Package org.opensaml.saml.saml2.profile.impl

Class AddNameIDToSubjects

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction
public class AddNameIDToSubjects extends AbstractProfileAction
Action that builds a NameID and adds it to the Subject of all the assertions found in a Response. The message to update is returned by a lookup strategy, by default the message returned by InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created by the default lookup strategy.

If no Subject exists in the assertions found, it will be cretaed.

The source of the NameID is one of a set of candidate SAML2NameIDGenerator plugins injected into the action. The plugin(s) to attempt to use are derived from the Format value, which is established by a lookup strategy.

In addition, the generation process is influenced by the requested NameIDPolicy, which is evaluated using a pluggable predicate.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, SAMLEventIds.INVALID_NAMEID_POLICY

  • Field Details

  • Constructor Details

  • Method Details

    • setOverwriteExisting

      public void setOverwriteExisting(boolean flag)
      Set whether to overwrite any existing NameID objects found.
      Parameters:
      flag - true iff the action should overwrite any existing objects

    • setRequestLookupStrategy

      public void setRequestLookupStrategy(@Nonnull Function<ProfileRequestContext,AuthnRequest> strategy)
      Set the strategy used to locate the AuthnRequest to examine, if any.
      Parameters:
      strategy - strategy used to locate the AuthnRequest

    • setAssertionsLookupStrategy

      public void setAssertionsLookupStrategy(@Nonnull Function<ProfileRequestContext,List<Assertion>> strategy)
      Set the strategy used to locate the Assertions to operate on.
      Parameters:
      strategy - lookup strategy

    • setIdentifierGeneratorLookupStrategy

      public void setIdentifierGeneratorLookupStrategy(@Nonnull Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)
      Set the strategy used to locate the IdentifierGenerationStrategy to use.
      Parameters:
      strategy - lookup strategy

    • setIssuerLookupStrategy

      public void setIssuerLookupStrategy(@Nullable Function<ProfileRequestContext,String> strategy)
      Set the strategy used to locate the issuer value to use.
      Parameters:
      strategy - lookup strategy

    • setNameIDPolicyPredicate

      public void setNameIDPolicyPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to evaluate the NameIDPolicy.
      Parameters:
      predicate - predicate used to evaluate the NameIDPolicy

    • setFormatLookupStrategy

      public void setFormatLookupStrategy(@Nonnull Function<ProfileRequestContext,List<String>> strategy)
      Set the strategy function to use to obtain the formats to try.
      Parameters:
      strategy - format lookup strategy

    • setNameIDGenerator

      public void setNameIDGenerator(@Nullable SAML2NameIDGenerator theGenerator)
      Set the generator to use.
      Parameters:
      theGenerator - the generator to use

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Called prior to execution, actions may override this method to perform pre-processing for a request.

      If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

      If returning successfully, the last step should be to return the result of the superclass version of this method.

      Overrides:
      doPreExecute in class AbstractProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      Returns:
      true iff execution should proceed

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Performs this action. Actions must override this method to perform their work.
      Overrides:
      doExecute in class AbstractProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context

    • getRequiredFormat

      @Nullable private String getRequiredFormat(@Nonnull ProfileRequestContext profileRequestContext)
      Extract a format required by the inbound request, if present.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a format dictated by the request, or null

    • generateNameID

      @Nullable private NameID generateNameID(@Nonnull ProfileRequestContext profileRequestContext)
      Attempt to generate a NameID using each of the candidate Formats and plugins.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a generated NameID or null

    • getAssertionSubject

      @Nonnull private Subject getAssertionSubject(@Nonnull Assertion assertion)
      Get the subject to which the name identifier will be added.
      Parameters:
      assertion - the assertion being modified
      Returns:
      the assertion to which the name identifier will be added

    • cloneNameID

      @Nonnull private NameID cloneNameID(@Nonnull NameID nameId)
      Create an efficient field-wise copy of a NameID.
      Parameters:
      nameId - the object to clone
      Returns:
      the copy