Class AddAuthnStatementToAssertion
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
Action that builds an
AuthnStatement and adds it to an Assertion returned by a lookup
strategy, by default in the InOutOperationContext.getOutboundMessageContext().
If no Response exists, then an Assertion directly in the outbound message context will
be used or created
A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set.
The issuer is based on
RelyingPartyConfiguration.getResponderId(ProfileRequestContext).
The AuthnStatement will have its authentication instant set, based on
AuthenticationResult.getAuthenticationInstant()
via AuthenticationContext.getAuthenticationResult().
The AuthnContext will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected
or defaulted function that obtains a custom principal from the profile context.
The SessionIndex and optionally SessionNotOnOrAfter attributes will also be set.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate classDefault strategy for obtaining assertion to modify. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate Function<ProfileRequestContext,Assertion> Strategy used to locate theAssertionto operate on.Strategy used to determine the AuthnContextClassRef.private final org.slf4j.LoggerClass logger.private Function<ProfileRequestContext,Duration> Strategy used to determine SessionNotOnOrAfter value to set.private Predicate<ProfileRequestContext>Strategy used to determine whether to suppress AuthenticatingAuthority. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate voidaddAuthenticatingAuthorities(ProfileRequestContext profileRequestContext, AuthnContext authnContext) private AuthnStatementbuildAuthnStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext) Build theAuthnStatementto be added to theResponse.protected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext) Performs this authentication action.protected voidvoidSet the strategy used to locate theAssertionto operate on.voidSet the strategy function to use to obtain the authentication context class reference to use.voidSet the strategy used to locate the SessionNotOnOrAfter value to use.voidSet the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
doPreExecute, getAddressLookupStrategy, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setAddressLookupStrategy, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertionMethods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategyMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, setHttpServletRequest, setHttpServletRequestSupplier, setHttpServletResponse, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
assertionLookupStrategy
Strategy used to locate theAssertionto operate on. -
classRefLookupStrategy
@NonnullAfterInit private Function<ProfileRequestContext,AuthnContextClassRefPrincipal> classRefLookupStrategyStrategy used to determine the AuthnContextClassRef. -
sessionLifetimeLookupStrategy
Strategy used to determine SessionNotOnOrAfter value to set. -
suppressAuthenticatingAuthorityPredicate
Strategy used to determine whether to suppress AuthenticatingAuthority.
-
-
Constructor Details
-
AddAuthnStatementToAssertion
public AddAuthnStatementToAssertion()Constructor.
-
-
Method Details
-
setAssertionLookupStrategy
Set the strategy used to locate theAssertionto operate on.- Parameters:
strategy- strategy used to locate theAssertionto operate on
-
setClassRefLookupStrategy
public void setClassRefLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthnContextClassRefPrincipal> strategy) Set the strategy function to use to obtain the authentication context class reference to use.- Parameters:
strategy- authentication context class reference lookup strategy
-
setSessionLifetimeLookupStrategy
public void setSessionLifetimeLookupStrategy(@Nullable Function<ProfileRequestContext, Duration> strategy) Set the strategy used to locate the SessionNotOnOrAfter value to use.- Parameters:
strategy- lookup strategy
-
setSuppressAuthenticatingAuthorityPredicate
public void setSuppressAuthenticatingAuthorityPredicate(@Nonnull Predicate<ProfileRequestContext> condition) Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.- Parameters:
condition- condition to set
-
doInitialize
- Overrides:
doInitializein classBaseAddAuthenticationStatementToAssertion- Throws:
ComponentInitializationException
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) Performs this authentication action. Default implementation throws an exception.- Overrides:
doExecutein classAbstractAuthenticationAction- Parameters:
profileRequestContext- the current IdP profile request contextauthenticationContext- the current authentication context
-
buildAuthnStatement
@Nonnull private AuthnStatement buildAuthnStatement(@Nonnull ProfileRequestContext profileRequestContext, @Nullable RequestedPrincipalContext requestedPrincipalContext) Build theAuthnStatementto be added to theResponse.- Parameters:
profileRequestContext- current request contextrequestedPrincipalContext- context specifying request requirements for authn context- Returns:
- the authentication statement
-
addAuthenticatingAuthorities
private void addAuthenticatingAuthorities(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthnContext authnContext)
-