Package net.shibboleth.idp.plugin.oidc.op.profile.impl

Class SetTokenDeliveryAttributesToResponseContext

    • Field Detail

      • log

        @Nonnull
private org.slf4j.Logger log
        Class logger.

      • attributeContextLookupStrategy

        @Nonnull
private Function<ProfileRequestContext,​net.shibboleth.idp.attribute.context.AttributeContext> attributeContextLookupStrategy
        Strategy used to locate the AttributeContext associated with a given ProfileRequestContext.

      • encodedAttributesLookupStrategy

        @Nonnull
private Function<ProfileRequestContext,​Set<String>> encodedAttributesLookupStrategy
        Strategy used to obtain the set of attribute IDs to encode for back-channel recovery.

      • alwaysIncludedAttributesLookupStrategy

        @Nonnull
private Function<ProfileRequestContext,​Set<String>> alwaysIncludedAttributesLookupStrategy
        Strategy used to obtain the set of attribute IDs to include in the ID token in all cases.

      • deniedUserInfoAttributesLookupStrategy

        @Nonnull
private Function<ProfileRequestContext,​Set<String>> deniedUserInfoAttributesLookupStrategy
        Strategy used to obtain the set of attribute IDs to omit from the UserInfo token.

      • transcoderRegistry

        @NonnullAfterInit
private ReloadableService<net.shibboleth.idp.attribute.transcoding.AttributeTranscoderRegistry> transcoderRegistry
        Transcoder registry service object.

      • ignoringUnencodableAttributes

        private boolean ignoringUnencodableAttributes
        Whether attributes that result in an AttributeEncodingException when being encoded should be ignored or result in an IdPEventIds.UNABLE_ENCODE_ATTRIBUTE transition.

      • attributeCtx

        @Nullable
private net.shibboleth.idp.attribute.context.AttributeContext attributeCtx
        AttributeContext to use.

      • alwaysIncludedAttributes

        @Nullable
@NonnullElements
private Set<String> alwaysIncludedAttributes
        Attributes to include in ID token no matter what.

      • deniedUserInfoAttributes

        @Nullable
@NonnullElements
private Set<String> deniedUserInfoAttributes
        Attributes to omit from UserInfo token.

    • Constructor Detail

      • SetTokenDeliveryAttributesToResponseContext

        SetTokenDeliveryAttributesToResponseContext()
        Constructor.

    • Method Detail

      • setTranscoderRegistry

        public void setTranscoderRegistry​(@Nonnull
                                  ReloadableService<net.shibboleth.idp.attribute.transcoding.AttributeTranscoderRegistry> registry)
        Sets the registry of transcoding rules to apply to encode attributes.
        Parameters:
        registry - registry service interface

      • setIgnoringUnencodableAttributes

        public void setIgnoringUnencodableAttributes​(boolean flag)
        Set whether the attributes that result in an AttributeEncodingException when being encoded should be ignored or result in an IdPEventIds.UNABLE_ENCODE_ATTRIBUTE transition.
        Parameters:
        flag - flag to set

      • setAttributeContextLookupStrategy

        public void setAttributeContextLookupStrategy​(@Nonnull
                                              Function<ProfileRequestContext,​net.shibboleth.idp.attribute.context.AttributeContext> strategy)
        Set the strategy used to locate the AttributeContext associated with a given ProfileRequestContext.
        Parameters:
        strategy - strategy used to locate the AttributeContext associated with a given ProfileRequestContext

      • setEncodedAttributesLookupStrategy

        public void setEncodedAttributesLookupStrategy​(@Nonnull
                                               Function<ProfileRequestContext,​Set<String>> strategy)
        Set the strategy used to obtain the set of attribute IDs to encode for back-channel recovery.
        Parameters:
        strategy - lookup strategy

      • setAlwaysIncludedAttributesLookupStrategy

        public void setAlwaysIncludedAttributesLookupStrategy​(@Nonnull
                                                      Function<ProfileRequestContext,​Set<String>> strategy)
        Set the strategy used to obtain the set of attribute IDs always included in ID tokens.
        Parameters:
        strategy - lookup strategy

      • setDeniedUserInfoAttributesLookupStrategy

        public void setDeniedUserInfoAttributesLookupStrategy​(@Nonnull
                                                      Function<ProfileRequestContext,​Set<String>> strategy)
        Set the strategy used to obtain the set of attribute IDs to omit from UserInfo tokens.
        Parameters:
        strategy - lookup strategy

      • encodeAttribute

        private void encodeAttribute​(@Nonnull
                             net.shibboleth.idp.attribute.transcoding.AttributeTranscoderRegistry registry,
                             @Nonnull
                             ProfileRequestContext profileRequestContext,
                             @Nonnull
                             net.shibboleth.idp.attribute.IdPAttribute attribute)
                      throws net.shibboleth.idp.attribute.AttributeEncodingException
        Access the registry of transcoding rules to transform the input attribute into claims.
        Parameters:
        registry - registry of transcoding rules
        profileRequestContext - current profile request context
        attribute - input attribute
        Throws:
        net.shibboleth.idp.attribute.AttributeEncodingException - if a non-ignorable error occurs