edu.internet2.middleware.shibboleth.idp.profile
Class AbstractSAMLProfileHandler

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
      extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
          extended by edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
All Implemented Interfaces:
edu.internet2.middleware.shibboleth.common.profile.ProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
Direct Known Subclasses:
AbstractSAML1ProfileHandler, AbstractSAML2ProfileHandler

public abstract class AbstractSAMLProfileHandler
extends edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>

Base class for SAML profile handlers.


Constructor Summary
protected AbstractSAMLProfileHandler()
          Constructor.
 
Method Summary
protected  void encodeResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Encodes the request's SAML response and writes it to the servlet response.
protected  org.slf4j.Logger getAduitLog()
          Gets the audit log for this handler.
protected  List<String> getEntitySupportedFormats(org.opensaml.saml2.metadata.RoleDescriptor role)
          Gets the list of name identifier formats supported for a given role.
 org.opensaml.common.IdentifierGenerator getIdGenerator()
          Gets an ID generator which may be used for SAML assertions, requests, etc.
 String getInboundBinding()
          Gets the SAML message binding used by inbound messages.
 Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> getMessageDecoders()
          Gets all the SAML message decoders configured for the IdP indexed by SAML binding URI.
 Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> getMessageEncoders()
          Gets all the SAML message encoders configured for the IdP indexed by SAML binding URI.
 org.opensaml.saml2.metadata.provider.MetadataProvider getMetadataProvider()
          A convenience method for retrieving the SAML metadata provider from the relying party manager.
protected  List<String> getNameFormats(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Gets the name identifier formats to use when creating identifiers for the relying party.
 edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration getRelyingPartyConfiguration(String relyingPartyId)
          
 org.opensaml.ws.security.SecurityPolicyResolver getSecurityPolicyResolver()
          Gets the resolver used to determine active security policy for an incoming request.
 List<String> getSupportedOutboundBindings()
          Gets the SAML message bindings that may be used by outbound messages.
protected  Session getUserSession(org.opensaml.ws.transport.InTransport inTransport)
          Gets the user's session, if there is one.
protected  Session getUserSession(String principalName)
          Gets the user's session based on their principal name.
protected  void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information about the asserting party.
protected  void populateProfileInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with the information about the profile.
protected  void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information about the relying party.
protected  void populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information.
protected abstract  void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information from the inbound SAML message.
protected abstract  void populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with the information about the user if they have an existing session.
protected abstract  org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Selects the appropriate endpoint for the relying party and stores it in the request context.
 void setIdGenerator(org.opensaml.common.IdentifierGenerator generator)
          Gets an ID generator which may be used for SAML assertions, requests, etc.
 void setInboundBinding(String binding)
          Sets the SAML message binding used by inbound messages.
 void setMessageDecoders(Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> decoders)
          Sets all the SAML message decoders configured for the IdP indexed by SAML binding URI.
 void setMessageEncoders(Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> encoders)
          Sets all the SAML message encoders configured for the IdP indexed by SAML binding URI.
 void setSecurityPolicyResolver(org.opensaml.ws.security.SecurityPolicyResolver resolver)
          Sets the resolver used to determine active security policy for an incoming request.
 void setSupportedOutboundBindings(List<String> bindings)
          Sets the SAML message bindings that may be used by outbound messages.
protected  void writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
          Writes an audit log entry indicating the successful response to the attribute request.
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler
getBuilderFactory, getParserPool, getProfileConfiguration, getProfileId, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler
getRequestPaths, setRequestPaths
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface edu.internet2.middleware.shibboleth.common.profile.ProfileHandler
processRequest
 

Constructor Detail

AbstractSAMLProfileHandler

protected AbstractSAMLProfileHandler()
Constructor.

Method Detail

getSecurityPolicyResolver

public org.opensaml.ws.security.SecurityPolicyResolver getSecurityPolicyResolver()
Gets the resolver used to determine active security policy for an incoming request.

Returns:
resolver used to determine active security policy for an incoming request

setSecurityPolicyResolver

public void setSecurityPolicyResolver(org.opensaml.ws.security.SecurityPolicyResolver resolver)
Sets the resolver used to determine active security policy for an incoming request.

Parameters:
resolver - resolver used to determine active security policy for an incoming request

getAduitLog

protected org.slf4j.Logger getAduitLog()
Gets the audit log for this handler.

Returns:
audit log for this handler

getIdGenerator

public org.opensaml.common.IdentifierGenerator getIdGenerator()
Gets an ID generator which may be used for SAML assertions, requests, etc.

Returns:
ID generator

getInboundBinding

public String getInboundBinding()
Gets the SAML message binding used by inbound messages.

Returns:
SAML message binding used by inbound messages

getMessageDecoders

public Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> getMessageDecoders()
Gets all the SAML message decoders configured for the IdP indexed by SAML binding URI.

Returns:
SAML message decoders configured for the IdP indexed by SAML binding URI

getMessageEncoders

public Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> getMessageEncoders()
Gets all the SAML message encoders configured for the IdP indexed by SAML binding URI.

Returns:
SAML message encoders configured for the IdP indexed by SAML binding URI

getMetadataProvider

public org.opensaml.saml2.metadata.provider.MetadataProvider getMetadataProvider()
A convenience method for retrieving the SAML metadata provider from the relying party manager.

Returns:
the metadata provider or null

getSupportedOutboundBindings

public List<String> getSupportedOutboundBindings()
Gets the SAML message bindings that may be used by outbound messages.

Returns:
SAML message bindings that may be used by outbound messages

getUserSession

protected Session getUserSession(org.opensaml.ws.transport.InTransport inTransport)
Gets the user's session, if there is one.

Parameters:
inTransport - current inbound transport
Returns:
user's session

getUserSession

protected Session getUserSession(String principalName)
Gets the user's session based on their principal name.

Parameters:
principalName - user's principal name
Returns:
the user's session

setIdGenerator

public void setIdGenerator(org.opensaml.common.IdentifierGenerator generator)
Gets an ID generator which may be used for SAML assertions, requests, etc.

Parameters:
generator - an ID generator which may be used for SAML assertions, requests, etc

setInboundBinding

public void setInboundBinding(String binding)
Sets the SAML message binding used by inbound messages.

Parameters:
binding - SAML message binding used by inbound messages

setMessageDecoders

public void setMessageDecoders(Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> decoders)
Sets all the SAML message decoders configured for the IdP indexed by SAML binding URI.

Parameters:
decoders - SAML message decoders configured for the IdP indexed by SAML binding URI

setMessageEncoders

public void setMessageEncoders(Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> encoders)
Sets all the SAML message encoders configured for the IdP indexed by SAML binding URI.

Parameters:
encoders - SAML message encoders configured for the IdP indexed by SAML binding URI

setSupportedOutboundBindings

public void setSupportedOutboundBindings(List<String> bindings)
Sets the SAML message bindings that may be used by outbound messages.

Parameters:
bindings - SAML message bindings that may be used by outbound messages

getRelyingPartyConfiguration

public edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration getRelyingPartyConfiguration(String relyingPartyId)

Overrides:
getRelyingPartyConfiguration in class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>

populateRequestContext

protected void populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                               throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information. This method requires the the following request context properties to be populated: inbound message transport, peer entity ID, metadata provider This methods populates the following request context properties: user's session, user's principal name, service authentication method, peer entity metadata, relying party configuration, local entity ID, outbound message issuer, local entity metadata

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the relying party's metadata

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                        throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: peer entity ID This methods populates the following request context properties: peer entity metadata, relying party configuration

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                          throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information about the asserting party. Unless overridden, populateRequestContext(BaseSAMLProfileRequestContext) has already invoked populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected abstract void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                                throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information from the inbound SAML message. Unless overridden, populateRequestContext(BaseSAMLProfileRequestContext) has already invoked populateRelyingPartyInformation(BaseSAMLProfileRequestContext),and populateAssertingPartyInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context.

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the request context with information

populateProfileInformation

protected void populateProfileInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                   throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with the information about the profile. Unless overridden, populateRequestContext(BaseSAMLProfileRequestContext) has already invoked populateRelyingPartyInformation(BaseSAMLProfileRequestContext), populateAssertingPartyInformation(BaseSAMLProfileRequestContext), and populateSAMLMessageInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context. This method requires the the following request context properties to be populated: relying party configuration This methods populates the following request context properties: communication profile ID, profile configuration, outbound message artifact type, peer entity endpoint

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the profile information

getNameFormats

protected List<String> getNameFormats(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                               throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Gets the name identifier formats to use when creating identifiers for the relying party.

Parameters:
requestContext - current request context
Returns:
list of formats that may be used with the relying party, or an empty list for no preference
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem determining the name identifier format to use

getEntitySupportedFormats

protected List<String> getEntitySupportedFormats(org.opensaml.saml2.metadata.RoleDescriptor role)
Gets the list of name identifier formats supported for a given role.

Parameters:
role - the role to get the list of supported name identifier formats
Returns:
list of supported name identifier formats

populateUserInformation

protected abstract void populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                         throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with the information about the user if they have an existing session. Unless overridden, populateRequestContext(BaseSAMLProfileRequestContext) has already invoked populateRelyingPartyInformation(BaseSAMLProfileRequestContext), populateAssertingPartyInformation(BaseSAMLProfileRequestContext), populateProfileInformation(BaseSAMLProfileRequestContext), and populateSAMLMessageInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context. This method should populate: user's session, user's principal name, and service authentication method

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the user's information

selectEndpoint

protected abstract org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                                                throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Selects the appropriate endpoint for the relying party and stores it in the request context.

Parameters:
requestContext - current request context
Returns:
Endpoint selected from the information provided in the request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem selecting a response endpoint

encodeResponse

protected void encodeResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                       throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Encodes the request's SAML response and writes it to the servlet response.

Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if no message encoder is registered for this profiles binding

writeAuditLogEntry

protected void writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
Writes an audit log entry indicating the successful response to the attribute request.

Parameters:
context - current request context


Copyright © 2006-2008 Internet2. All Rights Reserved.