Class AddDelegationPolicyToAssertion

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

@Prototype public class AddDelegationPolicyToAssertion extends AbstractProfileAction
Action which adds a DelegationPolicy element to the Advice of an Assertion.

The assertion to modify is determined by the strategy set by setAssertionLookupStrategy(Function).

The maximum chain delegation length value for the added policy element is as follows:

  1. If an inbound assertion token is present as determined by the strategy set by setAssertionTokenStrategy(Function), the value is obtained from the policy contained within the first DelegationPolicy element of that assertion's Advice element.
  2. Otherwise the request is assumed to be the initial SSO request, so the value is determined by the requesting SP's profile configuration value BrowserSSOProfileConfiguration.getMaximumTokenDelegationChainLength(ProfileRequestContext).
  3. If neither of these approaches produces a value, a default value is used DEFAULT_POLICY_MAX_CHAIN_LENGTH
  • Field Details


      @Nonnull public static final Long DEFAULT_POLICY_MAX_CHAIN_LENGTH
      Default policy max chain length, when can't otherwise be derived.
    • log

      @Nonnull private org.slf4j.Logger log
    • assertionLookupStrategy

      @Nonnull private Function<ProfileRequestContext,Assertion> assertionLookupStrategy
      Strategy used to locate the Assertion to operate on.
    • assertionTokenStrategy

      @Nonnull private Function<ProfileRequestContext,Assertion> assertionTokenStrategy
      Function used to resolve the inbound assertion token to process.
    • relyingPartyContextLookupStrategy

      @Nonnull private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy
      Strategy used to lookup the RelyingPartyContext.
    • assertion

      @Nullable private Assertion assertion
      The assertion to modify.
    • attestedAssertion

      @Nullable private Assertion attestedAssertion
      The inbound delegated Assertion that was attested.
    • maxChainLength

      @Nullable private Long maxChainLength
      The max token delegation chain length value to add.
  • Constructor Details

    • AddDelegationPolicyToAssertion

      public AddDelegationPolicyToAssertion()
  • Method Details