Package net.shibboleth.idp.saml.saml2.profile.impl

Class AddAuthnStatementToAssertion

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class AddAuthnStatementToAssertion
extends BaseAddAuthenticationStatementToAssertion

Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getIssuer(ProfileRequestContext).

The AuthnStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The AuthnContext will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains a custom principal from the profile context.

The SessionIndex and optionally SessionNotOnOrAfter attributes will also be set.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	AddAuthnStatementToAssertion.AssertionStrategy	Default strategy for obtaining assertion to modify.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,Assertion>	assertionLookupStrategy	Strategy used to locate the Assertion to operate on.
private Function<ProfileRequestContext,AuthnContextClassRefPrincipal>	classRefLookupStrategy	Strategy used to determine the AuthnContextClassRef.
private final org.slf4j.Logger	log	Class logger.
private Function<ProfileRequestContext,Duration>	sessionLifetimeLookupStrategy	Strategy used to determine SessionNotOnOrAfter value to set.
private Predicate<ProfileRequestContext>	suppressAuthenticatingAuthorityPredicate	Strategy used to determine whether to suppress AuthenticatingAuthority.

Constructor Summary

Constructors

Constructor	Description
AddAuthnStatementToAssertion()	Constructor.

Method Summary

Modifier and Type	Method	Description
private void	addAuthenticatingAuthorities(ProfileRequestContext profileRequestContext, AuthnContext authnContext)	Add Authenticating Authorities.
private AuthnStatement	buildAuthnStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext)	Build the AuthnStatement to be added to the Response.
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)	Performs this authentication action.
protected void	doInitialize()
void	setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the Assertion to operate on.
void	setClassRefLookupStrategy(Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)	Set the strategy function to use to obtain the authentication context class reference to use.
void	setSessionLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set the strategy used to locate the SessionNotOnOrAfter value to use.
void	setSuppressAuthenticatingAuthorityPredicate(Predicate<ProfileRequestContext> condition)	Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

doPreExecute, getAddressLookupStrategy, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setAddressLookupStrategy, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

assertionLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

classRefLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,AuthnContextClassRefPrincipal> classRefLookupStrategy

Strategy used to determine the AuthnContextClassRef.

sessionLifetimeLookupStrategy

@Nullable
private Function<ProfileRequestContext,Duration> sessionLifetimeLookupStrategy

Strategy used to determine SessionNotOnOrAfter value to set.

suppressAuthenticatingAuthorityPredicate

@Nonnull
private Predicate<ProfileRequestContext> suppressAuthenticatingAuthorityPredicate

Strategy used to determine whether to suppress AuthenticatingAuthority.

Constructor Details

AddAuthnStatementToAssertion

public AddAuthnStatementToAssertion()

Constructor.

Method Details

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:

strategy - strategy used to locate the Assertion to operate on

setClassRefLookupStrategy

public void setClassRefLookupStrategy(@Nonnull
 Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)

Set the strategy function to use to obtain the authentication context class reference to use.

Parameters:

strategy - authentication context class reference lookup strategy

setSessionLifetimeLookupStrategy

public void setSessionLifetimeLookupStrategy(@Nullable
 Function<ProfileRequestContext,Duration> strategy)

Set the strategy used to locate the SessionNotOnOrAfter value to use.

Parameters:

strategy - lookup strategy

setSuppressAuthenticatingAuthorityPredicate

public void setSuppressAuthenticatingAuthorityPredicate(@Nonnull
 Predicate<ProfileRequestContext> condition)

Set the condition used to determine whether to suppress inclusion of AuthenticatingAuthority.

Parameters:

condition - condition to set

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class BaseAddAuthenticationStatementToAssertion

Throws:

ComponentInitializationException

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext)

Performs this authentication action. Default implementation throws an exception.

Overrides:

doExecute in class AbstractAuthenticationAction

Parameters:

profileRequestContext - the current IdP profile request context

authenticationContext - the current authentication context

buildAuthnStatement

@Nonnull
private AuthnStatement buildAuthnStatement(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nullable
 RequestedPrincipalContext requestedPrincipalContext)

Build the AuthnStatement to be added to the Response.

Parameters:

profileRequestContext - current request context

requestedPrincipalContext - context specifying request requirements for authn context

Returns:

the authentication statement

addAuthenticatingAuthorities

private void addAuthenticatingAuthorities(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthnContext authnContext)

Add Authenticating Authorities.

Parameters:

profileRequestContext - the prc

authnContext - the authnContext