org.opensaml.saml.common.binding

Class SAMLBindingSupport

java.lang.Object

org.opensaml.saml.common.binding.SAMLBindingSupport

public final class SAMLBindingSupport
extends Object

A support class for SAML binding operations.

Field Summary

Fields

Modifier and Type	Field and Description
private static Logger	LOG Logger.

Constructor Summary

Constructors

Modifier	Constructor and Description
private	SAMLBindingSupport() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	checkRelayState(String relayState) Checks that the relay state is 80 bytes or less if it is not null.
static int	convertSAML2ArtifactEndpointIndex(byte[] artifactEndpointIndex) Convert a 2-byte artifact endpoint index byte[] as typically used by SAML 2 artifact types to an integer, appropriate for use with IndexedEndpoint impls.
static String	getActualReceiverEndpointURI(MessageContext<SAMLObject> messageContext, HttpServletRequest request) Extract the transport endpoint URI at which this message was received.
static URI	getEndpointURL(MessageContext<SAMLObject> messageContext) Get the response URL from the relying party endpoint.
static String	getIntendedDestinationEndpointURI(MessageContext<SAMLObject> messageContext) Extract the message information which indicates to what receiver endpoint URI the SAML message was intended to be delivered.
static String	getRelayState(MessageContext<SAMLObject> messageContext) Get the SAML protocol relay state from a message context.
static boolean	isIntendedDestinationEndpointURIRequired(MessageContext<SAMLObject> messageContext) Determine whether the binding in use requires the presence within the message of information indicating the intended message destination endpoint URI.
static boolean	isMessageSigned(MessageContext<SAMLObject> messageContext) Determine whether the SAML message represented by the message context is digitally signed.
static boolean	isSigningCapableBinding(MessageContext<SAMLObject> messageContext) Determine whether the SAML binding to be used by the message context supports signatures at the binding layer.
static void	setRelayState(MessageContext<SAMLObject> messageContext, String relayState) Set the SAML protocol relay state on a message context.
static void	setSAML1ResponseRecipient(SAMLObject outboundMessage, String endpointURL) Sets the destination attribute on the outbound message if it is a ResponseAbstractType message.
static void	setSAML2Destination(SAMLObject outboundMessage, String endpointURL) Sets the destination attribute on an outbound message if it is either a RequestAbstractType or a StatusResponseType message.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

@Nonnull
private static final Logger LOG

Logger.

Constructor Detail

SAMLBindingSupport

private SAMLBindingSupport()

Constructor.

Method Detail

getRelayState

@Nullable
@NotEmpty
public static String getRelayState(@Nonnull
                                     MessageContext<SAMLObject> messageContext)

Get the SAML protocol relay state from a message context.

Parameters:

messageContext - the message context on which to operate

Returns:

the relay state or null

setRelayState

public static void setRelayState(@Nonnull
                 MessageContext<SAMLObject> messageContext,
                 @Nullable
                 String relayState)

Set the SAML protocol relay state on a message context.

Parameters:

messageContext - the message context on which to operate

relayState - the relay state to set

checkRelayState

public static boolean checkRelayState(@Nullable
                      String relayState)

Checks that the relay state is 80 bytes or less if it is not null.

Parameters:

relayState - relay state to check

Returns:

true if the relay state is not empty and is less than 80 bytes

getEndpointURL

@Nonnull
public static URI getEndpointURL(@Nonnull
                         MessageContext<SAMLObject> messageContext)
                          throws BindingException

Get the response URL from the relying party endpoint. If the SAML message is a response and the relying party endpoint contains a response location then that location is returned otherwise the normal endpoint location is returned.

Parameters:

messageContext - current message context

Returns:

response URL from the relying party endpoint

Throws:

BindingException - throw if no relying party endpoint is available

setSAML1ResponseRecipient

public static void setSAML1ResponseRecipient(@Nonnull
                             SAMLObject outboundMessage,
                             @Nonnull@NotEmpty
                             String endpointURL)

Sets the destination attribute on the outbound message if it is a ResponseAbstractType message.

Parameters:

outboundMessage - outbound SAML message

endpointURL - destination endpoint

setSAML2Destination

public static void setSAML2Destination(@Nonnull
                       SAMLObject outboundMessage,
                       @Nonnull@NotEmpty
                       String endpointURL)

Sets the destination attribute on an outbound message if it is either a RequestAbstractType or a StatusResponseType message.

Parameters:

outboundMessage - outbound SAML message

endpointURL - destination endpoint

isMessageSigned

public static boolean isMessageSigned(@Nonnull
                      MessageContext<SAMLObject> messageContext)

Determine whether the SAML message represented by the message context is digitally signed.

First the SAML protocol message is examined as to whether an XML signature is present. If not, then the presence of a binding signature is evaluated by looking at SAMLBindingContext.hasBindingSignature().

Parameters:

messageContext - current message context

Returns:

true if the message is considered to be digitally signed, false otherwise

isSigningCapableBinding

public static boolean isSigningCapableBinding(@Nonnull
                              MessageContext<SAMLObject> messageContext)

Determine whether the SAML binding to be used by the message context supports signatures at the binding layer.

The capability of the binding is determined by extracting a BindingDescriptor from a SAMLBindingContext.

Parameters:

messageContext - current message context

Returns:

true if the message is considered to be digitally signed, false otherwise

isIntendedDestinationEndpointURIRequired

public static boolean isIntendedDestinationEndpointURIRequired(@Nonnull
                                               MessageContext<SAMLObject> messageContext)

Determine whether the binding in use requires the presence within the message of information indicating the intended message destination endpoint URI.

Parameters:

messageContext - current SAML message context

Returns:

true if the intended message destination endpoint is required, false if not

getIntendedDestinationEndpointURI

@Nullable
public static String getIntendedDestinationEndpointURI(@Nonnull
                                                MessageContext<SAMLObject> messageContext)
                                                throws MessageException

Extract the message information which indicates to what receiver endpoint URI the SAML message was intended to be delivered.

Parameters:

messageContext - the SAML message context being processed

Returns:

the value of the intended destination endpoint URI, or null if not present or empty

Throws:

MessageException - thrown if the message is not an instance of SAML message that could be processed by the decoder

getActualReceiverEndpointURI

@Nonnull
public static String getActualReceiverEndpointURI(@Nonnull
                                          MessageContext<SAMLObject> messageContext,
                                          @Nonnull
                                          HttpServletRequest request)
                                           throws MessageException

Extract the transport endpoint URI at which this message was received.

Parameters:

messageContext - current message context

request - the HttpServletRequest being evaluated

Returns:

string representing the transport endpoint URI at which the current message was received

Throws:

MessageException - thrown if the endpoint can not be looked up from the message context and converted to a string representation

convertSAML2ArtifactEndpointIndex

@Nonnull
public static int convertSAML2ArtifactEndpointIndex(@Nonnull
                                            byte[] artifactEndpointIndex)

Convert a 2-byte artifact endpoint index byte[] as typically used by SAML 2 artifact types to an integer, appropriate for use with IndexedEndpoint impls.

The max input value supported is 0x7FFF (32767), which is the largest possible unsigned 16 bit value. This should be more than sufficient for typical SAML cases.

Parameters:

artifactEndpointIndex - the endpoint index byte array, must have length == 2, and big endian byte order.

Returns:

the convert integer value