net.shibboleth.idp.saml.saml1.profile.impl.AddAuthenticationStatementToAssertion

All Implemented Interfaces:: Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class AddAuthenticationStatementToAssertion
extends BaseAddAuthenticationStatementToAssertion

Action that builds an AuthenticationStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId(ProfileRequestContext).

The AuthenticationStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The method property will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains an AuthenticationMethodPrincipal from the profile context.

Event:: EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_MSG_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes

Modifier and Type Class Description

private class AddAuthenticationStatementToAssertion.AssertionStrategy
Default strategy for obtaining assertion to modify.

Field Summary

Fields
Modifier and Type	Field	Description
`private Function<ProfileRequestContext,Assertion>`	`assertionLookupStrategy`	Strategy used to locate the `Assertion` to operate on.
`private IdentifierGenerationStrategy`	`idGenerator`	The generator to use.
`private org.slf4j.Logger`	`log`	Class logger.
`private Function<ProfileRequestContext,AuthenticationMethodPrincipal>`	`methodLookupStrategy`	Strategy used to determine the AuthenticationMethod attribute.

Constructor Summary

Constructors

Constructor Description

AddAuthenticationStatementToAssertion()

Method Summary

Modifier and Type	Method	Description
`private AuthenticationStatement`	`buildAuthenticationStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext)`	Build the `AuthenticationStatement` to be added to the `Response`.
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`	Performs this authentication action.
`protected void`	`doInitialize()`
`void`	`setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)`	Set the strategy used to locate the `Assertion` to operate on.
`void`	`setAuthenticationMethodLookupStrategy(Function<ProfileRequestContext,AuthenticationMethodPrincipal> strategy)`	Set the strategy function to use to obtain the authentication method to use.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

doPreExecute, getAddressLookupStrategy, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setAddressLookupStrategy, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details
- log
  
  @Nonnull private final org.slf4j.Logger log
  
  Class logger.
- assertionLookupStrategy
  
  @NonnullAfterInit private Function<ProfileRequestContext,Assertion> assertionLookupStrategy
  
  Strategy used to locate the Assertion to operate on.
- methodLookupStrategy
  
  @NonnullAfterInit private Function<ProfileRequestContext,AuthenticationMethodPrincipal> methodLookupStrategy
  
  Strategy used to determine the AuthenticationMethod attribute.
- idGenerator
  
  @Nullable private IdentifierGenerationStrategy idGenerator
  
  The generator to use.
Constructor Details
- AddAuthenticationStatementToAssertion
  
  public AddAuthenticationStatementToAssertion()
Method Details
- setAssertionLookupStrategy
  
  public void setAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext,Assertion> strategy)
  
  Set the strategy used to locate the Assertion to operate on.
  
  Parameters:
  
  strategy - strategy used to locate the Assertion to operate on
- setAuthenticationMethodLookupStrategy
  
  public void setAuthenticationMethodLookupStrategy(@Nonnull Function<ProfileRequestContext,AuthenticationMethodPrincipal> strategy)
  
  Set the strategy function to use to obtain the authentication method to use.
  
  Parameters:
  
  strategy - authentication method lookup strategy
- doInitialize
  
  protected void doInitialize() throws ComponentInitializationException
  
  Overrides:
  
  doInitialize in class BaseAddAuthenticationStatementToAssertion
  
  Throws:
  
  ComponentInitializationException
- doExecute
  
  protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
  
  Performs this authentication action. Default implementation throws an exception.
  
  Overrides:
  
  doExecute in class AbstractAuthenticationAction
  
  Parameters:
  
  profileRequestContext - the current IdP profile request context
  
  authenticationContext - the current authentication context
- buildAuthenticationStatement
  
  @Nonnull private AuthenticationStatement buildAuthenticationStatement(@Nonnull ProfileRequestContext profileRequestContext, @Nullable RequestedPrincipalContext requestedPrincipalContext)
  
  Build the AuthenticationStatement to be added to the Response.
  
  Parameters:
  
  profileRequestContext - current request context
  
  requestedPrincipalContext - context specifying request requirements for authn method
  
  Returns:
  
  the authentication statement

Class AddAuthenticationStatementToAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Details

log

assertionLookupStrategy

methodLookupStrategy

idGenerator

Constructor Details

AddAuthenticationStatementToAssertion

Method Details

setAssertionLookupStrategy

setAuthenticationMethodLookupStrategy

doInitialize

doExecute

buildAuthenticationStatement