SAML2SPSessionbased on profile execution state.
This strategy is a default approach that uses a
RelyingPartyContext via lookup strategy
to obtain a requester value, used as the
SPSession's relying party ID. The authentication flow ID
comes from the
AuthenticationResult in the
The session has a creation time based on the time of execution, and the expiration is based on a configurable
lifetime, bounded by the per-SP lifetime setting for the profile.
The SAML 2 specific data is extracted from the first assertion containing an authn statement
found in a
Response message located via a lookup strategy, by default the outbound
message context. Failure to locate any of this data will cause a null return value.
Field SummaryModifier and TypeFieldDescription
private final org.slf4j.LoggerClass logger.RelyingPartyContext lookup strategy.Response lookup strategy.
private final DurationLifetime of sessions to create.
Method SummaryModifier and TypeMethodDescriptionLocate the first assertion and authentication statement, such that the assertion subject contains a name identifier and the statement contains a session index.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
log@Nonnull private final org.slf4j.Logger logClass logger.
sessionLifetime@Nonnull private final Duration sessionLifetimeLifetime of sessions to create.
relyingPartyContextLookupStrategy@Nonnull private Function<ProfileRequestContext,
RelyingPartyContext>relyingPartyContextLookupStrategyRelyingPartyContext lookup strategy.
responseLookupStrategyResponse lookup strategy.
setRelyingPartyContextLookupStrategypublic void setRelyingPartyContextLookupStrategy
(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> strategy)
strategy- lookup strategy
strategy- strategy used to locate the
Responseto operate on
getAssertionAndStatement@Nullable private Pair<Assertion,
AuthnStatement>getAssertionAndStatement (@Nonnull ProfileRequestContext profileRequestContext)Locate the first assertion and authentication statement, such that the assertion subject contains a name identifier and the statement contains a session index.
profileRequestContext- current profile request context
- the suitable objects, or null