edu.internet2.middleware.shibboleth.idp.profile.saml1

クラス AbstractSAML1ProfileHandler

java.lang.Object

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

すべての実装されたインタフェース:

ProfileHandler<HTTPInTransport,HTTPOutTransport>

直系の既知のサブクラス:

ArtifactResolution, AttributeQueryProfileHandler, ShibbolethSSOProfileHandler

public abstract class AbstractSAML1ProfileHandler
extends AbstractSAMLProfileHandler

Common implementation details for profile handlers.

ネストされたクラスの概要

ネストされたクラス

修飾子とタイプ	クラスと説明
protected class	AbstractSAML1ProfileHandler.SAML1AuditLogEntry SAML 1 specific audit log entry.

フィールドの概要

フィールド

修飾子とタイプ	フィールドと説明
static SAMLVersion	SAML_VERSION SAML Version for this profile handler.

コンストラクタの概要

コンストラクタ

コンストラクタと説明
AbstractSAML1ProfileHandler() Default constructor.

メソッドの概要

メソッド

修飾子とタイプ	メソッドと説明
protected Assertion	buildAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext, org.joda.time.DateTime issueInstant) Builds a basic assertion with its id, issue instant, SAML version, issuer, subject, and conditions populated.
protected AttributeStatement	buildAttributeStatement(BaseSAML1ProfileRequestContext<?,?,?> requestContext, String subjectConfMethod) Executes a query for attributes and builds a SAML attribute statement from the results.
protected Conditions	buildConditions(BaseSAML1ProfileRequestContext<?,?,?> requestContext, org.joda.time.DateTime issueInstant) Builds a SAML assertion condition set.
protected Response	buildErrorResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext) Constructs an SAML response message carrying a request error.
protected NameIdentifier	buildNameId(BaseSAML1ProfileRequestContext<?,?,?> requestContext) Builds a NameIdentifier appropriate for this request.
protected Response	buildResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext, List<Statement> statements) Builds a response to the attribute query within the request context.
protected Status	buildStatus(QName topLevelCode, QName secondLevelCode, String failureMessage) Build a status message, with an optional second-level failure message.
protected Subject	buildSubject(BaseSAML1ProfileRequestContext<?,?,?> requestContext, String confirmationMethod) Builds the SAML subject for the user for the service provider.
protected void	checkSamlVersion(BaseSAML1ProfileRequestContext<?,?,?> requestContext) Checks that the SAML major version for a request is 1.
protected String	getSessionIndexFromNameID(NameIdentifier nameIdentifier) Creates a properly-delimited string representation from the given SAML1 NameIdentifier for session indexing purposes.
protected boolean	isSignAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext) Determine whether issued assertions should be signed.
protected void	populateRequestContext(BaseSAMLProfileRequestContext requestContext) Populates the request context with information.
protected void	populateStatusResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext, ResponseAbstractType response) Populates the response's id, in response to, issue instant, version, and issuer properties.
protected void	populateUserInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with the information about the user.
protected void	resolveAttributes(BaseSAML1ProfileRequestContext<?,?,?> requestContext) Resolved the attributes for the principal.
protected void	resolvePrincipal(BaseSAML1ProfileRequestContext<?,?,?> requestContext) Resolves the principal name of the subject of the request.
protected void	signAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext, Assertion assertion) Signs the given assertion if either the current profile configuration or the relying party configuration contains signing credentials.
protected void	writeAuditLogEntry(BaseSAMLProfileRequestContext context) Writes an audit log entry indicating the successful response to the attribute request.

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getAuditLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getOutboundMessageEncoder, getRelyingPartyConfiguration, getRequiredNameIDFormat, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateAssertingPartyInformation, populateProfileInformation, populateRelyingPartyInformation, populateSAMLMessageInformation, selectEndpoint, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler

getBuilderFactory, getParserPool, getProfileConfiguration, getProfileId, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler

getRequestPaths, setRequestPaths

クラスから継承されたメソッド java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

インタフェースから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.ProfileHandler

processRequest

フィールドの詳細

SAML_VERSION

public static final SAMLVersion SAML_VERSION

SAML Version for this profile handler.

コンストラクタの詳細

AbstractSAML1ProfileHandler

public AbstractSAML1ProfileHandler()

Default constructor.

メソッドの詳細

populateRequestContext

protected void populateRequestContext(BaseSAMLProfileRequestContext requestContext)
                               throws ProfileException

Populates the request context with information. This method requires the the following request context properties to be populated: inbound message transport, peer entity ID, metadata provider This methods populates the following request context properties: user's session, user's principal name, service authentication method, peer entity metadata, relying party configuration, local entity ID, outbound message issuer, local entity metadata

オーバーライド:

populateRequestContext クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem looking up the relying party's metadata

populateUserInformation

protected void populateUserInformation(BaseSAMLProfileRequestContext requestContext)

Populates the request context with the information about the user. This method requires the the following request context properties to be populated: inbound message transport, relying party ID This methods populates the following request context properties: user's session, user's principal name, and service authentication method

定義:

populateUserInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

checkSamlVersion

protected void checkSamlVersion(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
                         throws ProfileException

Checks that the SAML major version for a request is 1.

パラメータ:

requestContext - current request context containing the SAML message

例外:

ProfileException - thrown if the major version of the SAML request is not 1

buildResponse

protected Response buildResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                     List<Statement> statements)
                          throws ProfileException

Builds a response to the attribute query within the request context.

パラメータ:

requestContext - current request context

statements - the statements to include in the response

戻り値:

the built response

例外:

ProfileException - thrown if there is a problem creating the SAML response

buildAssertion

protected Assertion buildAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                       org.joda.time.DateTime issueInstant)

Builds a basic assertion with its id, issue instant, SAML version, issuer, subject, and conditions populated.

パラメータ:

requestContext - current request context

issueInstant - time to use as assertion issue instant

戻り値:

the built assertion

buildConditions

protected Conditions buildConditions(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                         org.joda.time.DateTime issueInstant)

Builds a SAML assertion condition set. The following fields are set; not before, not on or after, audience restrictions, and proxy restrictions.

パラメータ:

requestContext - current request context

issueInstant - timestamp the assertion was created

戻り値:

constructed conditions

buildSubject

protected Subject buildSubject(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                   String confirmationMethod)
                        throws ProfileException

Builds the SAML subject for the user for the service provider.

パラメータ:

requestContext - current request context

confirmationMethod - subject confirmation method used for the subject

戻り値:

SAML subject for the user for the service provider

例外:

ProfileException - thrown if a NameID can not be created either because there was a problem encoding the name ID attribute or because there are no supported name formats

buildNameId

protected NameIdentifier buildNameId(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
                              throws ProfileException

Builds a NameIdentifier appropriate for this request. NameIdentifier are built by inspecting the SAML request and metadata, picking a name format that was requested by the relying party or is mutually supported by both the relying party and asserting party as described in their metadata entries. Once a set of supported name formats is determined the principals attributes are inspected for an attribute supported an attribute encoder whose category is one of the supported name formats.

パラメータ:

requestContext - current request context

戻り値:

the NameIdentifier appropriate for this request

例外:

ProfileException - thrown if a NameIdentifier can not be created either because there was a problem encoding the name ID attribute or because there are no supported name formats

buildErrorResponse

protected Response buildErrorResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext)

Constructs an SAML response message carrying a request error.

パラメータ:

requestContext - current request context containing the failure status

戻り値:

the constructed error response

populateStatusResponse

protected void populateStatusResponse(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                          ResponseAbstractType response)

Populates the response's id, in response to, issue instant, version, and issuer properties.

パラメータ:

requestContext - current request context

response - the response to populate

buildStatus

protected Status buildStatus(QName topLevelCode,
                 QName secondLevelCode,
                 String failureMessage)

Build a status message, with an optional second-level failure message.

パラメータ:

topLevelCode - top-level status code

secondLevelCode - second-level status code

failureMessage - An optional second-level failure message

戻り値:

a Status object.

resolveAttributes

protected void resolveAttributes(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
                          throws ProfileException

Resolved the attributes for the principal.

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem resolving the attributes for the subject.

buildAttributeStatement

protected AttributeStatement buildAttributeStatement(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                                         String subjectConfMethod)
                                              throws ProfileException

Executes a query for attributes and builds a SAML attribute statement from the results.

パラメータ:

requestContext - current request context

subjectConfMethod - subject confirmation method

戻り値:

attribute statement resulting from the query

例外:

ProfileException - thrown if there is a problem making the query

resolvePrincipal

protected void resolvePrincipal(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
                         throws ProfileException

Resolves the principal name of the subject of the request.

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if the principal name can not be resolved

signAssertion

protected void signAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext,
                 Assertion assertion)
                      throws ProfileException

Signs the given assertion if either the current profile configuration or the relying party configuration contains signing credentials.

パラメータ:

requestContext - current request context

assertion - assertion to sign

例外:

ProfileException - thrown if the metadata can not be located for the relying party or, if signing is required, if a signing credential is not configured

isSignAssertion

protected boolean isSignAssertion(BaseSAML1ProfileRequestContext<?,?,?> requestContext)
                           throws ProfileException

Determine whether issued assertions should be signed.

パラメータ:

requestContext - the current request context

戻り値:

true if assertions should be signed, false otherwise

例外:

ProfileException - if there is a problem determining whether assertions should be signed

getSessionIndexFromNameID

protected String getSessionIndexFromNameID(NameIdentifier nameIdentifier)

Creates a properly-delimited string representation from the given SAML1 NameIdentifier for session indexing purposes.

パラメータ:

nameIdentifier - the NameIdentifier to create string representation from

戻り値:

a usable session index based on the input

writeAuditLogEntry

protected void writeAuditLogEntry(BaseSAMLProfileRequestContext context)

Writes an audit log entry indicating the successful response to the attribute request.

オーバーライド:

writeAuditLogEntry クラス内 AbstractSAMLProfileHandler

パラメータ:

context - current request context