Package net.shibboleth.idp.saml.profile.impl

Class PopulateBindingAndEndpointContexts

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
public class PopulateBindingAndEndpointContexts
extends AbstractProfileAction
Action that populates the outbound SAMLBindingContext and when appropriate the SAMLEndpointContext based on the inbound request.

If the inbound binding is found in the set of supported bindings, and it is "synchronous", then there is no endpoint (the response is sent directly back to the requester), and an endpoint context is not created. A binding context is created based on the inbound binding.

Otherwise, the endpoint context is populated by constructing a "template" endpoint, with content based on the inbound request, and relying on an injected EndpointResolver and an injected list of acceptable bindings.

The binding context is populated based on the computed endpoint's binding, and the inbound SAMLBindingContext's relay state.

If the outbound binding is an artifact-based binding, then the action also creates a SAMLArtifactContext populated by settings from the SAMLArtifactConfiguration.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, SAMLEventIds.ENDPOINT_RESOLUTION_FAILED

  • Field Details

  • Constructor Details

    • PopulateBindingAndEndpointContexts

      public PopulateBindingAndEndpointContexts()
      Constructor.

  • Method Details

    • setEndpointType

      public void setEndpointType​(@Nullable QName type)
      Set the type of endpoint to resolve, defaults to <AssertionConsumerService>.
      Parameters:
      type - type of endpoint to resolve

    • setEndpointResolver

      public void setEndpointResolver​(@Nonnull EndpointResolver<?> resolver)
      Set a custom EndpointResolver to use.
      Parameters:
      resolver - endpoint resolver to use

    • setBindingDescriptorsLookupStrategy

      public void setBindingDescriptorsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​List<BindingDescriptor>> strategy)
      Set lookup strategy to return the bindings to evaluate for use, in preference order.
      Parameters:
      strategy - lookup strategy
      Since:
      4.0.0

    • setRelyingPartyContextLookupStrategy

      public void setRelyingPartyContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​RelyingPartyContext> strategy)
      Set lookup strategy for RelyingPartyContext.
      Parameters:
      strategy - lookup strategy

    • setMetadataContextLookupStrategy

      public void setMetadataContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​SAMLMetadataContext> strategy)
      Set lookup strategy for SAMLMetadataContext for input to resolution.
      Parameters:
      strategy - lookup strategy

    • setBindingContextLookupStrategy

      public void setBindingContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​SAMLBindingContext> strategy)
      Set lookup strategy for SAMLBindingContext to populate.
      Parameters:
      strategy - lookup strategy

    • setEndpointContextLookupStrategy

      public void setEndpointContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​SAMLEndpointContext> strategy)
      Set lookup strategy for SAMLEndpointContext to populate.
      Parameters:
      strategy - lookup strategy

    • setArtifactContextLookupStrategy

      public void setArtifactContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​SAMLArtifactContext> strategy)
      Set lookup strategy for SAMLArtifactContext to populate.
      Parameters:
      strategy - lookup strategy

    • setArtifactImpliesSecureChannel

      public void setArtifactImpliesSecureChannel​(boolean flag)
      Set whether an artifact-based binding implies that the eventual channel for SAML message exchange will be secured, overriding the integrity and confidentiality properties of the current channel.

      This has the effect of suppressing signing and encryption when an artifact binding is used, which is normally desirable.

      Defaults to true.

      Parameters:
      flag - flag to set

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreExecute

      protected boolean doPreExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doPreExecute in class AbstractConditionalProfileAction

    • doExecute

      protected void doExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doExecute in class AbstractProfileAction

    • handleSynchronousRequest

      private boolean handleSynchronousRequest​(@Nonnull ProfileRequestContext profileRequestContext)
      Check for an inbound request binding that is synchronous and handle appropriately.
      Parameters:
      profileRequestContext - profile request context
      Returns:
      true iff a synchronous binding was handled

    • buildEndpointCriterion

      @Nonnull private EndpointCriterion<?> buildEndpointCriterion​(@Nonnull @NotEmpty String unverifiedBinding)
      Build a template Endpoint object to use as input criteria to the resolution process and wrap it in a criterion object.
      Parameters:
      unverifiedBinding - default binding to use for an unverified requester with no Binding specified
      Returns:
      criterion to give to resolver