Package net.shibboleth.idp.saml.saml2.profile.impl

Class AddAuthnRequest

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnRequest
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
public class AddAuthnRequest extends AbstractAuthenticationAction
Action that creates an AuthnRequest and sets it as the message returned by InOutOperationContext.getOutboundMessageContext().

If an issuer value is returned via a lookup strategy, then it's set as the Issuer of the message.

Various other values are derived from the active configuration such as RequestedAuthnContext, NameIDPolicy, and Scoping.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, IdPEventIds.INVALID_PROFILE_CONFIG
Postcondition:
ProfileRequestContext.getOutboundMessageContext().getMessage() != null

  • Field Details

  • Constructor Details

    • AddAuthnRequest

      public AddAuthnRequest()
      Constructor.

  • Method Details

    • setConvertUnknownRequestedPrincipals

      public void setConvertUnknownRequestedPrincipals(boolean flag)
      Sets whether to convert unknown/non-SAML Principal objects returned for use in the RequestedAuthnContext population step into SAML AuthnContextClassRef values.

      Defaults to false.

      Parameters:
      flag - flag to set
      Since:
      5.1.0

    • setOverwriteExisting

      public void setOverwriteExisting(boolean flag)
      Set whether to overwrite an existing message.
      Parameters:
      flag - flag to set

    • setIdentifierGeneratorLookupStrategy

      public void setIdentifierGeneratorLookupStrategy(@Nonnull Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)
      Set the strategy used to locate the IdentifierGenerationStrategy to use.
      Parameters:
      strategy - lookup strategy

    • setIssuerLookupStrategy

      public void setIssuerLookupStrategy(@Nullable Function<ProfileRequestContext,String> strategy)
      Set the strategy used to locate the issuer value to use.
      Parameters:
      strategy - lookup strategy

    • setRequesterLookupStrategy

      public void setRequesterLookupStrategy(@Nonnull Function<ProfileRequestContext,String> strategy)
      Set the strategy used to locate the requester value to use for the Scoping element's RequesterID value.
      Parameters:
      strategy - lookup strategy
      Since:
      4.3.0

    • setProxiedRequesterContextLookupStrategy

      public void setProxiedRequesterContextLookupStrategy(@Nonnull Function<ProfileRequestContext,ProxiedRequesterContext> strategy)
      Set the strategy used to locate the ProxiedRequesterContext to use for the Scoping element's RequesterID values.
      Parameters:
      strategy - lookup strategy
      Since:
      4.3.0

    • setNameIDLookupStrategy

      public void setNameIDLookupStrategy(@Nullable Function<ProfileRequestContext,NameID> strategy)
      Set optional strategy to derive a NameID to populate into the AuthnRequest's Subject element.
      Parameters:
      strategy - lookup strategy
      Since:
      5.0.0

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action's pre-execute step. Default implementation just returns true.
      Overrides:
      doPreExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context
      Returns:
      true iff execution should continue

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context

    • buildRequestedAuthnContext

      @Nullable private RequestedAuthnContext buildRequestedAuthnContext(@Nullable ProfileRequestContext profileRequestContext)
      Build a RequestedAuthnContext if warranted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      the object to include in the request, or null

    • buildSubject

      @Nullable private Subject buildSubject(@Nonnull ProfileRequestContext profileRequestContext)
      Build a Subject element if necessary.
      Parameters:
      profileRequestContext - profile request context
      Returns:
      the Subject element to include
      Since:
      5.0.0

    • buildScoping

      @Nullable private Scoping buildScoping(@Nonnull ProfileRequestContext profileRequestContext, @Nullable Integer count, @Nonnull Set<String> idplist)
      Build a Scoping element, decrementing the proxy count if set.
      Parameters:
      profileRequestContext - current profile request context
      count - proxy count
      idplist - list of IdP entityIDs
      Returns:
      populated Scoping

    • buildExtensions

      @Nullable private Extensions buildExtensions(@Nonnull ProfileRequestContext profileRequestContext)
      Build RequestedAttributes extension if required.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      extension or null