edu.internet2.middleware.shibboleth.idp.profile.saml2

Class ArtifactResolution

java.lang.Object

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml2.ArtifactResolution

All Implemented Interfaces:

ProfileHandler<HTTPInTransport,HTTPOutTransport>

public class ArtifactResolution
extends AbstractSAML2ProfileHandler

SAML 2.0 Artifact resolution profile handler.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	ArtifactResolution.ArtifactResolutionRequestContext Represents the internal state of a SAML 2.0 Artifact resolver request while it's being processed by the IdP.

Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

AbstractSAML2ProfileHandler.SAML2AuditLogEntry

Field Summary

Fields

Modifier and Type	Field and Description
private SAMLObjectBuilder<AssertionConsumerService>	acsEndpointBuilder Builder of assertion consumer service endpoints.
private SAMLArtifactMap	artifactMap Map artifacts to SAML messages.
private org.slf4j.Logger	log Class logger.
private SAMLObjectBuilder<ArtifactResponse>	responseBuilder Artifact response object builder.

Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

SAML_VERSION

Constructor Summary

Constructors

Constructor and Description
ArtifactResolution(SAMLArtifactMap map) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected ArtifactResponse	buildArtifactErrorResponse(ArtifactResolution.ArtifactResolutionRequestContext requestContext) Constructs an artifact resolution response with an error status as content.
protected ArtifactResponse	buildArtifactResponse(ArtifactResolution.ArtifactResolutionRequestContext requestContext) Constructs a artifact resolution response with the derferenced SAML message inside.
protected void	decodeRequest(ArtifactResolution.ArtifactResolutionRequestContext requestContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Decodes an incoming request and populates a created request context with the resultant information.
String	getProfileId()
protected void	populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the asserting party.
protected void	populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the relying party.
protected void	populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information from the inbound SAML message.
void	processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
protected Endpoint	selectEndpoint(BaseSAMLProfileRequestContext requestContext) Selects the appropriate endpoint for the relying party and stores it in the request context.

Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, getSessionIndexFromNameID, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, postProcessAssertion, postProcessResponse, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry

Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getAuditLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getOutboundMessageEncoder, getRelyingPartyConfiguration, getRequiredNameIDFormat, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings

Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler

getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService

Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler

getRequestPaths, setRequestPaths

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

artifactMap

private SAMLArtifactMap artifactMap

Map artifacts to SAML messages.

responseBuilder

private SAMLObjectBuilder<ArtifactResponse> responseBuilder

Artifact response object builder.

acsEndpointBuilder

private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder

Builder of assertion consumer service endpoints.

Constructor Detail

ArtifactResolution

public ArtifactResolution(SAMLArtifactMap map)

Constructor.

Parameters:

map - ArtifactMap used to lookup artifacts to be resolved.

Method Detail

getProfileId

public String getProfileId()

Specified by:

getProfileId in class AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

processRequest

public void processRequest(HTTPInTransport inTransport,
                  HTTPOutTransport outTransport)
                    throws ProfileException

Throws:

ProfileException

decodeRequest

protected void decodeRequest(ArtifactResolution.ArtifactResolutionRequestContext requestContext,
                 HTTPInTransport inTransport,
                 HTTPOutTransport outTransport)
                      throws ProfileException

Decodes an incoming request and populates a created request context with the resultant information.

Parameters:

inTransport - inbound message transport

outTransport - outbound message transport

requestContext - request context to which decoded information should be added

Throws:

ProfileException - throw if there is a problem decoding the request

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                        throws ProfileException

Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: inbound message issuer This methods populates the following request context properties: peer entityID, peer entity metadata, relying party configuration

Overrides:

populateRelyingPartyInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                          throws ProfileException

Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

Overrides:

populateAssertingPartyInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
                                       throws ProfileException

Populates the request context with information from the inbound SAML message. This method requires the the following request context properties to be populated: inbound saml message This methods populates the following request context properties: subject name identifier

Specified by:

populateSAMLMessageInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if the inbound SAML message or subject identifier is null

selectEndpoint

protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext)

Selects the appropriate endpoint for the relying party and stores it in the request context.

Specified by:

selectEndpoint in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Returns:

Endpoint selected from the information provided in the request context

buildArtifactResponse

protected ArtifactResponse buildArtifactResponse(ArtifactResolution.ArtifactResolutionRequestContext requestContext)

Constructs a artifact resolution response with the derferenced SAML message inside.

Parameters:

requestContext - current request context

Returns:

constructed response

buildArtifactErrorResponse

protected ArtifactResponse buildArtifactErrorResponse(ArtifactResolution.ArtifactResolutionRequestContext requestContext)

Constructs an artifact resolution response with an error status as content.

Parameters:

requestContext - current request context

Returns:

constructed response