Package net.shibboleth.idp.authn.impl

Class AttributeSourcedSubjectCanonicalization

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
net.shibboleth.idp.authn.impl.AttributeSourcedSubjectCanonicalization
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
public class AttributeSourcedSubjectCanonicalization extends AbstractSubjectCanonicalizationAction
An action that extracts a resolved IdPAttribute value from an AttributeContext child obtained via lookup function (by default a child of the SubjectCanonicalizationContext), and uses it as the result of subject canonicalization.

This action operates on a set of previously resolved attributes that are presumed to have been generated based in some fashion on the content of the SubjectCanonicalizationContext.

String and scoped attribute values are supported.

Event:
EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_SUBJECT
Precondition:
ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
Postcondition:
SubjectCanonicalizationContext.getPrincipalName() != null
  || SubjectCanonicalizationContext.getException() != null

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • delimiter

      private char delimiter
      Delimiter to use for scoped attribute serialization.

    • resolveFromSubject

      private boolean resolveFromSubject
      Whether to also check the original Subject for IdPAttributePrincipals.

    • subjectSourcedAttributes

      @Nonnull private Map<String,IdPAttribute> subjectSourcedAttributes
      Indexed attributes pulled from subject.

    • attributeSourceIds

      @Nonnull private List<String> attributeSourceIds
      Ordered list of attributes to look for and read from.

    • attributeContextLookupStrategy

      @Nonnull private Function<ProfileRequestContext,AttributeContext> attributeContextLookupStrategy
      Lookup strategy for AttributeContext to read from.

    • attributeCtx

      @Nullable private AttributeContext attributeCtx
      The context to read from.

  • Constructor Details

    • AttributeSourcedSubjectCanonicalization

      public AttributeSourcedSubjectCanonicalization()
      Constructor.

  • Method Details

    • setScopedDelimiter

      public void setScopedDelimiter(char ch)
      Set the delimiter to use for serializing scoped attribute values.
      Parameters:
      ch - delimiter to use

    • setResolveFromSubject

      public void setResolveFromSubject(boolean flag)
      Whether to include any IdPAttributePrincipal objects found in the input Subject when searching for a matching attribute ID.
      Parameters:
      flag - flag to set
      Since:
      4.1.0

    • setAttributeSourceIds

      public void setAttributeSourceIds(@Nonnull List<String> ids)
      Set the attribute IDs to read from in order of preference.
      Parameters:
      ids - attribute IDs to read from

    • setAttributeContextLookupStrategy

      public void setAttributeContextLookupStrategy(@Nonnull Function<ProfileRequestContext,AttributeContext> strategy)
      Set the lookup strategy for the AttributeContext to read from.
      Parameters:
      strategy - lookup strategy

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext)
      Performs this c14n action's pre-execute step. Default implementation just returns true iff a subject is set.
      Overrides:
      doPreExecute in class AbstractSubjectCanonicalizationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      c14nContext - the current subject canonicalization context
      Returns:
      true iff execution should continue

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractSubjectCanonicalizationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      c14nContext - the current subject canonicalization context

    • findValue

      @Nullable private String findValue(@Nonnull IdPAttribute attribute)
      Check for a compatible value in the input attribute.
      Parameters:
      attribute - input attribute
      Returns:
      value to use for result, or null