net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion

All Implemented Interfaces:: Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class AddAuthnStatementToAssertion extends BaseAddAuthenticationStatementToAssertion

Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId(ProfileRequestContext).

The AuthnStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The AuthnContext will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains a custom principal from the profile context.

The SessionIndex and optionally SessionNotOnOrAfter attributes will also be set.

Event:: EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

private class

AddAuthnStatementToAssertion.AssertionStrategy

Default strategy for obtaining assertion to modify.
Field Summary

Fields

Modifier and Type

Field

Description

private Function<ProfileRequestContext,Assertion>

assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

private Function<ProfileRequestContext,AuthnContextClassRefPrincipal>

classRefLookupStrategy

Strategy used to determine the AuthnContextClassRef.

private final org.slf4j.Logger

log

Class logger.

private Function<ProfileRequestContext,Duration>

sessionLifetimeLookupStrategy

Strategy used to determine SessionNotOnOrAfter value to set.

private Predicate<ProfileRequestContext>

suppressAuthenticatingAuthorityPredicate

Strategy used to determine whether to suppress AuthenticatingAuthority.
Constructor Summary

Constructors

Constructor

Description

AddAuthnStatementToAssertion()

Constructor.
Method Summary

Modifier and Type

Method

Description

private void

addAuthenticatingAuthorities(ProfileRequestContext profileRequestContext, AuthnContext authnContext)

private AuthnStatement

buildAuthnStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext)

Build the AuthnStatement to be added to the Response.

protected void

doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)

Performs this authentication action.

protected void

doInitialize()

void

setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

void

setClassRefLookupStrategy(Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)

Set the strategy function to use to obtain the authentication context class reference to use.

void

setSessionLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)

Set the strategy used to locate the SessionNotOnOrAfter value to use.

void

setSuppressAuthenticatingAuthorityPredicate(Predicate<ProfileRequestContext> condition)

Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
doPreExecute, getAddressLookupStrategy, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setAddressLookupStrategy, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Details
- log
  
  @Nonnull private final org.slf4j.Logger log
  
  Class logger.
- assertionLookupStrategy
  
  @NonnullAfterInit private Function<ProfileRequestContext,Assertion> assertionLookupStrategy
  
  Strategy used to locate the Assertion to operate on.
- classRefLookupStrategy
  
  @NonnullAfterInit private Function<ProfileRequestContext,AuthnContextClassRefPrincipal> classRefLookupStrategy
  
  Strategy used to determine the AuthnContextClassRef.
- sessionLifetimeLookupStrategy
  
  @Nullable private Function<ProfileRequestContext,Duration> sessionLifetimeLookupStrategy
  
  Strategy used to determine SessionNotOnOrAfter value to set.
- suppressAuthenticatingAuthorityPredicate
  
  @Nonnull private Predicate<ProfileRequestContext> suppressAuthenticatingAuthorityPredicate
  
  Strategy used to determine whether to suppress AuthenticatingAuthority.
Constructor Details
- AddAuthnStatementToAssertion
  
  public AddAuthnStatementToAssertion()
  
  Constructor.
Method Details
- setAssertionLookupStrategy
  
  public void setAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext,Assertion> strategy)
  
  Set the strategy used to locate the Assertion to operate on.
  
  Parameters:
  
  strategy - strategy used to locate the Assertion to operate on
- setClassRefLookupStrategy
  
  public void setClassRefLookupStrategy(@Nonnull Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)
  
  Set the strategy function to use to obtain the authentication context class reference to use.
  
  Parameters:
  
  strategy - authentication context class reference lookup strategy
- setSessionLifetimeLookupStrategy
  
  public void setSessionLifetimeLookupStrategy(@Nullable Function<ProfileRequestContext,Duration> strategy)
  
  Set the strategy used to locate the SessionNotOnOrAfter value to use.
  
  Parameters:
  
  strategy - lookup strategy
- setSuppressAuthenticatingAuthorityPredicate
  
  public void setSuppressAuthenticatingAuthorityPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
  
  Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.
  
  Parameters:
  
  condition - condition to set
- doInitialize
  
  protected void doInitialize() throws ComponentInitializationException
  
  Overrides:
  
  doInitialize in class BaseAddAuthenticationStatementToAssertion
  
  Throws:
  
  ComponentInitializationException
- doExecute
  
  protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
  
  Performs this authentication action. Default implementation throws an exception.
  
  Overrides:
  
  doExecute in class AbstractAuthenticationAction
  
  Parameters:
  
  profileRequestContext - the current IdP profile request context
  
  authenticationContext - the current authentication context
- buildAuthnStatement
  
  @Nonnull private AuthnStatement buildAuthnStatement(@Nonnull ProfileRequestContext profileRequestContext, @Nullable RequestedPrincipalContext requestedPrincipalContext)
  
  Build the AuthnStatement to be added to the Response.
  
  Parameters:
  
  profileRequestContext - current request context
  
  requestedPrincipalContext - context specifying request requirements for authn context
  
  Returns:
  
  the authentication statement
- addAuthenticatingAuthorities
  
  private void addAuthenticatingAuthorities(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthnContext authnContext)

Class AddAuthnStatementToAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Details

log

assertionLookupStrategy

classRefLookupStrategy

sessionLifetimeLookupStrategy

suppressAuthenticatingAuthorityPredicate

Constructor Details

AddAuthnStatementToAssertion

Method Details

setAssertionLookupStrategy

setClassRefLookupStrategy

setSessionLifetimeLookupStrategy

setSuppressAuthenticatingAuthorityPredicate

doInitialize

doExecute

buildAuthnStatement

addAuthenticatingAuthorities