Package net.shibboleth.idp.saml.saml2.profile.impl

Class ProcessAssertionsForAuthentication

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.saml.saml2.profile.impl.ProcessAssertionsForAuthentication

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ProcessAssertionsForAuthentication
extends AbstractAuthenticationAction

Perform processing of a SAML 2 Response's Assertions that have been validated by earlier actions for use in finalization of SAML-based authentication by later actions.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	ProcessAssertionsForAuthentication.AssertionContainsAuthenticationStatement	Predicate for assertions containing at least 1 AuthenticationStatement.
private class	ProcessAssertionsForAuthentication.AssertionContainsConfirmedSubject	Predicate for assertions which have been validated and have a confirmed Subject.
private class	ProcessAssertionsForAuthentication.AssertionIsValid	Predicate for valid assertions.
private class	ProcessAssertionsForAuthentication.DefaultResponseResolver	The default response resolver function.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<List<Assertion>,Assertion>	authnAssertionSelectionStrategy	Selection strategy for multiple valid authn Assertions.
private Function<Assertion,AuthnStatement>	authnStatementSelectionStrategy	Selection strategy for multiple AuthnStatements.
private final org.slf4j.Logger	log	Logger.
private Response	response	The Response to process.
private Function<ProfileRequestContext,Response>	responseResolver	The resolver for the response to be processed.
private SAMLAuthnContext	samlAuthnContext	The SAML authentication context.
private Function<ProfileRequestContext,SAMLAuthnContext>	samlContextLookupStrategy	Lookup strategy to locate the SAML context.

Constructor Summary

Constructors

Constructor	Description
ProcessAssertionsForAuthentication()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)	Performs this authentication action.
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)	Performs this authentication action's pre-execute step.
void	setAuthnAssertionSelectionStrategy(Function<List<Assertion>,Assertion> strategy)	Set the strategy function for selecting which of multiple valid Assertions to use.
void	setAuthnStatementSelectionStrategy(Function<Assertion,AuthnStatement> strategy)	Set the strategy function for selecting which of multiple AuthnStatements to use.
void	setResponseResolver(Function<ProfileRequestContext,Response> strategy)	Set the strategy function which resolves the response to process.
void	setSAMLAuthnContextLookupStrategy(Function<ProfileRequestContext,SAMLAuthnContext> strategy)	Set the lookup strategy used to locate the SAMLAuthnContext.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

private final org.slf4j.Logger log

Logger.

responseResolver

@NonnullAfterInit
private Function<ProfileRequestContext,Response> responseResolver

The resolver for the response to be processed.

samlContextLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,SAMLAuthnContext> samlContextLookupStrategy

Lookup strategy to locate the SAML context.

authnAssertionSelectionStrategy

@NonnullAfterInit
private Function<List<Assertion>,Assertion> authnAssertionSelectionStrategy

Selection strategy for multiple valid authn Assertions.

authnStatementSelectionStrategy

@NonnullAfterInit
private Function<Assertion,AuthnStatement> authnStatementSelectionStrategy

Selection strategy for multiple AuthnStatements.

response

private Response response

The Response to process.

samlAuthnContext

private SAMLAuthnContext samlAuthnContext

The SAML authentication context.

Constructor Details

ProcessAssertionsForAuthentication

public ProcessAssertionsForAuthentication()

Constructor.

Method Details

setAuthnAssertionSelectionStrategy

public void setAuthnAssertionSelectionStrategy(@Nonnull
 Function<List<Assertion>,Assertion> strategy)

Set the strategy function for selecting which of multiple valid Assertions to use.

Parameters:

strategy - the new strategy function

setAuthnStatementSelectionStrategy

public void setAuthnStatementSelectionStrategy(@Nonnull
 Function<Assertion,AuthnStatement> strategy)

Set the strategy function for selecting which of multiple AuthnStatements to use.

Parameters:

strategy - the new strategy function

setResponseResolver

public void setResponseResolver(@Nonnull
 Function<ProfileRequestContext,Response> strategy)

Set the strategy function which resolves the response to process.

Parameters:

strategy - the new strategy function

setSAMLAuthnContextLookupStrategy

public void setSAMLAuthnContextLookupStrategy(@Nonnull
 Function<ProfileRequestContext,SAMLAuthnContext> strategy)

Set the lookup strategy used to locate the SAMLAuthnContext.

Parameters:

strategy - the new strategy function

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext)

Performs this authentication action's pre-execute step. Default implementation just returns true.

Overrides:

doPreExecute in class AbstractAuthenticationAction

Parameters:

profileRequestContext - the current IdP profile request context

authenticationContext - the current authentication context

Returns:

true iff execution should continue

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext)

Performs this authentication action. Default implementation throws an exception.

Overrides:

doExecute in class AbstractAuthenticationAction

Parameters:

profileRequestContext - the current IdP profile request context

authenticationContext - the current authentication context