|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectedu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler
public abstract class AbstractSAML1ProfileHandler
Common implementation details for profile handlers.
Nested Class Summary | |
---|---|
protected class |
AbstractSAML1ProfileHandler.SAML1AuditLogEntry
SAML 1 specific audit log entry. |
Field Summary | |
---|---|
static org.opensaml.common.SAMLVersion |
SAML_VERSION
SAML Version for this profile handler. |
Constructor Summary | |
---|---|
AbstractSAML1ProfileHandler()
Default constructor. |
Method Summary | |
---|---|
protected org.opensaml.saml1.core.Assertion |
buildAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
DateTime issueInstant)
Builds a basic assertion with its id, issue instant, SAML version, issuer, subject, and conditions populated. |
protected org.opensaml.saml1.core.AttributeStatement |
buildAttributeStatement(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
String subjectConfMethod)
Executes a query for attributes and builds a SAML attribute statement from the results. |
protected org.opensaml.saml1.core.Conditions |
buildConditions(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
DateTime issueInstant)
Builds a SAML assertion condition set. |
protected org.opensaml.saml1.core.Response |
buildErrorResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
Constructs an SAML response message carrying a request error. |
protected org.opensaml.saml1.core.NameIdentifier |
buildNameId(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
Builds a NameIdentifier appropriate for this request. |
protected org.opensaml.saml1.core.Response |
buildResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
List<org.opensaml.saml1.core.Statement> statements)
Builds a response to the attribute query within the request context. |
protected org.opensaml.saml1.core.Status |
buildStatus(QName topLevelCode,
QName secondLevelCode,
String failureMessage)
Build a status message, with an optional second-level failure message. |
protected org.opensaml.saml1.core.Subject |
buildSubject(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
String confirmationMethod)
Builds the SAML subject for the user for the service provider. |
protected void |
checkSamlVersion(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
Checks that the SAML major version for a request is 1. |
protected boolean |
isSignAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
Determine whether issued assertions should be signed. |
protected void |
populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information. |
protected void |
populateStatusResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
org.opensaml.saml1.core.ResponseAbstractType response)
Populates the response's id, in response to, issue instant, version, and issuer properties. |
protected void |
populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with the information about the user. |
protected void |
resolveAttributes(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
Resolved the attributes for the principal. |
protected void |
resolvePrincipal(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
Resolves the principal name of the subject of the request. |
protected void |
signAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
org.opensaml.saml1.core.Assertion assertion)
Signs the given assertion if either the current profile configuration or the relying party configuration contains signing credentials. |
protected void |
writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
Writes an audit log entry indicating the successful response to the attribute request. |
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler |
---|
getBuilderFactory, getParserPool, getProfileConfiguration, getProfileId, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager |
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler |
---|
getRequestPaths, setRequestPaths |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface edu.internet2.middleware.shibboleth.common.profile.ProfileHandler |
---|
processRequest |
Field Detail |
---|
public static final org.opensaml.common.SAMLVersion SAML_VERSION
Constructor Detail |
---|
public AbstractSAML1ProfileHandler()
Method Detail |
---|
protected void populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext
in class AbstractSAMLProfileHandler
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem looking up the relying party's metadataprotected void populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
populateUserInformation
in class AbstractSAMLProfileHandler
requestContext
- current request contextprotected void checkSamlVersion(BaseSAML1ProfileRequestContext<?,?,?> requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context containing the SAML message
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if the major version of the SAML request is not 1protected org.opensaml.saml1.core.Response buildResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext, List<org.opensaml.saml1.core.Statement> statements) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request contextstatements
- the statements to include in the response
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem creating the SAML responseprotected org.opensaml.saml1.core.Assertion buildAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext, DateTime issueInstant)
requestContext
- current request contextissueInstant
- time to use as assertion issue instant
protected org.opensaml.saml1.core.Conditions buildConditions(BaseSAML1ProfileRequestContext<?,?,?> requestContext, DateTime issueInstant)
requestContext
- current request contextissueInstant
- timestamp the assertion was created
protected org.opensaml.saml1.core.Subject buildSubject(BaseSAML1ProfileRequestContext<?,?,?> requestContext, String confirmationMethod) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request contextconfirmationMethod
- subject confirmation method used for the subject
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if a NameID can not be created either because there was a problem encoding the
name ID attribute or because there are no supported name formatsprotected org.opensaml.saml1.core.NameIdentifier buildNameId(BaseSAML1ProfileRequestContext<?,?,?> requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if a NameIdentifier can not be created either because there was a problem
encoding the name ID attribute or because there are no supported name formatsprotected org.opensaml.saml1.core.Response buildErrorResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
requestContext
- current request context containing the failure status
protected void populateStatusResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext, org.opensaml.saml1.core.ResponseAbstractType response)
requestContext
- current request contextresponse
- the response to populateprotected org.opensaml.saml1.core.Status buildStatus(QName topLevelCode, QName secondLevelCode, String failureMessage)
topLevelCode
- top-level status codesecondLevelCode
- second-level status codefailureMessage
- An optional second-level failure message
protected void resolveAttributes(BaseSAML1ProfileRequestContext<?,?,?> requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
protected org.opensaml.saml1.core.AttributeStatement buildAttributeStatement(BaseSAML1ProfileRequestContext<?,?,?> requestContext, String subjectConfMethod) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request contextsubjectConfMethod
- subject confirmation method
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem making the queryprotected void resolvePrincipal(BaseSAML1ProfileRequestContext<?,?,?> requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if the principal name can not be resolvedprotected void signAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext, org.opensaml.saml1.core.Assertion assertion) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request contextassertion
- assertion to sign
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if the metadata can not be located for the relying party or, if signing is
required, if a signing credential is not configuredprotected boolean isSignAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- the current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- if there is a problem determining whether assertions should be signedprotected void writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
writeAuditLogEntry
in class AbstractSAMLProfileHandler
context
- current request context
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |