edu.internet2.middleware.shibboleth.idp.profile.saml1
Class ShibbolethSSOProfileHandler

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
      extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
          extended by edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
              extended by edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler
                  extended by edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler
All Implemented Interfaces:
edu.internet2.middleware.shibboleth.common.profile.ProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>

public class ShibbolethSSOProfileHandler
extends AbstractSAML1ProfileHandler

Shibboleth SSO request profile handler.


Nested Class Summary
 class ShibbolethSSOProfileHandler.ShibbolethSSORequestContext
          Represents the internal state of a Shibboleth SSO Request while it's being processed by the IdP.
 
Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler
AbstractSAML1ProfileHandler.SAML1AuditLogEntry
 
Field Summary
 
Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler
SAML_VERSION
 
Constructor Summary
ShibbolethSSOProfileHandler(String authnManagerPath)
          Constructor.
 
Method Summary
protected  org.opensaml.saml1.core.AuthenticationStatement buildAuthenticationStatement(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)
          Builds the authentication statement for the authenticated principal.
protected  ShibbolethSSOProfileHandler.ShibbolethSSORequestContext buildRequestContext(ShibbolethSSOLoginContext loginContext, org.opensaml.ws.transport.http.HTTPInTransport in, org.opensaml.ws.transport.http.HTTPOutTransport out)
          Creates an authentication request context from the current environmental information.
protected  org.opensaml.saml1.core.SubjectLocality buildSubjectLocality(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)
          Constructs the subject locality for the authentication statement.
protected  void completeAuthenticationRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Creates a response to the Shibboleth SSO and sends the user, with response in tow, back to the relying party after they've been authenticated.
protected  void decodeRequest(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext, org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Decodes an incoming request and populates a created request context with the resultant information.
 String getProfileId()
          
protected  void performAuthentication(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Creates a LoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.
protected  void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information about the asserting party.
protected  void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information about the relying party.
protected  void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information from the inbound SAML message.
 void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          
protected  org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Selects the appropriate endpoint for the relying party and stores it in the request context.
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler
buildAssertion, buildAttributeStatement, buildConditions, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, checkSamlVersion, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
encodeResponse, getAduitLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataProvider, getNameFormats, getOutboundMessageEncoder, getRelyingPartyConfiguration, getSecurityPolicyResolver, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler
getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler
getRequestPaths, setRequestPaths
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ShibbolethSSOProfileHandler

public ShibbolethSSOProfileHandler(String authnManagerPath)
Constructor.

Parameters:
authnManagerPath - path to the authentication manager servlet
Method Detail

getProfileId

public String getProfileId()

Specified by:
getProfileId in class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>

processRequest

public void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                           org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                    throws edu.internet2.middleware.shibboleth.common.profile.ProfileException

Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException

performAuthentication

protected void performAuthentication(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                                     org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                              throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates a LoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.

Parameters:
inTransport - inbound message transport
outTransport - outbound message transport
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem creating the login context and transferring control to the authentication manager

decodeRequest

protected void decodeRequest(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext,
                             org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                             org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                      throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Decodes an incoming request and populates a created request context with the resultant information.

Parameters:
inTransport - inbound message transport
outTransport - outbound message transport
requestContext - the request context to which decoded information should be added
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - throw if there is a problem decoding the request

completeAuthenticationRequest

protected void completeAuthenticationRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                                             org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                                      throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates a response to the Shibboleth SSO and sends the user, with response in tow, back to the relying party after they've been authenticated.

Parameters:
inTransport - inbound message transport
outTransport - outbound message transport
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the response can not be created and sent back to the relying party

buildRequestContext

protected ShibbolethSSOProfileHandler.ShibbolethSSORequestContext buildRequestContext(ShibbolethSSOLoginContext loginContext,
                                                                                      org.opensaml.ws.transport.http.HTTPInTransport in,
                                                                                      org.opensaml.ws.transport.http.HTTPOutTransport out)
                                                                               throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates an authentication request context from the current environmental information.

Parameters:
loginContext - current login context
in - inbound transport
out - outbount transport
Returns:
created authentication request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem creating the context

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                        throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: peer entity ID This methods populates the following request context properties: peer entity metadata, relying party configuration

Overrides:
populateRelyingPartyInformation in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                          throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

Overrides:
populateAssertingPartyInformation in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                       throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information from the inbound SAML message. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext),and AbstractSAMLProfileHandler.populateAssertingPartyInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context.

Specified by:
populateSAMLMessageInformation in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the request context with information

selectEndpoint

protected org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Selects the appropriate endpoint for the relying party and stores it in the request context.

Specified by:
selectEndpoint in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Returns:
Endpoint selected from the information provided in the request context

buildAuthenticationStatement

protected org.opensaml.saml1.core.AuthenticationStatement buildAuthenticationStatement(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)
                                                                                throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Builds the authentication statement for the authenticated principal.

Parameters:
requestContext - current request context
Returns:
the created statement
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the authentication statement can not be created

buildSubjectLocality

protected org.opensaml.saml1.core.SubjectLocality buildSubjectLocality(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)
Constructs the subject locality for the authentication statement.

Parameters:
requestContext - current request context
Returns:
subject locality for the authentication statement


Copyright © 2006-2009 Internet2. All Rights Reserved.