Class AddAuthnStatementToAssertionFromInboundAssertionToken

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

@Prototype
public class AddAuthnStatementToAssertionFromInboundAssertionToken
extends AbstractProfileAction
Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

This action is designed specifically to be used with SAML 2 delegation. The AuthnStatement will be cloned directly from the inbound Assertion token obtained from via the setAssertionTokenStrategy(Function).

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId(ProfileRequestContext).

Event:
EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, EventIds.MESSAGE_PROC_ERROR
  • Field Details

  • Constructor Details

    • AddAuthnStatementToAssertionFromInboundAssertionToken

      public AddAuthnStatementToAssertionFromInboundAssertionToken()
      Constructor.
  • Method Details

    • isStatementInOwnAssertion

      public boolean isStatementInOwnAssertion()
      Set whether the generated statement should be placed in its own assertion or added to one if it exists.
      Returns:
      whether the generated statement should be placed in its own assertion or added to one if it exists
    • setStatementInOwnAssertion

      public void setStatementInOwnAssertion​(boolean inOwnAssertion)
      Set whether the generated authentication statement should be placed in its own assertion or added to one if it exists.
      Parameters:
      inOwnAssertion - whether the generated authentication statement should be placed in its own assertion or added to one if it exists
    • setAssertionTokenStrategy

      public void setAssertionTokenStrategy​(@Nonnull Function<ProfileRequestContext,​Assertion> strategy)
      Set the strategy used to locate the inbound assertion token to process.
      Parameters:
      strategy - lookup strategy
    • setIdentifierGeneratorLookupStrategy

      public void setIdentifierGeneratorLookupStrategy​(@Nonnull Function<ProfileRequestContext,​IdentifierGenerationStrategy> strategy)
      Set the strategy used to locate the IdentifierGenerationStrategy to use.
      Parameters:
      strategy - lookup strategy
    • setIssuerLookupStrategy

      public void setIssuerLookupStrategy​(@Nonnull Function<ProfileRequestContext,​String> strategy)
      Set the strategy used to locate the issuer value to use.
      Parameters:
      strategy - lookup strategy
    • getIdGenerator

      @Nonnull public IdentifierGenerationStrategy getIdGenerator()
      Get the IdentifierGenerationStrategy to use if an assertion must be created.
      Returns:
      the ID generation strategy
    • getIssuerId

      @Nonnull public String getIssuerId()
      Get the issuer name to use if an assertion must be created.
      Returns:
      the issuer name
    • setAssertionLookupStrategy

      public void setAssertionLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Assertion> strategy)
      Set the strategy used to locate the Assertion to operate on.
      Parameters:
      strategy - strategy used to locate the Assertion to operate on
    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException
    • doPreExecute

      protected boolean doPreExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doPreExecute in class AbstractConditionalProfileAction
    • doExecute

      protected void doExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doExecute in class AbstractProfileAction
    • getNewAuthnStatement

      @Nullable protected AuthnStatement getNewAuthnStatement()
      Obtain the new AuthnStatement to add by cloning the inbound token's statement which was previously stored.
      Returns:
      the cloned AuthnStatement, or null if an error is encountered