAssertionsForAuthentication

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.saml.saml2.profile.impl.ProcessAssertionsForAuthentication

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ProcessAssertionsForAuthentication
extends AbstractAuthenticationAction

Perform processing of a SAML 2 Response's Assertions that have been validated by earlier actions for use in finalization of SAML-based authentication by later actions.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	ProcessAssertionsForAuthentication.AssertionContainsAuthenticationStatement	Predicate for assertions containing at least 1 AuthenticationStatement.
private class	ProcessAssertionsForAuthentication.AssertionContainsConfirmedSubject	Predicate for assertions which have been validated and have a confirmed Subject.
private class	ProcessAssertionsForAuthentication.AssertionIsValid	Predicate for valid assertions.
private class	ProcessAssertionsForAuthentication.DefaultResponseResolver	The default response resolver function.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<List<Assertion>,Assertion>	authnAssertionSelectionStrategy	Selection strategy for multiple valid authn Assertions.
private Function<Assertion,AuthnStatement>	authnStatementSelectionStrategy	Selection strategy for multiple AuthnStatements.
private org.slf4j.Logger	log	Logger.
private Response	response	The Response to process.
private Function<ProfileRequestContext,Response>	responseResolver	The resolver for the response to be processed.
private SAMLAuthnContext	samlAuthnContext	The SAML authentication context.
private Function<ProfileRequestContext,SAMLAuthnContext>	samlContextLookupStrategy	Lookup strategy to locate the SAML context.

Constructor Summary

Constructors

Constructor	Description
ProcessAssertionsForAuthentication()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
void	setAuthnAssertionSelectionStrategy(Function<List<Assertion>,Assertion> strategy)	Set the strategy function for selecting which of multiple valid Assertions to use.
void	setAuthnStatementSelectionStrategy(Function<Assertion,AuthnStatement> strategy)	Set the strategy function for selecting which of multiple AuthnStatements to use.
void	setResponseResolver(Function<ProfileRequestContext,Response> strategy)	Set the strategy function which resolves the response to process.
void	setSAMLAuthnContextLookupStrategy(Function<ProfileRequestContext,SAMLAuthnContext> strategy)	Set the lookup strategy used to locate the SAMLAuthnContext.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

private final org.slf4j.Logger log

Logger.

responseResolver

@NonnullAfterInit
private Function<ProfileRequestContext,Response> responseResolver

The resolver for the response to be processed.

samlContextLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,SAMLAuthnContext> samlContextLookupStrategy

Lookup strategy to locate the SAML context.

authnAssertionSelectionStrategy

@NonnullAfterInit
private Function<List<Assertion>,Assertion> authnAssertionSelectionStrategy

Selection strategy for multiple valid authn Assertions.

authnStatementSelectionStrategy

@NonnullAfterInit
private Function<Assertion,AuthnStatement> authnStatementSelectionStrategy

Selection strategy for multiple AuthnStatements.

response

private Response response

The Response to process.

samlAuthnContext

private SAMLAuthnContext samlAuthnContext

The SAML authentication context.

Constructor Detail

ProcessAssertionsForAuthentication

public ProcessAssertionsForAuthentication()

Constructor.

Method Detail

setAuthnAssertionSelectionStrategy

public void setAuthnAssertionSelectionStrategy(@Nonnull
                                               Function<List<Assertion>,Assertion> strategy)

Set the strategy function for selecting which of multiple valid Assertions to use.

Parameters:

strategy - the new strategy function

setAuthnStatementSelectionStrategy

public void setAuthnStatementSelectionStrategy(@Nonnull
                                               Function<Assertion,AuthnStatement> strategy)

Set the strategy function for selecting which of multiple AuthnStatements to use.

Parameters:

strategy - the new strategy function

setResponseResolver

public void setResponseResolver(@Nonnull
                                Function<ProfileRequestContext,Response> strategy)

Set the strategy function which resolves the response to process.

Parameters:

strategy - the new strategy function

setSAMLAuthnContextLookupStrategy

public void setSAMLAuthnContextLookupStrategy(@Nonnull
                                              Function<ProfileRequestContext,SAMLAuthnContext> strategy)

Set the lookup strategy used to locate the SAMLAuthnContext.

Parameters:

strategy - the new strategy function

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class AbstractAuthenticationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction