|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectedu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
public class SSOProfileHandler
SAML 2.0 SSO request profile handler.
Nested Class Summary | |
---|---|
protected class |
SSOProfileHandler.SSORequestContext
Represents the internal state of a SAML 2.0 SSO Request while it's being processed by the IdP. |
Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler |
---|
AbstractSAML2ProfileHandler.SAML2AuditLogEntry |
Field Summary |
---|
Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler |
---|
SAML_VERSION |
Constructor Summary | |
---|---|
SSOProfileHandler(String authnManagerPath)
Constructor. |
Method Summary | |
---|---|
protected org.opensaml.saml2.core.AuthnContext |
buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
Creates an AuthnContext for a successful authentication request. |
protected org.opensaml.saml2.core.AuthnStatement |
buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
Creates an authentication statement for the current request. |
protected SSOProfileHandler.SSORequestContext |
buildRequestContext(Saml2LoginContext loginContext,
org.opensaml.ws.transport.http.HTTPInTransport in,
org.opensaml.ws.transport.http.HTTPOutTransport out)
Creates an authentication request context from the current environmental information. |
protected org.opensaml.saml2.core.SubjectLocality |
buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)
Constructs the subject locality for the authentication statement. |
protected void |
completeAuthenticationRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
Creates a response to the AuthnRequest and sends the user, with response in tow, back to the relying
party after they've been authenticated. |
protected void |
decodeRequest(SSOProfileHandler.SSORequestContext requestContext,
org.opensaml.ws.transport.http.HTTPInTransport inTransport,
org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
Decodes an incoming request and stores the information in a created request context. |
protected org.opensaml.saml2.core.AuthnRequest |
deserializeRequest(String request)
Deserailizes an authentication request from a string. |
String |
getProfileId()
|
protected void |
performAuthentication(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
Creates a Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of
authenticating the user. |
protected void |
populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the asserting party. |
protected void |
populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the relying party. |
protected void |
populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information from the inbound SAML message. |
void |
processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
|
protected org.opensaml.saml2.metadata.Endpoint |
selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Selects the appropriate endpoint for the relying party and stores it in the request context. |
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler |
---|
buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, postProcessAssertion, postProcessResponse, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry |
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler |
---|
encodeResponse, getAduitLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataProvider, getNameFormats, getOutboundMessageEncoder, getRelyingPartyConfiguration, getSecurityPolicyResolver, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings |
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler |
---|
getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager |
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler |
---|
getRequestPaths, setRequestPaths |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SSOProfileHandler(String authnManagerPath)
authnManagerPath
- path to the authentication manager ServletMethod Detail |
---|
public String getProfileId()
getProfileId
in class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
public void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
edu.internet2.middleware.shibboleth.common.profile.ProfileException
protected void performAuthentication(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Saml2LoginContext
an sends the request off to the AuthenticationManager to begin the process of
authenticating the user.
inTransport
- inbound request transportoutTransport
- outbound response transport
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem creating the login context and transferring control to the
authentication managerprotected void completeAuthenticationRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
AuthnRequest
and sends the user, with response in tow, back to the relying
party after they've been authenticated.
inTransport
- inbound message transportoutTransport
- outbound message transport
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if the response can not be created and sent back to the relying partyprotected void decodeRequest(SSOProfileHandler.SSORequestContext requestContext, org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
inTransport
- inbound transportoutTransport
- outbound transportrequestContext
- request context to which decoded information should be added
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if the incoming message failed decodingprotected SSOProfileHandler.SSORequestContext buildRequestContext(Saml2LoginContext loginContext, org.opensaml.ws.transport.http.HTTPInTransport in, org.opensaml.ws.transport.http.HTTPOutTransport out) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
loginContext
- current login contextin
- inbound transportout
- outbount transport
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem creating the contextprotected void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRelyingPartyInformation
in class AbstractSAMLProfileHandler
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem looking up the relying party's metadataprotected void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext)
has already invoked
AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext)
has already been invoked and the
properties it provides are available in the request context.
This method requires the the following request context properties to be populated: metadata provider, relying
party configuration
This methods populates the following request context properties: local entity ID, outbound message issuer, local
entity metadata
populateAssertingPartyInformation
in class AbstractSAMLProfileHandler
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem looking up the asserting party's metadataprotected void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateSAMLMessageInformation
in class AbstractSAMLProfileHandler
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if the inbound SAML message or subject identifier is nullprotected org.opensaml.saml2.core.AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
requestContext
- current request context
protected org.opensaml.saml2.core.AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
AuthnContext
for a successful authentication request.
requestContext
- current request
protected org.opensaml.saml2.core.SubjectLocality buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)
requestContext
- curent request context
protected org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
selectEndpoint
in class AbstractSAMLProfileHandler
requestContext
- current request context
protected org.opensaml.saml2.core.AuthnRequest deserializeRequest(String request) throws org.opensaml.xml.io.UnmarshallingException
request
- request to deserialize
org.opensaml.xml.io.UnmarshallingException
- thrown if the request can no be deserialized and unmarshalled
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |