AddAuthnStatementToAssertion (Shibboleth IdP :: SAML Profile Implementation 3.4.0 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>
      - net.shibboleth.idp.authn.AbstractAuthenticationAction
        
        net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
        
        net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
public class AddAuthnStatementToAssertion
extends BaseAddAuthenticationStatementToAssertion
```
Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
If no Response exists, then an Assertion directly in the outbound message context will be used or created

A constructed Assertion will have its ID, IssueInstant, Issuer, and Version properties set. The issuer is based on RelyingPartyConfiguration.getResponderId().

The AuthnStatement will have its authentication instant set, based on AuthenticationResult.getAuthenticationInstant() via AuthenticationContext.getAuthenticationResult(). The AuthnContext will be set via RequestedPrincipalContext.getMatchingPrincipal(), or via an injected or defaulted function that obtains a custom principal from the profile context.

The SessionIndex and optionally SessionNotOnOrAfter attributes will also be set.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.INVALID_AUTHN_CTX

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

private class AddAuthnStatementToAssertion.AssertionStrategy
Default strategy for obtaining assertion to modify.

Nested Classes
Modifier and Type	Class and Description
`private class`	`AddAuthnStatementToAssertion.AssertionStrategy` Default strategy for obtaining assertion to modify.

Field Summary

Fields
Modifier and Type	Field and Description
`private com.google.common.base.Function<ProfileRequestContext,Assertion>`	`assertionLookupStrategy` Strategy used to locate the `Assertion` to operate on.
`private com.google.common.base.Function<ProfileRequestContext,AuthnContextClassRefPrincipal>`	`classRefLookupStrategy` Strategy used to determine the AuthnContextClassRef.
`private org.slf4j.Logger`	`log` Class logger.
`private com.google.common.base.Function<ProfileRequestContext,Long>`	`sessionLifetimeLookupStrategy` Strategy used to determine SessionNotOnOrAfter value to set.

Constructor Summary

Constructors
Constructor and Description

AddAuthnStatementToAssertion()
Constructor.

Constructors
Constructor and Description
`AddAuthnStatementToAssertion()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`private AuthnStatement`	`buildAuthnStatement(ProfileRequestContext profileRequestContext, RequestedPrincipalContext requestedPrincipalContext)` Build the `AuthnStatement` to be added to the `Response`.
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)`
`protected void`	`doInitialize()`
`void`	`setAssertionLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)` Set the strategy used to locate the `Assertion` to operate on.
`void`	`setClassRefLookupStrategy(com.google.common.base.Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)` Set the strategy function to use to obtain the authentication context class reference to use.
`void`	`setSessionLifetimeLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Long> strategy)` Set the strategy used to locate the SessionNotOnOrAfter value to use.

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion
doPreExecute, getAuthenticationResult, getIdGenerator, getIssuerId, isStatementInOwnAssertion, setIdentifierGeneratorLookupStrategy, setIssuerLookupStrategy, setStatementInOwnAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

assertionLookupStrategy

@NonnullAfterInit
private com.google.common.base.Function<ProfileRequestContext,Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

classRefLookupStrategy

@NonnullAfterInit
private com.google.common.base.Function<ProfileRequestContext,AuthnContextClassRefPrincipal> classRefLookupStrategy

Strategy used to determine the AuthnContextClassRef.

sessionLifetimeLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Long> sessionLifetimeLookupStrategy

Strategy used to determine SessionNotOnOrAfter value to set.

Constructor Detail
- AddAuthnStatementToAssertion
```
public AddAuthnStatementToAssertion()
```
  Constructor.

Method Detail

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
                              com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:: strategy - strategy used to locate the Assertion to operate on

setClassRefLookupStrategy

public void setClassRefLookupStrategy(@Nonnull
                             com.google.common.base.Function<ProfileRequestContext,AuthnContextClassRefPrincipal> strategy)

Set the strategy function to use to obtain the authentication context class reference to use.

Parameters:: strategy - authentication context class reference lookup strategy

setSessionLifetimeLookupStrategy

public void setSessionLifetimeLookupStrategy(@Nullable
                                    com.google.common.base.Function<ProfileRequestContext,Long> strategy)

Set the strategy used to locate the SessionNotOnOrAfter value to use.

Parameters:: strategy - lookup strategy

doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:: doExecute in class AbstractAuthenticationAction

buildAuthnStatement

@Nonnull
private AuthnStatement buildAuthnStatement(@Nonnull
                                         ProfileRequestContext profileRequestContext,
                                         @Nullable
                                         RequestedPrincipalContext requestedPrincipalContext)

Build the AuthnStatement to be added to the Response.

Parameters:: profileRequestContext - current request context; requestedPrincipalContext - context specifying request requirements for authn context
Returns:: the authentication statement

Class AddAuthnStatementToAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent