java.lang.Object
- net.shibboleth.idp.saml.session.impl.SAML2SPSessionCreationStrategy

All Implemented Interfaces:

Function<ProfileRequestContext,SPSession>
```
public class SAML2SPSessionCreationStrategy
extends Object
implements Function<ProfileRequestContext,SPSession>
```
A function to create a SAML2SPSession based on profile execution state.
This strategy is a default approach that uses a RelyingPartyContext via lookup strategy to obtain a requester value, used as the SPSession's relying party ID. The authentication flow ID comes from the AuthenticationResult in the AuthenticationContext. The session has a creation time based on the time of execution, and the expiration is based on a configurable lifetime, bounded by the per-SP lifetime setting for the profile.

The SAML 2 specific data is extracted from the first assertion containing an authn statement found in a Response message located via a lookup strategy, by default the outbound message context. Failure to locate any of this data will cause a null return value.

Field Summary

Fields
Modifier and Type	Field	Description
`private org.slf4j.Logger`	`log`	Class logger.
`private Function<ProfileRequestContext,RelyingPartyContext>`	`relyingPartyContextLookupStrategy`	RelyingPartyContext lookup strategy.
`private Function<ProfileRequestContext,Response>`	`responseLookupStrategy`	Response lookup strategy.
`private Duration`	`sessionLifetime`	Lifetime of sessions to create.

Constructor Summary

Constructors
Constructor Description

SAML2SPSessionCreationStrategy(Duration lifetime)
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`SPSession`	`apply(ProfileRequestContext input)`
`private Pair<Assertion,AuthnStatement>`	`getAssertionAndStatement(ProfileRequestContext profileRequestContext)`	Locate the first assertion and authentication statement, such that the assertion subject contains a name identifier and the statement contains a session index.
`void`	`setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,RelyingPartyContext> strategy)`	Set the strategy used to locate the `RelyingPartyContext` to operate on.
`void`	`setResponseLookupStrategy(Function<ProfileRequestContext,Response> strategy)`	Set the strategy used to locate the `Response` to operate on.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.util.function.Function
andThen, compose

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

sessionLifetime

@Nonnull
private final Duration sessionLifetime

Lifetime of sessions to create.

relyingPartyContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

RelyingPartyContext lookup strategy.

responseLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Response> responseLookupStrategy

Response lookup strategy.

Constructor Detail

SAML2SPSessionCreationStrategy

public SAML2SPSessionCreationStrategy(@Nonnull
                                      Duration lifetime)

Constructor.

Parameters:: lifetime - determines upper bound for expiration of SAML2SPSession to be created

Method Detail

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to locate the RelyingPartyContext to operate on.

Parameters:: strategy - lookup strategy

setResponseLookupStrategy

public void setResponseLookupStrategy(@Nonnull
                                      Function<ProfileRequestContext,Response> strategy)

Set the strategy used to locate the Response to operate on.

Parameters:: strategy - strategy used to locate the Response to operate on

apply

@Nullable
public SPSession apply(@Nullable
                       ProfileRequestContext input)

Specified by:: apply in interface Function<ProfileRequestContext,SPSession>

getAssertionAndStatement
```
@Nullable
private Pair<Assertion,AuthnStatement> getAssertionAndStatement(@Nonnull
                                                                      ProfileRequestContext profileRequestContext)
```
Locate the first assertion and authentication statement, such that the assertion subject contains a name identifier and the statement contains a session index.

Parameters:

profileRequestContext - current profile request context

Returns:

the suitable objects, or null

Class SAML2SPSessionCreationStrategy