edu.internet2.middleware.shibboleth.idp.profile.saml2
Class SSOProfileHandler

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
      extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
          extended by edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
              extended by edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
                  extended by edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
All Implemented Interfaces:
edu.internet2.middleware.shibboleth.common.profile.ProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>

public class SSOProfileHandler
extends AbstractSAML2ProfileHandler

SAML 2.0 SSO request profile handler.


Nested Class Summary
protected  class SSOProfileHandler.SSORequestContext
          Represents the internal state of a SAML 2.0 SSO Request while it's being processed by the IdP.
 
Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
AbstractSAML2ProfileHandler.SAML2AuditLogEntry
 
Field Summary
 
Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
SAML_VERSION
 
Constructor Summary
SSOProfileHandler(String authnManagerPath)
          Constructor.
 
Method Summary
protected  org.opensaml.saml2.core.AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
          Creates an AuthnContext for a successful authentication request.
protected  org.opensaml.saml2.core.AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
          Creates an authentication statement for the current request.
protected  SSOProfileHandler.SSORequestContext buildRequestContext(Saml2LoginContext loginContext, org.opensaml.ws.transport.http.HTTPInTransport in, org.opensaml.ws.transport.http.HTTPOutTransport out)
          Creates an authentication request context from the current environmental information.
protected  org.opensaml.saml2.core.SubjectLocality buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)
          Constructs the subject locality for the authentication statement.
protected  void completeAuthenticationRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Creates a response to the AuthnRequest and sends the user, with response in tow, back to the relying party after they've been authenticated.
protected  void decodeRequest(SSOProfileHandler.SSORequestContext requestContext, org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Decodes an incoming request and stores the information in a created request context.
protected  org.opensaml.saml2.core.AuthnRequest deserializeRequest(String request)
          Deserailizes an authentication request from a string.
 String getProfileId()
          
protected  void performAuthentication(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Creates a Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.
protected  void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information about the asserting party.
protected  void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information about the relying party.
protected  void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information from the inbound SAML message.
 void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          
protected  org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Selects the appropriate endpoint for the relying party and stores it in the request context.
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, postProcessAssertion, postProcessResponse, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
encodeResponse, getAduitLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataProvider, getNameFormats, getOutboundMessageEncoder, getRelyingPartyConfiguration, getSecurityPolicyResolver, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler
getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler
getRequestPaths, setRequestPaths
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSOProfileHandler

public SSOProfileHandler(String authnManagerPath)
Constructor.

Parameters:
authnManagerPath - path to the authentication manager Servlet
Method Detail

getProfileId

public String getProfileId()

Specified by:
getProfileId in class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>

processRequest

public void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                           org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                    throws edu.internet2.middleware.shibboleth.common.profile.ProfileException

Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException

performAuthentication

protected void performAuthentication(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                                     org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                              throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates a Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.

Parameters:
inTransport - inbound request transport
outTransport - outbound response transport
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem creating the login context and transferring control to the authentication manager

completeAuthenticationRequest

protected void completeAuthenticationRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                                             org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                                      throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates a response to the AuthnRequest and sends the user, with response in tow, back to the relying party after they've been authenticated.

Parameters:
inTransport - inbound message transport
outTransport - outbound message transport
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the response can not be created and sent back to the relying party

decodeRequest

protected void decodeRequest(SSOProfileHandler.SSORequestContext requestContext,
                             org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                             org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                      throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Decodes an incoming request and stores the information in a created request context.

Parameters:
inTransport - inbound transport
outTransport - outbound transport
requestContext - request context to which decoded information should be added
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the incoming message failed decoding

buildRequestContext

protected SSOProfileHandler.SSORequestContext buildRequestContext(Saml2LoginContext loginContext,
                                                                  org.opensaml.ws.transport.http.HTTPInTransport in,
                                                                  org.opensaml.ws.transport.http.HTTPOutTransport out)
                                                           throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates an authentication request context from the current environmental information.

Parameters:
loginContext - current login context
in - inbound transport
out - outbount transport
Returns:
created authentication request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem creating the context

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                        throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: peer entity ID This methods populates the following request context properties: peer entity metadata, relying party configuration

Overrides:
populateRelyingPartyInformation in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                          throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

Overrides:
populateAssertingPartyInformation in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                       throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information from the inbound SAML message. This method requires the the following request context properties to be populated: login context This methods populates the following request context properties: inbound saml message, relay state, inbound saml message ID, subject name identifier

Specified by:
populateSAMLMessageInformation in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the inbound SAML message or subject identifier is null

buildAuthnStatement

protected org.opensaml.saml2.core.AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
Creates an authentication statement for the current request.

Parameters:
requestContext - current request context
Returns:
constructed authentication statement

buildAuthnContext

protected org.opensaml.saml2.core.AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
Creates an AuthnContext for a successful authentication request.

Parameters:
requestContext - current request
Returns:
the built authn context

buildSubjectLocality

protected org.opensaml.saml2.core.SubjectLocality buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)
Constructs the subject locality for the authentication statement.

Parameters:
requestContext - curent request context
Returns:
subject locality for the authentication statement

selectEndpoint

protected org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Selects the appropriate endpoint for the relying party and stores it in the request context.

Specified by:
selectEndpoint in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Returns:
Endpoint selected from the information provided in the request context

deserializeRequest

protected org.opensaml.saml2.core.AuthnRequest deserializeRequest(String request)
                                                           throws org.opensaml.xml.io.UnmarshallingException
Deserailizes an authentication request from a string.

Parameters:
request - request to deserialize
Returns:
the request XMLObject
Throws:
org.opensaml.xml.io.UnmarshallingException - thrown if the request can no be deserialized and unmarshalled


Copyright © 2006-2009 Internet2. All Rights Reserved.