edu.internet2.middleware.shibboleth.idp.profile.saml1

Class ShibbolethSSOProfileHandler

java.lang.Object

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler

All Implemented Interfaces:

ProfileHandler<HTTPInTransport,HTTPOutTransport>

public class ShibbolethSSOProfileHandler
extends AbstractSAML1ProfileHandler

Shibboleth SSO request profile handler.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	ShibbolethSSOProfileHandler.ShibbolethSSORequestContext Represents the internal state of a Shibboleth SSO Request while it's being processed by the IdP.

Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

AbstractSAML1ProfileHandler.SAML1AuditLogEntry

Field Summary

Fields

Modifier and Type	Field and Description
private String	authenticationManagerPath URL of the authentication manager servlet.
private SAMLObjectBuilder<AuthenticationStatement>	authnStatementBuilder Builder of AuthenticationStatement objects.
private SAMLObjectBuilder<Endpoint>	endpointBuilder Builder of Endpoint objects.
private org.slf4j.Logger	log Class logger.
private SAMLObjectBuilder<SubjectLocality>	subjectLocalityBuilder Builder of SubjectLocality objects.

Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

SAML_VERSION

Constructor Summary

Constructors

Constructor and Description
ShibbolethSSOProfileHandler(String authnManagerPath) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected AuthenticationStatement	buildAuthenticationStatement(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext) Builds the authentication statement for the authenticated principal.
protected ShibbolethSSOProfileHandler.ShibbolethSSORequestContext	buildRequestContext(ShibbolethSSOLoginContext loginContext, HTTPInTransport in, HTTPOutTransport out) Creates an authentication request context from the current environmental information.
protected SubjectLocality	buildSubjectLocality(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext) Constructs the subject locality for the authentication statement.
protected void	completeAuthenticationRequest(ShibbolethSSOLoginContext loginContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Creates a response to the Shibboleth SSO and sends the user, with response in tow, back to the relying party after they've been authenticated.
protected void	decodeRequest(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Decodes an incoming request and populates a created request context with the resultant information.
String	getProfileId()
protected void	performAuthentication(HTTPInTransport inTransport, HTTPOutTransport outTransport) Creates a ShibbolethSSOLoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.
protected void	populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the asserting party.
protected void	populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the relying party.
protected void	populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information from the inbound SAML message.
void	processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
protected Endpoint	selectEndpoint(BaseSAMLProfileRequestContext requestContext) Selects the appropriate endpoint for the relying party and stores it in the request context.

Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

buildAssertion, buildAttributeStatement, buildConditions, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, checkSamlVersion, getSessionIndexFromNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry

Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getAuditLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getOutboundMessageEncoder, getRelyingPartyConfiguration, getRequiredNameIDFormat, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings

Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler

getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService

Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler

getRequestPaths, setRequestPaths

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

authnStatementBuilder

private SAMLObjectBuilder<AuthenticationStatement> authnStatementBuilder

Builder of AuthenticationStatement objects.

subjectLocalityBuilder

private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder

Builder of SubjectLocality objects.

endpointBuilder

private SAMLObjectBuilder<Endpoint> endpointBuilder

Builder of Endpoint objects.

authenticationManagerPath

private String authenticationManagerPath

URL of the authentication manager servlet.

Constructor Detail

ShibbolethSSOProfileHandler

public ShibbolethSSOProfileHandler(String authnManagerPath)

Constructor.

Parameters:

authnManagerPath - path to the authentication manager servlet

Method Detail

getProfileId

public String getProfileId()

Specified by:

getProfileId in class AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

processRequest

public void processRequest(HTTPInTransport inTransport,
                  HTTPOutTransport outTransport)
                    throws ProfileException

Throws:

ProfileException

performAuthentication

protected void performAuthentication(HTTPInTransport inTransport,
                         HTTPOutTransport outTransport)
                              throws ProfileException

Creates a ShibbolethSSOLoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.

Parameters:

inTransport - inbound message transport

outTransport - outbound message transport

Throws:

ProfileException - thrown if there is a problem creating the login context and transferring control to the authentication manager

decodeRequest

protected void decodeRequest(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext,
                 HTTPInTransport inTransport,
                 HTTPOutTransport outTransport)
                      throws ProfileException

Decodes an incoming request and populates a created request context with the resultant information.

Parameters:

inTransport - inbound message transport

outTransport - outbound message transport

requestContext - the request context to which decoded information should be added

Throws:

ProfileException - throw if there is a problem decoding the request

completeAuthenticationRequest

protected void completeAuthenticationRequest(ShibbolethSSOLoginContext loginContext,
                                 HTTPInTransport inTransport,
                                 HTTPOutTransport outTransport)
                                      throws ProfileException

Creates a response to the Shibboleth SSO and sends the user, with response in tow, back to the relying party after they've been authenticated.

Parameters:

loginContext - login context for this request

inTransport - inbound message transport

outTransport - outbound message transport

Throws:

ProfileException - thrown if the response can not be created and sent back to the relying party

buildRequestContext

protected ShibbolethSSOProfileHandler.ShibbolethSSORequestContext buildRequestContext(ShibbolethSSOLoginContext loginContext,
                                                                          HTTPInTransport in,
                                                                          HTTPOutTransport out)
                                                                               throws ProfileException

Creates an authentication request context from the current environmental information.

Parameters:

loginContext - current login context

in - inbound transport

out - outbount transport

Returns:

created authentication request context

Throws:

ProfileException - thrown if there is a problem creating the context

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                        throws ProfileException

Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: inbound message issuer This methods populates the following request context properties: peer entityID, peer entity metadata, relying party configuration

Overrides:

populateRelyingPartyInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                          throws ProfileException

Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

Overrides:

populateAssertingPartyInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
                                       throws ProfileException

Populates the request context with information from the inbound SAML message. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext),and AbstractSAMLProfileHandler.populateAssertingPartyInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context.

Specified by:

populateSAMLMessageInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem populating the request context with information

selectEndpoint

protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext)

Selects the appropriate endpoint for the relying party and stores it in the request context.

Specified by:

selectEndpoint in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Returns:

Endpoint selected from the information provided in the request context

buildAuthenticationStatement

protected AuthenticationStatement buildAuthenticationStatement(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)
                                                        throws ProfileException

Builds the authentication statement for the authenticated principal.

Parameters:

requestContext - current request context

Returns:

the created statement

Throws:

ProfileException - thrown if the authentication statement can not be created

buildSubjectLocality

protected SubjectLocality buildSubjectLocality(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)

Constructs the subject locality for the authentication statement.

Parameters:

requestContext - current request context

Returns:

subject locality for the authentication statement