public class PopulateBindingAndEndpointContexts extends AbstractProfileAction
SAMLBindingContext and when appropriate the
SAMLEndpointContext based on the inbound request.
If the inbound binding is found in the set of supported bindings, and it is "synchronous", then there is no endpoint (the response is sent directly back to the requester), and an endpoint context is not created. A binding context is created based on the inbound binding.
Otherwise, the endpoint context is populated by constructing a "template" endpoint,
with content based on the inbound request, and relying on an injected EndpointResolver
and an injected list of acceptable bindings.
The binding context is populated based on the computed endpoint's binding, and the
inbound SAMLBindingContext's relay state.
If the outbound binding is an artifact-based binding, then the action also creates
a SAMLArtifactContext populated by settings from the SAMLArtifactConfiguration.
| Modifier and Type | Field and Description |
|---|---|
private SAMLArtifactConfiguration |
artifactConfiguration
Artifact configuration.
|
private com.google.common.base.Function<ProfileRequestContext,SAMLArtifactContext> |
artifactContextLookupStrategy
Strategy function for access to
SAMLArtifactContext to populate. |
private boolean |
artifactImpliesSecureChannel
Whether an artifact-based binding implies the use of a secure channel.
|
private com.google.common.base.Function<ProfileRequestContext,SAMLBindingContext> |
bindingContextLookupStrategy
Strategy function for access to
SAMLBindingContext to populate. |
private List<BindingDescriptor> |
bindingDescriptors
List of possible bindings, in preference order.
|
private XMLObjectBuilder<?> |
endpointBuilder
Builder for template endpoints.
|
private com.google.common.base.Function<ProfileRequestContext,SAMLEndpointContext> |
endpointContextLookupStrategy
Strategy function for access to
SAMLEndpointContext to populate. |
private EndpointResolver<?> |
endpointResolver
Endpoint resolver.
|
private QName |
endpointType
The type of endpoint to resolve.
|
private Object |
inboundMessage
Optional inbound message.
|
private org.slf4j.Logger |
log
Class logger.
|
private SAMLMetadataContext |
mdContext
Optional metadata for use in endpoint derivation/validation.
|
private com.google.common.base.Function<ProfileRequestContext,SAMLMetadataContext> |
metadataContextLookupStrategy
Strategy function for access to
SAMLMetadataContext for input to resolver. |
private com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> |
relyingPartyContextLookupStrategy
Strategy function for access to
RelyingPartyContext. |
private String |
relyingPartyId
Optional RP name for logging.
|
private boolean |
skipValidationSinceSigned
Whether to bypass endpoint validation because message is signed.
|
private boolean |
verified
Is the relying party "verified" in SAML terms?
|
| Constructor and Description |
|---|
PopulateBindingAndEndpointContexts()
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
private EndpointCriterion |
buildEndpointCriterion(String unverifiedBinding)
Build a template Endpoint object to use as input criteria to the resolution process and wrap it in
a criterion object.
|
protected void |
doExecute(ProfileRequestContext profileRequestContext) |
protected void |
doInitialize() |
protected boolean |
doPreExecute(ProfileRequestContext profileRequestContext) |
private boolean |
handleSynchronousRequest(ProfileRequestContext profileRequestContext)
Check for an inbound request binding that is synchronous and handle appropriately.
|
void |
setArtifactContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLArtifactContext> strategy)
Set lookup strategy for
SAMLArtifactContext to populate. |
void |
setArtifactImpliesSecureChannel(boolean flag)
Set whether an artifact-based binding implies that the eventual channel for SAML message exchange
will be secured, overriding the integrity and confidentiality properties of the current channel.
|
void |
setBindingContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLBindingContext> strategy)
Set lookup strategy for
SAMLBindingContext to populate. |
void |
setBindings(List<BindingDescriptor> bindings)
Set the bindings to evaluate for use, in preference order.
|
void |
setEndpointContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLEndpointContext> strategy)
Set lookup strategy for
SAMLEndpointContext to populate. |
void |
setEndpointResolver(EndpointResolver<?> resolver)
Set a custom
EndpointResolver to use. |
void |
setEndpointType(QName type)
Set the type of endpoint to resolve, defaults to
<AssertionConsumerService>. |
void |
setMetadataContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLMetadataContext> strategy)
Set lookup strategy for
SAMLMetadataContext for input to resolution. |
void |
setRelyingPartyContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> strategy)
Set lookup strategy for
RelyingPartyContext. |
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategygetActivationCondition, setActivationConditiondoPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponsedestroy, doDestroy, initialize, isDestroyed, isInitializedclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitinitialize, isInitialized@Nonnull private final org.slf4j.Logger log
@NonnullAfterInit private EndpointResolver<?> endpointResolver
@Nonnull @NonnullElements private List<BindingDescriptor> bindingDescriptors
@Nonnull private com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy
RelyingPartyContext.@Nonnull private com.google.common.base.Function<ProfileRequestContext,SAMLMetadataContext> metadataContextLookupStrategy
SAMLMetadataContext for input to resolver.@Nonnull private com.google.common.base.Function<ProfileRequestContext,SAMLBindingContext> bindingContextLookupStrategy
SAMLBindingContext to populate.@Nonnull private com.google.common.base.Function<ProfileRequestContext,SAMLEndpointContext> endpointContextLookupStrategy
SAMLEndpointContext to populate.@Nonnull private com.google.common.base.Function<ProfileRequestContext,SAMLArtifactContext> artifactContextLookupStrategy
SAMLArtifactContext to populate.private boolean artifactImpliesSecureChannel
@NonnullAfterInit private XMLObjectBuilder<?> endpointBuilder
@Nullable private SAMLArtifactConfiguration artifactConfiguration
@Nullable private SAMLMetadataContext mdContext
private boolean verified
private boolean skipValidationSinceSigned
public PopulateBindingAndEndpointContexts()
public void setEndpointType(@Nullable QName type)
<AssertionConsumerService>.type - type of endpoint to resolvepublic void setEndpointResolver(@Nonnull EndpointResolver<?> resolver)
EndpointResolver to use.resolver - endpoint resolver to usepublic void setBindings(@Nonnull@NonnullElements List<BindingDescriptor> bindings)
bindings - bindings to considerpublic void setRelyingPartyContextLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> strategy)
RelyingPartyContext.strategy - lookup strategypublic void setMetadataContextLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,SAMLMetadataContext> strategy)
SAMLMetadataContext for input to resolution.strategy - lookup strategypublic void setBindingContextLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,SAMLBindingContext> strategy)
SAMLBindingContext to populate.strategy - lookup strategypublic void setEndpointContextLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,SAMLEndpointContext> strategy)
SAMLEndpointContext to populate.strategy - lookup strategypublic void setArtifactContextLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,SAMLArtifactContext> strategy)
SAMLArtifactContext to populate.strategy - lookup strategypublic void setArtifactImpliesSecureChannel(boolean flag)
This has the effect of suppressing signing and encryption when an artifact binding is used, which is normally desirable.
Defaults to true.
flag - flag to setprotected void doInitialize()
throws ComponentInitializationException
doInitialize in class AbstractInitializableComponentComponentInitializationExceptionprotected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
doPreExecute in class AbstractConditionalProfileActionprotected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
doExecute in class AbstractProfileActionprivate boolean handleSynchronousRequest(@Nonnull ProfileRequestContext profileRequestContext)
profileRequestContext - profile request context@Nonnull private EndpointCriterion buildEndpointCriterion(@Nonnull@NotEmpty String unverifiedBinding)
unverifiedBinding - default binding to use for an unverified requester with no Binding specifiedCopyright © 1999–2018 Shibboleth Consortium. All rights reserved.