Class SAMLAuthnController
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.idp.saml.saml2.profile.impl.SAMLAuthnController
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent
@Controller
@RequestMapping("%{idp.authn.SAML.externalAuthnPath:/Authn/SAML2}")
public class SAMLAuthnController
extends AbstractInitializableComponent
MVC controller that handles outbound and inbound message I/O for
proxied SAML authentication.
Outbound messaging is necessary to ensure webflow hygiene with respect to flow state, and inbound messaging is necessary to ensure a fixed URL for SAML endpoint management.
- Since:
- 4.0.0
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate Map<String,BindingDescriptor> Map of binding short names to deduce inbound binding constant.private final org.slf4j.LoggerClass logger.Lookup strategy to locate the nested ProfileRequestContext.Lookup strategy to locate the SAML context.private Map<String,HttpServletRequestValidator> Map of binding short names to HttpServletRequest validator. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidfinishSAML(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String binding) Inbound completion of the process, triggered by default for any methods.voidsetInboundBindings(Collection<BindingDescriptor> bindings) Set inbound bindings to use to deduce ProtocolBinding attribute.voidsetProfileRequestContextLookupStrategy(Function<ProfileRequestContext, ProfileRequestContext> strategy) Set the lookup strategy used to locate the nestedProfileRequestContext.voidSet the lookup strategy used to locate theSAMLAuthnContext.voidsetValidators(Map<String, HttpServletRequestValidator> validators) Set the HTTP request validators.voidstartSAML(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String binding) Outbound initiation of the process, triggered with a fixed addition to the path.private voidvalidateRequest(HttpServletRequest httpRequest, String binding) Validate the inbound HTTP request.Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, doInitialize, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
profileRequestContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,ProfileRequestContext> profileRequestContextLookupStrategyLookup strategy to locate the nested ProfileRequestContext. -
samlContextLookupStrategy
Lookup strategy to locate the SAML context. -
bindingMap
Map of binding short names to deduce inbound binding constant. -
validatorMap
Map of binding short names to HttpServletRequest validator.
-
-
Constructor Details
-
SAMLAuthnController
public SAMLAuthnController()Constructor.
-
-
Method Details
-
setProfileRequestContextLookupStrategy
public void setProfileRequestContextLookupStrategy(@Nonnull Function<ProfileRequestContext, ProfileRequestContext> strategy) Set the lookup strategy used to locate the nestedProfileRequestContext.- Parameters:
strategy- lookup strategy
-
setSAMLAuthnContextLookupStrategy
public void setSAMLAuthnContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLAuthnContext> strategy) Set the lookup strategy used to locate theSAMLAuthnContext.- Parameters:
strategy- lookup strategy
-
setInboundBindings
Set inbound bindings to use to deduce ProtocolBinding attribute.- Parameters:
bindings- the bindings to set
-
setValidators
Set the HTTP request validators.- Parameters:
validators- the validators map
-
startSAML
@GetMapping("/{binding}/SSO/start") public void startSAML(@Nonnull HttpServletRequest httpRequest, @Nonnull HttpServletResponse httpResponse, @PathVariable @Nonnull @NotEmpty String binding) throws ExternalAuthenticationException, IOException Outbound initiation of the process, triggered with a fixed addition to the path.- Parameters:
httpRequest- servlet requesthttpResponse- servlet responsebinding- a key for the eventual inbound binding- Throws:
ExternalAuthenticationException- if an error occursIOException- if an I/O error occurs
-
finishSAML
@RequestMapping("/{binding}/SSO") public void finishSAML(@Nonnull HttpServletRequest httpRequest, @Nonnull HttpServletResponse httpResponse, @PathVariable @Nonnull @NotEmpty String binding) throws ExternalAuthenticationException, IOException Inbound completion of the process, triggered by default for any methods.- Parameters:
httpRequest- servlet requesthttpResponse- servlet responsebinding- a key for the inbound binding- Throws:
ExternalAuthenticationException- if an error occursIOException- if an I/O error occurs
-
validateRequest
private void validateRequest(@Nonnull HttpServletRequest httpRequest, @Nonnull String binding) throws ExternalAuthenticationException Validate the inbound HTTP request.- Parameters:
httpRequest- the request to validatebinding- a key for the inbound binding- Throws:
ExternalAuthenticationException- if the request is determined to be invalid
-