edu.internet2.middleware.shibboleth.idp.profile.saml2
Class SAML2ECPProfileHandler

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
      extended by edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
          extended by edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
              extended by edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
                  extended by edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
                      extended by edu.internet2.middleware.shibboleth.idp.profile.saml2.SAML2ECPProfileHandler
All Implemented Interfaces:
edu.internet2.middleware.shibboleth.common.profile.ProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>

public class SAML2ECPProfileHandler
extends SSOProfileHandler

SAML 2.0 ECP request profile handler.


Nested Class Summary
protected  class SAML2ECPProfileHandler.ECPRequestContext
          In case we ever add something to the base context
 
Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
SSOProfileHandler.SSORequestContext
 
Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
AbstractSAML2ProfileHandler.SAML2AuditLogEntry
 
Field Summary
 
Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
SAML_VERSION
 
Constructor Summary
SAML2ECPProfileHandler()
          Constructor.
 
Method Summary
protected  org.opensaml.saml2.core.AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
          Creates an AuthnContext for a successful authentication request.
protected  org.opensaml.saml2.core.AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
          Creates an authentication statement for the current request.
protected  org.opensaml.ws.message.handler.HandlerChain buildOutboundHandlerChain()
          Build the outbound handler chain.
protected  org.opensaml.ws.message.handler.HandlerChain buildPostSecurityInboundHandlerChain()
          Build the post-security inbound handler chain.
protected  org.opensaml.ws.message.handler.HandlerChain buildPreSecurityInboundHandlerChain()
          Build the pre-security inbound handler chain.
protected  SAML2ECPProfileHandler.ECPRequestContext buildRequestContext(org.opensaml.ws.transport.http.HTTPInTransport in, org.opensaml.ws.transport.http.HTTPOutTransport out)
          Creates an authentication request context from the current environmental information.
protected  void decodeRequest(SAML2ECPProfileHandler.ECPRequestContext requestContext, org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          Decodes an incoming request and stores the information in a created request context.
 String getAuthnContextClassRef()
          Gets the AuthnContext class reference.
protected  org.opensaml.common.binding.decoding.SAMLMessageDecoder getInboundMessageDecoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Get the inbound message decoder to use.
protected  org.opensaml.ws.message.handler.HandlerChainResolver getOutboundHandlerChainResolver()
          Get the resolver used to resolve the outbound handler chain.
protected  org.opensaml.common.binding.encoding.SAMLMessageEncoder getOutboundMessageEncoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Get the outbound message encoder to use.
protected  org.opensaml.ws.message.handler.HandlerChainResolver getPostSecurityInboundHandlerChainResolver()
          Get the resolver used to resolve the post-security inbound handler chain.
protected  org.opensaml.ws.message.handler.HandlerChainResolver getPreSecurityInboundHandlerChainResolver()
          Get the resolver used to resolve the pre-security inbound handler chain.
 String getProfileId()
          
 void initialize()
          Initialize the profile handler.
protected  void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
          Populates the request context with information from the inbound SAML message.
 void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport, org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
          
 void setAuthnContextClassRef(String ref)
          Sets the AuthnContext class reference.
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
buildNameId, buildRequestContext, buildSubjectLocality, checkNameIDPolicy, completeAuthenticationRequest, decodeRequest, deserializeRequest, getRequiredNameIDFormat, performAuthentication, populateAssertingPartyInformation, populateRelyingPartyInformation, postProcessAssertion, postProcessResponse, selectEndpoint
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler
buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getRelyingPartyConfiguration, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler
getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler
getRequestPaths, setRequestPaths
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAML2ECPProfileHandler

public SAML2ECPProfileHandler()
Constructor.

Method Detail

initialize

public void initialize()
Initialize the profile handler.


getProfileId

public String getProfileId()

Overrides:
getProfileId in class SSOProfileHandler

setAuthnContextClassRef

public void setAuthnContextClassRef(String ref)
Sets the AuthnContext class reference.

Parameters:
ref - AuthnContext class reference to set

getAuthnContextClassRef

public String getAuthnContextClassRef()
Gets the AuthnContext class reference.

Returns:
AuthnContext class reference

processRequest

public void processRequest(org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                           org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                    throws edu.internet2.middleware.shibboleth.common.profile.ProfileException

Specified by:
processRequest in interface edu.internet2.middleware.shibboleth.common.profile.ProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
Overrides:
processRequest in class SSOProfileHandler
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException

decodeRequest

protected void decodeRequest(SAML2ECPProfileHandler.ECPRequestContext requestContext,
                             org.opensaml.ws.transport.http.HTTPInTransport inTransport,
                             org.opensaml.ws.transport.http.HTTPOutTransport outTransport)
                      throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Decodes an incoming request and stores the information in a created request context.

Parameters:
inTransport - inbound transport
outTransport - outbound transport
requestContext - request context to which decoded information should be added
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the incoming message failed decoding

buildRequestContext

protected SAML2ECPProfileHandler.ECPRequestContext buildRequestContext(org.opensaml.ws.transport.http.HTTPInTransport in,
                                                                       org.opensaml.ws.transport.http.HTTPOutTransport out)
                                                                throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Creates an authentication request context from the current environmental information.

Parameters:
in - inbound transport
out - outbount transport
Returns:
created authentication request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem creating the context

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                       throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Populates the request context with information from the inbound SAML message. This method requires the the following request context properties to be populated: login context This methods populates the following request context properties: inbound saml message, relay state, inbound saml message ID, subject name identifier

Overrides:
populateSAMLMessageInformation in class SSOProfileHandler
Parameters:
requestContext - current request context
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if the inbound SAML message or subject identifier is null

buildAuthnStatement

protected org.opensaml.saml2.core.AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)
Creates an authentication statement for the current request.

Overrides:
buildAuthnStatement in class SSOProfileHandler
Parameters:
requestContext - current request context
Returns:
constructed authentication statement

buildAuthnContext

protected org.opensaml.saml2.core.AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)
Creates an AuthnContext for a successful authentication request.

Overrides:
buildAuthnContext in class SSOProfileHandler
Parameters:
requestContext - current request
Returns:
the built authn context

buildPreSecurityInboundHandlerChain

protected org.opensaml.ws.message.handler.HandlerChain buildPreSecurityInboundHandlerChain()
Build the pre-security inbound handler chain.

Returns:
the handler chain

buildPostSecurityInboundHandlerChain

protected org.opensaml.ws.message.handler.HandlerChain buildPostSecurityInboundHandlerChain()
Build the post-security inbound handler chain.

Returns:
the handler chain

getPreSecurityInboundHandlerChainResolver

protected org.opensaml.ws.message.handler.HandlerChainResolver getPreSecurityInboundHandlerChainResolver()
Get the resolver used to resolve the pre-security inbound handler chain.

Returns:
the handler chain resolver

getPostSecurityInboundHandlerChainResolver

protected org.opensaml.ws.message.handler.HandlerChainResolver getPostSecurityInboundHandlerChainResolver()
Get the resolver used to resolve the post-security inbound handler chain.

Returns:
the handler chain resolver

buildOutboundHandlerChain

protected org.opensaml.ws.message.handler.HandlerChain buildOutboundHandlerChain()
Build the outbound handler chain.

Returns:
the handler chain

getOutboundHandlerChainResolver

protected org.opensaml.ws.message.handler.HandlerChainResolver getOutboundHandlerChainResolver()
Get the resolver used to resolve the outbound handler chain.

Returns:
the handler chain resolver

getOutboundMessageEncoder

protected org.opensaml.common.binding.encoding.SAMLMessageEncoder getOutboundMessageEncoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                                                                     throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Get the outbound message encoder to use.

The default implementation uses the binding URI from the SAMLMessageContext.getPeerEntityEndpoint() to lookup the encoder from the supported message encoders defined in AbstractSAMLProfileHandler.getMessageEncoders().

Subclasses may override to implement a different mechanism to determine the encoder to use, such as for example cases where an active intermediary actor sits between this provider and the peer entity endpoint (e.g. the SAML 2 ECP case).

Overrides:
getOutboundMessageEncoder in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Returns:
the message encoder to use
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - if the encoder to use can not be resolved based on the request context

getInboundMessageDecoder

protected org.opensaml.common.binding.decoding.SAMLMessageDecoder getInboundMessageDecoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
                                                                                    throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
Get the inbound message decoder to use.

The default implementation uses the binding URI from AbstractSAMLProfileHandler.getInboundBinding() to lookup the decoder from the supported message decoders defined in AbstractSAMLProfileHandler.getMessageDecoders().

Subclasses may override to implement a different mechanism to determine the decoder to use.

Overrides:
getInboundMessageDecoder in class AbstractSAMLProfileHandler
Parameters:
requestContext - current request context
Returns:
the message decoder to use
Throws:
edu.internet2.middleware.shibboleth.common.profile.ProfileException - if the decoder to use can not be resolved based on the request context


Copyright © 2006-2011 Internet2. All Rights Reserved.