Package org.opensaml.saml.common.binding

Class SAMLBindingSupport

java.lang.Object
org.opensaml.saml.common.binding.SAMLBindingSupport
public final class SAMLBindingSupport extends Object
A support class for SAML binding operations.

  • Field Details

    • LOG

      @Nonnull private static final org.slf4j.Logger LOG
      Logger.

  • Constructor Details

    • SAMLBindingSupport

      private SAMLBindingSupport()
      Constructor.

  • Method Details

    • getRelayState

      @Nullable @NotEmpty public static String getRelayState(@Nonnull MessageContext messageContext)
      Get the SAML protocol relay state from a message context.
      Parameters:
      messageContext - the message context on which to operate
      Returns:
      the relay state or null

    • setRelayState

      public static void setRelayState(@Nonnull MessageContext messageContext, @Nullable String relayState)
      Set the SAML protocol relay state on a message context.
      Parameters:
      messageContext - the message context on which to operate
      relayState - the relay state to set

    • checkRelayState

      public static boolean checkRelayState(@Nullable String relayState)
      Checks that the relay state is 80 bytes or less if it is not null.
      Parameters:
      relayState - relay state to check
      Returns:
      true if the relay state is not empty and is less than 80 bytes

    • getEndpointURL

      @Nonnull public static URI getEndpointURL(@Nonnull MessageContext messageContext) throws BindingException
      Get the response URL from the relying party endpoint. If the SAML message is a response and the relying party endpoint contains a response location then that location is returned otherwise the normal endpoint location is returned.
      Parameters:
      messageContext - current message context
      Returns:
      response URL from the relying party endpoint
      Throws:
      BindingException - throw if no relying party endpoint is available

    • setSAML1ResponseRecipient

      public static void setSAML1ResponseRecipient(@Nonnull SAMLObject outboundMessage, @Nonnull @NotEmpty String endpointURL)
      Sets the destination attribute on the outbound message if it is a ResponseAbstractType message.
      Parameters:
      outboundMessage - outbound SAML message
      endpointURL - destination endpoint

    • setSAML2Destination

      public static void setSAML2Destination(@Nonnull SAMLObject outboundMessage, @Nonnull @NotEmpty String endpointURL)
      Sets the destination attribute on an outbound message if it is either a RequestAbstractType or a StatusResponseType message.
      Parameters:
      outboundMessage - outbound SAML message
      endpointURL - destination endpoint

    • isMessageSigned

      public static boolean isMessageSigned(@Nonnull MessageContext messageContext)
      Determine whether the SAML message represented by the message context is digitally signed.

      First the SAML protocol message is examined as to whether an XML signature is present at the DOM level; if yes return true. Finally, the presence of a binding signature is evaluated by looking at SAMLBindingContext.hasBindingSignature().

      Parameters:
      messageContext - current message context
      Returns:
      true if the message is considered to be digitally signed, false otherwise

    • isMessageSigned

      public static boolean isMessageSigned(@Nonnull MessageContext messageContext, boolean presenceSatisfies)
      Determine whether the SAML message represented by the message context is digitally signed.

      First the SAML protocol message is examined as to whether an XML signature is present at the DOM level; if yes return true. Next if presenceSatisfies is true, then SignableXMLObject.getSignature() is evaluated for a non-null value; if yes return true. Finally, the presence of a binding signature is evaluated by looking at SAMLBindingContext.hasBindingSignature().

      Parameters:
      messageContext - current message context
      presenceSatisfies - whether the presence of a non-null Signature member satisfies the evaluation
      Returns:
      true if the message is considered to be digitally signed, false otherwise

    • isSigningCapableBinding

      public static boolean isSigningCapableBinding(@Nonnull MessageContext messageContext)
      Determine whether the SAML binding to be used by the message context supports signatures at the binding layer.

      The capability of the binding is determined by extracting a BindingDescriptor from a SAMLBindingContext.

      Parameters:
      messageContext - current message context
      Returns:
      true if the message is considered to be digitally signed, false otherwise

    • isIntendedDestinationEndpointURIRequired

      public static boolean isIntendedDestinationEndpointURIRequired(@Nonnull MessageContext messageContext)
      Determine whether the binding in use requires the presence within the message of information indicating the intended message destination endpoint URI.
      Parameters:
      messageContext - current SAML message context
      Returns:
      true if the intended message destination endpoint is required, false if not

    • getIntendedDestinationEndpointURI

      @Nullable public static String getIntendedDestinationEndpointURI(@Nonnull MessageContext messageContext) throws MessageException
      Extract the message information which indicates to what receiver endpoint URI the SAML message was intended to be delivered.
      Parameters:
      messageContext - the SAML message context being processed
      Returns:
      the value of the intended destination endpoint URI, or null if not present or empty
      Throws:
      MessageException - thrown if the message is not an instance of SAML message that could be processed by the decoder

    • getActualReceiverEndpointURI

      @Nonnull public static String getActualReceiverEndpointURI(@Nonnull MessageContext messageContext, @Nonnull HttpServletRequest request) throws MessageException
      Extract the transport endpoint URI at which this message was received.
      Parameters:
      messageContext - current message context
      request - the HttpServletRequest being evaluated
      Returns:
      string representing the transport endpoint URI at which the current message was received
      Throws:
      MessageException - thrown if the endpoint can not be looked up from the message context and converted to a string representation

    • convertSAML2ArtifactEndpointIndex

      public static int convertSAML2ArtifactEndpointIndex(@Nonnull byte[] artifactEndpointIndex)
      Convert a 2-byte artifact endpoint index byte[] as typically used by SAML 2 artifact types to an integer, appropriate for use with IndexedEndpoint impls.

      The max input value supported is 0x7FFF (32767), which is the largest possible unsigned 16 bit value. This should be more than sufficient for typical SAML cases.

      Parameters:
      artifactEndpointIndex - the endpoint index byte array, must have length == 2, and big endian byte order.
      Returns:
      the convert integer value