@Prototype public class ProcessDelegatedAssertion extends AbstractProfileAction
Assertion WS-Security token, and set up the resulting
NameID for subject canonicalization as the effective subject of the request.
A SubjectCanonicalizationContext is added containing a NameIDPrincipal with the
token's NameID.
AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_SUBJECTassertionTokenStrategy.apply(profileRequestContext).getSubject().getNameID() != null
profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
| Modifier and Type | Class and Description |
|---|---|
class |
ProcessDelegatedAssertion.DefaultC14NRequesterLookupFunction
Default strategy for resolving the requester entityID for SAML subject c14n.
|
| Modifier and Type | Field and Description |
|---|---|
private Assertion |
assertion
The SAML 2 Assertion token being processed.
|
private com.google.common.base.Function<ProfileRequestContext,Assertion> |
assertionTokenStrategy
Function used to resolve the assertion token to process.
|
private org.slf4j.Logger |
log
Logger.
|
private NameID |
nameID
The SAML 2 NameID representing the authenticated user.
|
private com.google.common.base.Function<ProfileRequestContext,String> |
requesterLookupStrategy
Function used to obtain the requester ID, for purposes of Subject c14n.
|
private com.google.common.base.Function<ProfileRequestContext,String> |
responderLookupStrategy
Function used to obtain the responder ID, for purposes of Subject c14n.
|
| Constructor and Description |
|---|
ProcessDelegatedAssertion()
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
doExecute(ProfileRequestContext profileRequestContext) |
protected boolean |
doPreExecute(ProfileRequestContext profileRequestContext) |
void |
setAssertionTokenStrategy(com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)
Set the strategy used to locate the inbound assertion token to process.
|
void |
setRequesterLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy)
Set the strategy used to locate the requester ID for subject canonicalization.
|
void |
setResponderLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy)
Set the strategy used to locate the responder ID for subject canonicalization.
|
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategygetActivationCondition, setActivationConditiondoPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponsedestroy, doDestroy, doInitialize, initialize, isDestroyed, isInitializedclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitinitialize, isInitializedprivate org.slf4j.Logger log
@Nullable private com.google.common.base.Function<ProfileRequestContext,String> requesterLookupStrategy
@Nullable private com.google.common.base.Function<ProfileRequestContext,String> responderLookupStrategy
@Nonnull private com.google.common.base.Function<ProfileRequestContext,Assertion> assertionTokenStrategy
private Assertion assertion
private NameID nameID
public void setAssertionTokenStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,Assertion> strategy)
strategy - lookup strategypublic void setRequesterLookupStrategy(@Nullable com.google.common.base.Function<ProfileRequestContext,String> strategy)
strategy - lookup strategypublic void setResponderLookupStrategy(@Nullable com.google.common.base.Function<ProfileRequestContext,String> strategy)
strategy - lookup strategyprotected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
doPreExecute in class AbstractConditionalProfileActionprotected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
doExecute in class AbstractProfileActionCopyright © 1999–2018 Shibboleth Consortium. All rights reserved.