Class MetadataServiceRegistry

All Implemented Interfaces:

public class MetadataServiceRegistry extends Object implements ServiceRegistry
CAS service registry implementation that queries SAML metadata for a CAS service given a CAS service URL using the following strategy. A MetadataResolver is queried for an EntityDescriptor that meets the following criteria:
  1. Defines in the protocolSupportEnumeration attribute of an SPSSODescriptor element.
  2. Defines an AssertionConsumerService element where the Binding URI is "".
  3. Matching AssertionConsumerService element also defines a Location attribute where the given service URL starts with the ACS location.
If a single match is found, it is converted to a Service and returned; if more than result is found, a ResolverException is raised, otherwise null is returned.

Two additional aspects of a CAS service may be specified in metadata:

  1. allowedToProxy - True if there is an AssertionConsumerService element with a binding of "", false otherwise.
  2. singleLogoutParticipant - True if there is a SingleLogoutService element with a binding of "" and a location of "urn:mace:shibboleth:profile:CAS:logout", false otherwise.
See the SAML metadata profile for CAS for the full specification.
  • Field Details


      public static final String LOGIN_BINDING
      URI identifying an ACS endpoint that requests CAS service tickets.
      See Also:

      public static final String LOGOUT_BINDING
      URI identifying a CAS SLO endpoint.
      See Also:

      public static final String LOGOUT_LOCATION
      URN marking that SLO endpoint is dynamic based on service ticket URL.
      See Also:

      public static final String PROXY_BINDING
      URI identifying a CAS proxy callback endoint.
      See Also:
    • log

      private final org.slf4j.Logger log
      Class logger.
    • metadataResolver

      @Nonnull private final RoleDescriptorResolver metadataResolver
      SAML metadata resolver.
  • Constructor Details

    • MetadataServiceRegistry

      public MetadataServiceRegistry(@Nonnull @ParameterName(name="resolver") RoleDescriptorResolver resolver)
      Create a new instance that queries the given metadata resolver.
      resolver - SAML metadata resolver.
  • Method Details

    • lookup

      @Nullable public Service lookup(@Nonnull String serviceURL)
      Description copied from interface: ServiceRegistry
      Looks up a service entry from a service URL.
      Specified by:
      lookup in interface ServiceRegistry
      serviceURL - Non-null CAS service URL.
      Service found in registry or null if no match found.
    • criteria

      @Nonnull protected CriteriaSet criteria(@Nonnull String serviceURL)
      Create the set of criteria used to find a unique CAS service given a CAS service URL.
      serviceURL - CAS service URL.
      Metadata resolver criteria set.
    • create

      @Nonnull protected Service create(@Nonnull String serviceURL, @Nonnull SPSSODescriptor role)
      Create a CAS Service from an input service URL and the matching RoleDescriptor that was resolved from the metadata source.
      serviceURL - CAS service URL.
      role - resolved from metadata.
      CAS service created from inputs.
    • isAuthorizedToProxy

      private boolean isAuthorizedToProxy(@Nonnull SPSSODescriptor role)
      Checks if the EntityDescriptor have a PROXY_BINDING acs.
      role - what to look at
      whether is is authorized to proxy
    • hasSingleLogoutService

      private boolean hasSingleLogoutService(@Nonnull SPSSODescriptor role)
      Checks if the EntityDescriptor has an SLO endpoint.
      role - what to look at
      whether it has an SLO endpoint