|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectedu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>
edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>
edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
public class SSOProfileHandler
SAML 2.0 SSO request profile handler.
| Nested Class Summary | |
|---|---|
protected class |
SSOProfileHandler.SSORequestContext
Represents the internal state of a SAML 2.0 SSO Request while it's being processed by the IdP. |
| Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler |
|---|
AbstractSAML2ProfileHandler.SAML2AuditLogEntry |
| Field Summary | |
|---|---|
private String |
authenticationManagerPath
URL of the authentication manager Servlet. |
private SAMLObjectBuilder<AuthnContext> |
authnContextBuilder
Builder of AuthnContext objects. |
private SAMLObjectBuilder<AuthnContextClassRef> |
authnContextClassRefBuilder
Builder of AuthnContextClassRef objects. |
private SAMLObjectBuilder<AuthnContextDeclRef> |
authnContextDeclRefBuilder
Builder of AuthnContextDeclRef objects. |
private SAMLObjectBuilder<AuthnStatement> |
authnStatementBuilder
Builder of AuthnStatement objects. |
private SAMLObjectBuilder<Endpoint> |
endpointBuilder
Builder of Endpoint objects. |
private org.slf4j.Logger |
log
Class logger. |
private SAMLObjectBuilder<SubjectLocality> |
subjectLocalityBuilder
Builder of SubjectLocality objects. |
| Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler |
|---|
SAML_VERSION |
| Constructor Summary | |
|---|---|
SSOProfileHandler(String authnManagerPath)
Constructor. |
|
| Method Summary | |
|---|---|
protected AuthnContext |
buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
Creates an AuthnContext for a successful authentication request. |
protected AuthnStatement |
buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
Creates an authentication statement for the current request. |
protected NameID |
buildNameId(BaseSAML2ProfileRequestContext<?,?,?> requestContext)
Builds a NameID appropriate for this request. |
protected SSOProfileHandler.SSORequestContext |
buildRequestContext(Saml2LoginContext loginContext,
HTTPInTransport in,
HTTPOutTransport out)
Creates an authentication request context from the current environmental information. |
protected SubjectLocality |
buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)
Constructs the subject locality for the authentication statement. |
protected void |
checkNameIDPolicy(SSOProfileHandler.SSORequestContext requestContext)
Checks to see, if present, if the affiliation associated with the SPNameQualifier given in the AuthnRequest NameIDPolicy lists the inbound message issuer as a member. |
protected void |
completeAuthenticationRequest(Saml2LoginContext loginContext,
HTTPInTransport inTransport,
HTTPOutTransport outTransport)
Creates a response to the AuthnRequest and sends the user, with response in tow, back to the relying
party after they've been authenticated. |
protected void |
decodeRequest(SSOProfileHandler.SSORequestContext requestContext,
HTTPInTransport inTransport,
HTTPOutTransport outTransport)
Decodes an incoming request and stores the information in a created request context. |
protected AuthnRequest |
deserializeRequest(String request)
Deserializes an authentication request from a string. |
String |
getProfileId()
|
protected String |
getRequiredNameIDFormat(BaseSAMLProfileRequestContext requestContext)
Gets the name identifier format required to be sent back to the relying party. |
protected void |
performAuthentication(HTTPInTransport inTransport,
HTTPOutTransport outTransport)
Creates a Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of
authenticating the user. |
protected void |
populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the asserting party. |
protected void |
populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the relying party. |
protected void |
populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
Populates the request context with information from the inbound SAML message. |
protected void |
postProcessAssertion(BaseSAML2ProfileRequestContext<?,?,?> requestContext,
Assertion assertion)
Extension point for for subclasses to post-process the Assertion before it is signed and encrypted. |
protected void |
postProcessResponse(BaseSAML2ProfileRequestContext<?,?,?> requestContext,
Response samlResponse)
Extension point for for subclasses to post-process the Response before it is signed and encoded. |
void |
processRequest(HTTPInTransport inTransport,
HTTPOutTransport outTransport)
|
protected Endpoint |
selectEndpoint(BaseSAMLProfileRequestContext requestContext)
Selects the appropriate endpoint for the relying party and stores it in the request context. |
| Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler |
|---|
buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry |
| Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler |
|---|
getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService |
| Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler |
|---|
getRequestPaths, setRequestPaths |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
private final org.slf4j.Logger log
private SAMLObjectBuilder<AuthnStatement> authnStatementBuilder
private SAMLObjectBuilder<AuthnContext> authnContextBuilder
private SAMLObjectBuilder<AuthnContextClassRef> authnContextClassRefBuilder
private SAMLObjectBuilder<AuthnContextDeclRef> authnContextDeclRefBuilder
private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder
private SAMLObjectBuilder<Endpoint> endpointBuilder
private String authenticationManagerPath
| Constructor Detail |
|---|
public SSOProfileHandler(String authnManagerPath)
authnManagerPath - path to the authentication manager Servlet| Method Detail |
|---|
public String getProfileId()
getProfileId in class AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>
public void processRequest(HTTPInTransport inTransport,
HTTPOutTransport outTransport)
throws ProfileException
ProfileException
protected void performAuthentication(HTTPInTransport inTransport,
HTTPOutTransport outTransport)
throws ProfileException
Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of
authenticating the user.
inTransport - inbound request transportoutTransport - outbound response transport
ProfileException - thrown if there is a problem creating the login context and transferring control to the
authentication manager
protected void completeAuthenticationRequest(Saml2LoginContext loginContext,
HTTPInTransport inTransport,
HTTPOutTransport outTransport)
throws ProfileException
AuthnRequest and sends the user, with response in tow, back to the relying
party after they've been authenticated.
loginContext - login context for this requestinTransport - inbound message transportoutTransport - outbound message transport
ProfileException - thrown if the response can not be created and sent back to the relying party
protected void decodeRequest(SSOProfileHandler.SSORequestContext requestContext,
HTTPInTransport inTransport,
HTTPOutTransport outTransport)
throws ProfileException
inTransport - inbound transportoutTransport - outbound transportrequestContext - request context to which decoded information should be added
ProfileException - thrown if the incoming message failed decoding
protected void checkNameIDPolicy(SSOProfileHandler.SSORequestContext requestContext)
throws ProfileException
requestContext - current request context
ProfileException - thrown if there the request is not a member of the affiliation or if there was a problem
determining membership
protected SSOProfileHandler.SSORequestContext buildRequestContext(Saml2LoginContext loginContext,
HTTPInTransport in,
HTTPOutTransport out)
throws ProfileException
loginContext - current login contextin - inbound transportout - outbount transport
ProfileException - thrown if there is a problem creating the context
protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
throws ProfileException
populateRelyingPartyInformation in class AbstractSAMLProfileHandlerrequestContext - current request context
ProfileException - thrown if there is a problem looking up the relying party's metadata
protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
throws ProfileException
AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked
AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the
properties it provides are available in the request context.
This method requires the the following request context properties to be populated: metadata provider, relying
party configuration
This methods populates the following request context properties: local entity ID, outbound message issuer, local
entity metadata
populateAssertingPartyInformation in class AbstractSAMLProfileHandlerrequestContext - current request context
ProfileException - thrown if there is a problem looking up the asserting party's metadata
protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
throws ProfileException
populateSAMLMessageInformation in class AbstractSAMLProfileHandlerrequestContext - current request context
ProfileException - thrown if the inbound SAML message or subject identifier is nullprotected AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
requestContext - current request context
protected AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
AuthnContext for a successful authentication request.
requestContext - current request
protected SubjectLocality buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)
requestContext - curent request context
protected String getRequiredNameIDFormat(BaseSAMLProfileRequestContext requestContext)
getRequiredNameIDFormat in class AbstractSAMLProfileHandlerrequestContext - current request context
protected NameID buildNameId(BaseSAML2ProfileRequestContext<?,?,?> requestContext)
throws ProfileException
buildNameId in class AbstractSAML2ProfileHandlerrequestContext - current request context
ProfileException - thrown if a NameID can not be created either because there was a problem encoding the
name ID attribute or because there are no supported name formatsprotected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext)
selectEndpoint in class AbstractSAMLProfileHandlerrequestContext - current request context
protected AuthnRequest deserializeRequest(String request)
throws UnmarshallingException
request - request to deserialize
UnmarshallingException - thrown if the request can no be deserialized and unmarshalled
protected void postProcessAssertion(BaseSAML2ProfileRequestContext<?,?,?> requestContext,
Assertion assertion)
throws ProfileException
postProcessAssertion in class AbstractSAML2ProfileHandlerrequestContext - the current request contextassertion - the SAML Assertion being built
ProfileException - if there is an error processing the assertion
protected void postProcessResponse(BaseSAML2ProfileRequestContext<?,?,?> requestContext,
Response samlResponse)
throws ProfileException
postProcessResponse in class AbstractSAML2ProfileHandlerrequestContext - the current request contextsamlResponse - the SAML Response being built
ProfileException - if there was an error processing the response
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||