Package net.shibboleth.idp.saml.saml2.profile.delegation.impl

Class ProcessDelegatedAssertion

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.saml2.profile.delegation.impl.ProcessDelegatedAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ProcessDelegatedAssertion
extends AbstractProfileAction

Process the pre-validated inbound Assertion WS-Security token, and set up the resulting NameID for subject canonicalization as the effective subject of the request.

A SubjectCanonicalizationContext is added containing a NameIDPrincipal with the token's NameID.

Event:

AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_SUBJECT

Precondition:

assertionTokenStrategy.apply(profileRequestContext).getSubject().getNameID() != null

Postcondition:

profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	ProcessDelegatedAssertion.DefaultC14NRequesterLookupFunction	Default strategy for resolving the requester entityID for SAML subject c14n.

Field Summary

Fields

Modifier and Type	Field	Description
private Assertion	assertion	The SAML 2 Assertion token being processed.
private Function<ProfileRequestContext,Assertion>	assertionTokenStrategy	Function used to resolve the assertion token to process.
private org.slf4j.Logger	log	Logger.
private NameID	nameID	The SAML 2 NameID representing the authenticated user.
private Function<ProfileRequestContext,String>	requesterLookupStrategy	Function used to obtain the requester ID, for purposes of Subject c14n.
private Function<ProfileRequestContext,String>	responderLookupStrategy	Function used to obtain the responder ID, for purposes of Subject c14n.

Constructor Summary

Constructors

Constructor	Description
ProcessDelegatedAssertion()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
void	setAssertionTokenStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the inbound assertion token to process.
void	setRequesterLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set the strategy used to locate the requester ID for subject canonicalization.
void	setResponderLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set the strategy used to locate the responder ID for subject canonicalization.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private org.slf4j.Logger log

Logger.

requesterLookupStrategy

@Nullable
private Function<ProfileRequestContext,String> requesterLookupStrategy

Function used to obtain the requester ID, for purposes of Subject c14n.

responderLookupStrategy

@Nullable
private Function<ProfileRequestContext,String> responderLookupStrategy

Function used to obtain the responder ID, for purposes of Subject c14n.

assertionTokenStrategy

@Nonnull
private Function<ProfileRequestContext,Assertion> assertionTokenStrategy

Function used to resolve the assertion token to process.

assertion

private Assertion assertion

The SAML 2 Assertion token being processed.

nameID

private NameID nameID

The SAML 2 NameID representing the authenticated user.

Constructor Details

ProcessDelegatedAssertion

public ProcessDelegatedAssertion()

Constructor.

Method Details

setAssertionTokenStrategy

public void setAssertionTokenStrategy(@Nonnull
 Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the inbound assertion token to process.

Parameters:

strategy - lookup strategy

setRequesterLookupStrategy

public void setRequesterLookupStrategy(@Nullable
 Function<ProfileRequestContext,String> strategy)

Set the strategy used to locate the requester ID for subject canonicalization.

Parameters:

strategy - lookup strategy

setResponderLookupStrategy

public void setResponderLookupStrategy(@Nullable
 Function<ProfileRequestContext,String> strategy)

Set the strategy used to locate the responder ID for subject canonicalization.

Parameters:

strategy - lookup strategy

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction