Class ProcessDelegatedAssertion

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ProcessDelegatedAssertion
extends AbstractProfileAction
Process the pre-validated inbound Assertion WS-Security token, and set up the resulting NameID for subject canonicalization as the effective subject of the request.

A SubjectCanonicalizationContext is added containing a NameIDPrincipal with the token's NameID.

Event:
AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_SUBJECT
Precondition:
assertionTokenStrategy.apply(profileRequestContext).getSubject().getNameID() != null
Postcondition:
profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
  • Field Details

    • log

      @Nonnull private org.slf4j.Logger log
      Logger.
    • requesterLookupStrategy

      @Nullable private Function<ProfileRequestContext,​String> requesterLookupStrategy
      Function used to obtain the requester ID, for purposes of Subject c14n.
    • responderLookupStrategy

      @Nullable private Function<ProfileRequestContext,​String> responderLookupStrategy
      Function used to obtain the responder ID, for purposes of Subject c14n.
    • assertionTokenStrategy

      @Nonnull private Function<ProfileRequestContext,​Assertion> assertionTokenStrategy
      Function used to resolve the assertion token to process.
    • assertion

      private Assertion assertion
      The SAML 2 Assertion token being processed.
    • nameID

      private NameID nameID
      The SAML 2 NameID representing the authenticated user.
  • Constructor Details

    • ProcessDelegatedAssertion

      public ProcessDelegatedAssertion()
      Constructor.
  • Method Details