AddAuthnStatementToAssertionFromInboundAssertionToken (Shibboleth IdP

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.saml.saml2.profile.delegation.impl.AddAuthnStatementToAssertionFromInboundAssertionToken

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
@Prototype
public class AddAuthnStatementToAssertionFromInboundAssertionToken
extends AbstractProfileAction
```
Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
This action is designed specifically to be used with SAML 2 delegation. The AuthnStatement will be cloned directly from the inbound Assertion token obtained from via the setAssertionTokenStrategy(Function).

If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId().

Event:

EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, EventIds.MESSAGE_PROC_ERROR

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`private class`	`AddAuthnStatementToAssertionFromInboundAssertionToken.AssertionStrategy` Default strategy for obtaining assertion to modify.

Field Summary

Fields
Modifier and Type	Field and Description
`private com.google.common.base.Function<ProfileRequestContext,Assertion>`	`assertionLookupStrategy` Strategy used to locate the `Assertion` to operate on.
`private com.google.common.base.Function<ProfileRequestContext,Assertion>`	`assertionTokenStrategy` Function used to resolve the inbound assertion token to process.
`private IdentifierGenerationStrategy`	`idGenerator` The generator to use.
`private com.google.common.base.Function<ProfileRequestContext,IdentifierGenerationStrategy>`	`idGeneratorLookupStrategy` Strategy used to locate the `IdentifierGenerationStrategy` to use.
`private String`	`issuerId` EntityID to populate as assertion issuer.
`private com.google.common.base.Function<ProfileRequestContext,String>`	`issuerLookupStrategy` Strategy used to obtain the assertion issuer value.
`private org.slf4j.Logger`	`log` Class logger.
`private AuthnStatement`	`sourceStatement` The authentication statement which is to be cloned into the new Assertion.
`private boolean`	`statementInOwnAssertion` Whether the generated authentication statement should be placed in its own assertion or added to one if it exists.

Constructor Summary

Constructors
Constructor and Description

AddAuthnStatementToAssertionFromInboundAssertionToken()
Constructor.

Constructors
Constructor and Description
`AddAuthnStatementToAssertionFromInboundAssertionToken()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doExecute(ProfileRequestContext profileRequestContext)`
`protected void`	`doInitialize()`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext)`
`IdentifierGenerationStrategy`	`getIdGenerator()` Get the `IdentifierGenerationStrategy` to use if an assertion must be created.
`String`	`getIssuerId()` Get the issuer name to use if an assertion must be created.
`protected AuthnStatement`	`getNewAuthnStatement()` Obtain the new `AuthnStatement` to add by cloning the inbound token's statement which was previously stored.
`boolean`	`isStatementInOwnAssertion()` Set whether the generated statement should be placed in its own assertion or added to one if it exists.
`void`	`setAssertionLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)` Set the strategy used to locate the `Assertion` to operate on.
`void`	`setAssertionTokenStrategy(com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)` Set the strategy used to locate the inbound assertion token to process.
`void`	`setIdentifierGeneratorLookupStrategy(com.google.common.base.Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)` Set the strategy used to locate the `IdentifierGenerationStrategy` to use.
`void`	`setIssuerLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy)` Set the strategy used to locate the issuer value to use.
`void`	`setStatementInOwnAssertion(boolean inOwnAssertion)` Set whether the generated authentication statement should be placed in its own assertion or added to one if it exists.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

- Field Detail
  - log
```
@Nonnull
private final org.slf4j.Logger log
```
    Class logger.
  - statementInOwnAssertion
```
private boolean statementInOwnAssertion
```
    Whether the generated authentication statement should be placed in its own assertion or added to one if it exists.
  - idGeneratorLookupStrategy
```
@Nonnull
private com.google.common.base.Function<ProfileRequestContext,IdentifierGenerationStrategy> idGeneratorLookupStrategy
```
    Strategy used to locate the IdentifierGenerationStrategy to use.
  - issuerLookupStrategy
```
@Nonnull
private com.google.common.base.Function<ProfileRequestContext,String> issuerLookupStrategy
```
    Strategy used to obtain the assertion issuer value.
  - idGenerator
```
@Nullable
private IdentifierGenerationStrategy idGenerator
```
    The generator to use.
  - issuerId
```
@Nullable
private String issuerId
```
    EntityID to populate as assertion issuer.
  - assertionLookupStrategy
```
@NonnullAfterInit
private com.google.common.base.Function<ProfileRequestContext,Assertion> assertionLookupStrategy
```
    Strategy used to locate the Assertion to operate on.
  - assertionTokenStrategy
```
@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Assertion> assertionTokenStrategy
```
    Function used to resolve the inbound assertion token to process.
  - sourceStatement
```
@Nullable
private AuthnStatement sourceStatement
```
    The authentication statement which is to be cloned into the new Assertion.
- Constructor Detail
  - AddAuthnStatementToAssertionFromInboundAssertionToken
```
public AddAuthnStatementToAssertionFromInboundAssertionToken()
```
    Constructor.
- Method Detail
  - isStatementInOwnAssertion
```
public boolean isStatementInOwnAssertion()
```
    Set whether the generated statement should be placed in its own assertion or added to one if it exists.
    
    Returns:
    whether the generated statement should be placed in its own assertion or added to one if it exists
  - setStatementInOwnAssertion
```
public void setStatementInOwnAssertion(boolean inOwnAssertion)
```
    Set whether the generated authentication statement should be placed in its own assertion or added to one if it exists.
    
    Parameters:
    inOwnAssertion - whether the generated authentication statement should be placed in its own assertion or added to one if it exists
  - setAssertionTokenStrategy
```
public void setAssertionTokenStrategy(@Nonnull
                             com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)
```
    Set the strategy used to locate the inbound assertion token to process.
    
    Parameters:
    strategy - lookup strategy
  - setIdentifierGeneratorLookupStrategy
```
public void setIdentifierGeneratorLookupStrategy(@Nonnull
                                        com.google.common.base.Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)
```
    Set the strategy used to locate the IdentifierGenerationStrategy to use.
    
    Parameters:
    strategy - lookup strategy
  - setIssuerLookupStrategy
```
public void setIssuerLookupStrategy(@Nonnull
                           com.google.common.base.Function<ProfileRequestContext,String> strategy)
```
    Set the strategy used to locate the issuer value to use.
    
    Parameters:
    strategy - lookup strategy
  - getIdGenerator
```
@Nonnull
public IdentifierGenerationStrategy getIdGenerator()
```
    Get the IdentifierGenerationStrategy to use if an assertion must be created.
    
    Returns:
    the ID generation strategy
  - getIssuerId
```
@Nonnull
public String getIssuerId()
```
    Get the issuer name to use if an assertion must be created.
    
    Returns:
    the issuer name
  - setAssertionLookupStrategy
```
public void setAssertionLookupStrategy(@Nonnull
                              com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)
```
    Set the strategy used to locate the Assertion to operate on.
    
    Parameters:
    strategy - strategy used to locate the Assertion to operate on
  - doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
    Overrides:
    
    doInitialize in class AbstractInitializableComponent
    
    Throws:
    
    ComponentInitializationException
  - doPreExecute
```
protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext)
```
    Overrides:
    
    doPreExecute in class AbstractConditionalProfileAction
  - doExecute
```
protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext)
```
    Overrides:
    
    doExecute in class AbstractProfileAction
  - getNewAuthnStatement
```
@Nullable
protected AuthnStatement getNewAuthnStatement()
```
    Obtain the new AuthnStatement to add by cloning the inbound token's statement which was previously stored.
    
    Returns:
    the cloned AuthnStatement, or null if an error is encountered

Class AddAuthnStatementToAssertionFromInboundAssertionToken

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Detail

log

statementInOwnAssertion

idGeneratorLookupStrategy

issuerLookupStrategy

idGenerator

issuerId

assertionLookupStrategy

assertionTokenStrategy

sourceStatement

Constructor Detail

AddAuthnStatementToAssertionFromInboundAssertionToken

Method Detail

isStatementInOwnAssertion

setStatementInOwnAssertion

setAssertionTokenStrategy

setIdentifierGeneratorLookupStrategy

setIssuerLookupStrategy

getIdGenerator

getIssuerId

setAssertionLookupStrategy

doInitialize

doPreExecute

doExecute

getNewAuthnStatement