Class PopulateBindingAndEndpointContexts
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
Action that populates the outbound
SAMLBindingContext and when appropriate the
SAMLEndpointContext based on the inbound request.
If the inbound binding is found in the set of supported bindings, and it is "synchronous", then there is no endpoint (the response is sent directly back to the requester), and an endpoint context is not created. A binding context is created based on the inbound binding.
Otherwise, the endpoint context is populated by constructing a "template" endpoint,
with content based on the inbound request, and relying on an injected EndpointResolver
and an injected list of acceptable bindings.
The binding context is populated based on the computed endpoint's binding, and the
inbound SAMLBindingContext's relay state.
If the outbound binding is an artifact-based binding, then the action also creates
a SAMLArtifactContext populated by settings from the SAMLArtifactConfiguration.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate SAMLArtifactConfigurationArtifact configuration.Strategy function for access toSAMLArtifactContextto populate.private booleanWhether an artifact-based binding implies the use of a secure channel.Optional strategy function to obtain aBestMatchLocationCriterionto inject.Strategy function for access toSAMLBindingContextto populate.private List<BindingDescriptor>List of possible bindings, in preference order.private Function<ProfileRequestContext,List<BindingDescriptor>> Lookup strategy for bindings.private XMLObjectBuilder<?>Builder for template endpoints.Strategy function for access toSAMLEndpointContextto populate.private EndpointResolver<?>Endpoint resolver.private QNameThe type of endpoint to resolve.private ObjectOptional inbound message.private final org.slf4j.LoggerClass logger.private SAMLMetadataContextOptional metadata for use in endpoint derivation/validation.Strategy function for access toSAMLMetadataContextfor input to resolver.Strategy function for access toRelyingPartyContext.private StringOptional RP name for logging.private booleanWhether to bypass endpoint validation because message is signed.private booleanIs the relying party "verified" in SAML terms? -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate EndpointCriterion<?>buildEndpointCriterion(String unverifiedBinding) Build a template Endpoint object to use as input criteria to the resolution process and wrap it in a criterion object.protected voiddoExecute(ProfileRequestContext profileRequestContext) protected voidprotected booleandoPreExecute(ProfileRequestContext profileRequestContext) private booleanhandleSynchronousRequest(ProfileRequestContext profileRequestContext) Check for an inbound request binding that is synchronous and handle appropriately.voidSet lookup strategy forSAMLArtifactContextto populate.voidsetArtifactImpliesSecureChannel(boolean flag) Set whether an artifact-based binding implies that the eventual channel for SAML message exchange will be secured, overriding the integrity and confidentiality properties of the current channel.voidsetBestMatchCriterionLookupStrategy(Function<ProfileRequestContext, BestMatchLocationCriterion> strategy) Set lookup strategy forBestMatchLocationCriterionto inject.voidSet lookup strategy forSAMLBindingContextto populate.voidsetBindingDescriptorsLookupStrategy(Function<ProfileRequestContext, List<BindingDescriptor>> strategy) Set lookup strategy to return the bindings to evaluate for use, in preference order.voidSet lookup strategy forSAMLEndpointContextto populate.voidsetEndpointResolver(EndpointResolver<?> resolver) Set a customEndpointResolverto use.voidsetEndpointType(QName type) Set the type of endpoint to resolve, defaults to<AssertionConsumerService>.voidSet lookup strategy forSAMLMetadataContextfor input to resolution.voidSet lookup strategy forRelyingPartyContext.Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
endpointType
The type of endpoint to resolve. -
endpointResolver
Endpoint resolver. -
bindingDescriptorsLookupStrategy
@Nonnull private Function<ProfileRequestContext,List<BindingDescriptor>> bindingDescriptorsLookupStrategyLookup strategy for bindings. -
relyingPartyContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategyStrategy function for access toRelyingPartyContext. -
metadataContextLookupStrategy
Strategy function for access toSAMLMetadataContextfor input to resolver. -
bindingContextLookupStrategy
Strategy function for access toSAMLBindingContextto populate. -
endpointContextLookupStrategy
Strategy function for access toSAMLEndpointContextto populate. -
artifactContextLookupStrategy
Strategy function for access toSAMLArtifactContextto populate. -
bestMatchCriterionLookupStrategy
@Nullable private Function<ProfileRequestContext,BestMatchLocationCriterion> bestMatchCriterionLookupStrategyOptional strategy function to obtain aBestMatchLocationCriterionto inject. -
bindingDescriptors
List of possible bindings, in preference order. -
artifactImpliesSecureChannel
private boolean artifactImpliesSecureChannelWhether an artifact-based binding implies the use of a secure channel. -
endpointBuilder
Builder for template endpoints. -
artifactConfiguration
Artifact configuration. -
inboundMessage
Optional inbound message. -
relyingPartyId
Optional RP name for logging. -
mdContext
Optional metadata for use in endpoint derivation/validation. -
verified
private boolean verifiedIs the relying party "verified" in SAML terms? -
skipValidationSinceSigned
private boolean skipValidationSinceSignedWhether to bypass endpoint validation because message is signed.
-
-
Constructor Details
-
PopulateBindingAndEndpointContexts
public PopulateBindingAndEndpointContexts()Constructor.
-
-
Method Details
-
setEndpointType
Set the type of endpoint to resolve, defaults to<AssertionConsumerService>.- Parameters:
type- type of endpoint to resolve
-
setEndpointResolver
Set a customEndpointResolverto use.- Parameters:
resolver- endpoint resolver to use
-
setBindingDescriptorsLookupStrategy
public void setBindingDescriptorsLookupStrategy(@Nonnull Function<ProfileRequestContext, List<BindingDescriptor>> strategy) Set lookup strategy to return the bindings to evaluate for use, in preference order.- Parameters:
strategy- lookup strategy- Since:
- 4.0.0
-
setRelyingPartyContextLookupStrategy
public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> strategy) Set lookup strategy forRelyingPartyContext.- Parameters:
strategy- lookup strategy
-
setMetadataContextLookupStrategy
public void setMetadataContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLMetadataContext> strategy) Set lookup strategy forSAMLMetadataContextfor input to resolution.- Parameters:
strategy- lookup strategy
-
setBindingContextLookupStrategy
public void setBindingContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLBindingContext> strategy) Set lookup strategy forSAMLBindingContextto populate.- Parameters:
strategy- lookup strategy
-
setEndpointContextLookupStrategy
public void setEndpointContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLEndpointContext> strategy) Set lookup strategy forSAMLEndpointContextto populate.- Parameters:
strategy- lookup strategy
-
setArtifactContextLookupStrategy
public void setArtifactContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLArtifactContext> strategy) Set lookup strategy forSAMLArtifactContextto populate.- Parameters:
strategy- lookup strategy
-
setBestMatchCriterionLookupStrategy
public void setBestMatchCriterionLookupStrategy(@Nullable Function<ProfileRequestContext, BestMatchLocationCriterion> strategy) Set lookup strategy forBestMatchLocationCriterionto inject.- Parameters:
strategy- lookup strategy
-
setArtifactImpliesSecureChannel
public void setArtifactImpliesSecureChannel(boolean flag) Set whether an artifact-based binding implies that the eventual channel for SAML message exchange will be secured, overriding the integrity and confidentiality properties of the current channel.This has the effect of suppressing signing and encryption when an artifact binding is used, which is normally desirable.
Defaults to true.
- Parameters:
flag- flag to set
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
- Overrides:
doPreExecutein classAbstractConditionalProfileAction
-
doExecute
- Overrides:
doExecutein classAbstractProfileAction
-
handleSynchronousRequest
Check for an inbound request binding that is synchronous and handle appropriately.- Parameters:
profileRequestContext- profile request context- Returns:
- true iff a synchronous binding was handled
-
buildEndpointCriterion
@Nonnull private EndpointCriterion<?> buildEndpointCriterion(@Nonnull @NotEmpty String unverifiedBinding) Build a template Endpoint object to use as input criteria to the resolution process and wrap it in a criterion object.- Parameters:
unverifiedBinding- default binding to use for an unverified requester with no Binding specified- Returns:
- criterion to give to resolver
-