Class SAML2SPSessionCreationStrategy
java.lang.Object
net.shibboleth.idp.saml.session.impl.SAML2SPSessionCreationStrategy
- All Implemented Interfaces:
Function<ProfileRequestContext,SPSession>
public class SAML2SPSessionCreationStrategy
extends Object
implements Function<ProfileRequestContext,SPSession>
A function to create a
SAML2SPSession based on profile execution state.
This strategy is a default approach that uses a RelyingPartyContext via lookup strategy
to obtain a requester value, used as the SPSession's relying party ID. The authentication flow ID
comes from the AuthenticationResult in the
AuthenticationContext.
The session has a creation time based on the time of execution, and the expiration is based on a configurable
lifetime, bounded by the per-SP lifetime setting for the profile.
The SAML 2 specific data is extracted from the first assertion containing an authn statement
found in a Response message located via a lookup strategy, by default the outbound
message context. Failure to locate any of this data will cause a null return value.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final org.slf4j.LoggerClass logger.RelyingPartyContext lookup strategy.private Function<ProfileRequestContext,Response> Response lookup strategy.private final DurationLifetime of sessions to create. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionapply(ProfileRequestContext input) private Pair<Assertion,AuthnStatement> getAssertionAndStatement(ProfileRequestContext profileRequestContext) Locate the first assertion and authentication statement, such that the assertion subject contains a name identifier and the statement contains a session index.voidSet the strategy used to locate theRelyingPartyContextto operate on.voidSet the strategy used to locate theResponseto operate on.
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
sessionLifetime
Lifetime of sessions to create. -
relyingPartyContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategyRelyingPartyContext lookup strategy. -
responseLookupStrategy
Response lookup strategy.
-
-
Constructor Details
-
SAML2SPSessionCreationStrategy
Constructor.- Parameters:
lifetime- determines upper bound for expiration ofSAML2SPSessionto be created
-
-
Method Details
-
setRelyingPartyContextLookupStrategy
public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> strategy) Set the strategy used to locate theRelyingPartyContextto operate on.- Parameters:
strategy- lookup strategy
-
setResponseLookupStrategy
Set the strategy used to locate theResponseto operate on.- Parameters:
strategy- strategy used to locate theResponseto operate on
-
apply
- Specified by:
applyin interfaceFunction<ProfileRequestContext,SPSession>
-
getAssertionAndStatement
@Nullable private Pair<Assertion,AuthnStatement> getAssertionAndStatement(@Nonnull ProfileRequestContext profileRequestContext) Locate the first assertion and authentication statement, such that the assertion subject contains a name identifier and the statement contains a session index.- Parameters:
profileRequestContext- current profile request context- Returns:
- the suitable objects, or null
-