edu.internet2.middleware.shibboleth.idp.profile.saml1

クラス ShibbolethSSOProfileHandler

java.lang.Object

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler

すべての実装されたインタフェース:

ProfileHandler<HTTPInTransport,HTTPOutTransport>

public class ShibbolethSSOProfileHandler
extends AbstractSAML1ProfileHandler

Shibboleth SSO request profile handler.

ネストされたクラスの概要

ネストされたクラス

修飾子とタイプ	クラスと説明
class	ShibbolethSSOProfileHandler.ShibbolethSSORequestContext Represents the internal state of a Shibboleth SSO Request while it's being processed by the IdP.

クラスから継承されたネストされたクラス/インタフェース edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

AbstractSAML1ProfileHandler.SAML1AuditLogEntry

フィールドの概要

クラスから継承されたフィールド edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

SAML_VERSION

コンストラクタの概要

コンストラクタ

コンストラクタと説明
ShibbolethSSOProfileHandler(String authnManagerPath) Constructor.

メソッドの概要

メソッド

修飾子とタイプ	メソッドと説明
protected AuthenticationStatement	buildAuthenticationStatement(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext) Builds the authentication statement for the authenticated principal.
protected ShibbolethSSOProfileHandler.ShibbolethSSORequestContext	buildRequestContext(ShibbolethSSOLoginContext loginContext, HTTPInTransport in, HTTPOutTransport out) Creates an authentication request context from the current environmental information.
protected SubjectLocality	buildSubjectLocality(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext) Constructs the subject locality for the authentication statement.
protected void	completeAuthenticationRequest(ShibbolethSSOLoginContext loginContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Creates a response to the Shibboleth SSO and sends the user, with response in tow, back to the relying party after they've been authenticated.
protected void	decodeRequest(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Decodes an incoming request and populates a created request context with the resultant information.
String	getProfileId() Gets the ID of the profile supported by this handler.
protected void	performAuthentication(HTTPInTransport inTransport, HTTPOutTransport outTransport) Creates a ShibbolethSSOLoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.
protected void	populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the asserting party.
protected void	populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the relying party.
protected void	populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information from the inbound SAML message.
void	processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) Processes an incoming request.
protected Endpoint	selectEndpoint(BaseSAMLProfileRequestContext requestContext) Selects the appropriate endpoint for the relying party and stores it in the request context.

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.idp.profile.saml1.AbstractSAML1ProfileHandler

buildAssertion, buildAttributeStatement, buildConditions, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, checkSamlVersion, getSessionIndexFromNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getAuditLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getOutboundMessageEncoder, getRelyingPartyConfiguration, getRequiredNameIDFormat, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler

getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler

getRequestPaths, setRequestPaths

クラスから継承されたメソッド java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

コンストラクタの詳細

ShibbolethSSOProfileHandler

public ShibbolethSSOProfileHandler(String authnManagerPath)

Constructor.

パラメータ:

authnManagerPath - path to the authentication manager servlet

メソッドの詳細

getProfileId

public String getProfileId()

Gets the ID of the profile supported by this handler.

定義:

getProfileId クラス内 AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

戻り値:

ID of the profile supported by this handler

processRequest

public void processRequest(HTTPInTransport inTransport,
                  HTTPOutTransport outTransport)
                    throws ProfileException

Processes an incoming request.

パラメータ:

inTransport - the incoming request transport

outTransport - the outgoing response transport

例外:

ProfileException - throw if there was a problem while processing the request

performAuthentication

protected void performAuthentication(HTTPInTransport inTransport,
                         HTTPOutTransport outTransport)
                              throws ProfileException

Creates a ShibbolethSSOLoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.

パラメータ:

inTransport - inbound message transport

outTransport - outbound message transport

例外:

ProfileException - thrown if there is a problem creating the login context and transferring control to the authentication manager

decodeRequest

protected void decodeRequest(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext,
                 HTTPInTransport inTransport,
                 HTTPOutTransport outTransport)
                      throws ProfileException

Decodes an incoming request and populates a created request context with the resultant information.

パラメータ:

inTransport - inbound message transport

outTransport - outbound message transport

requestContext - the request context to which decoded information should be added

例外:

ProfileException - throw if there is a problem decoding the request

completeAuthenticationRequest

protected void completeAuthenticationRequest(ShibbolethSSOLoginContext loginContext,
                                 HTTPInTransport inTransport,
                                 HTTPOutTransport outTransport)
                                      throws ProfileException

Creates a response to the Shibboleth SSO and sends the user, with response in tow, back to the relying party after they've been authenticated.

パラメータ:

loginContext - login context for this request

inTransport - inbound message transport

outTransport - outbound message transport

例外:

ProfileException - thrown if the response can not be created and sent back to the relying party

buildRequestContext

protected ShibbolethSSOProfileHandler.ShibbolethSSORequestContext buildRequestContext(ShibbolethSSOLoginContext loginContext,
                                                                          HTTPInTransport in,
                                                                          HTTPOutTransport out)
                                                                               throws ProfileException

Creates an authentication request context from the current environmental information.

パラメータ:

loginContext - current login context

in - inbound transport

out - outbount transport

戻り値:

created authentication request context

例外:

ProfileException - thrown if there is a problem creating the context

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                        throws ProfileException

Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: inbound message issuer This methods populates the following request context properties: peer entityID, peer entity metadata, relying party configuration

オーバーライド:

populateRelyingPartyInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                          throws ProfileException

Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

オーバーライド:

populateAssertingPartyInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
                                       throws ProfileException

Populates the request context with information from the inbound SAML message. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext),and AbstractSAMLProfileHandler.populateAssertingPartyInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context.

定義:

populateSAMLMessageInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem populating the request context with information

selectEndpoint

protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext)

Selects the appropriate endpoint for the relying party and stores it in the request context.

定義:

selectEndpoint クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

戻り値:

Endpoint selected from the information provided in the request context

buildAuthenticationStatement

protected AuthenticationStatement buildAuthenticationStatement(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)
                                                        throws ProfileException

Builds the authentication statement for the authenticated principal.

パラメータ:

requestContext - current request context

戻り値:

the created statement

例外:

ProfileException - thrown if the authentication statement can not be created

buildSubjectLocality

protected SubjectLocality buildSubjectLocality(ShibbolethSSOProfileHandler.ShibbolethSSORequestContext requestContext)

Constructs the subject locality for the authentication statement.

パラメータ:

requestContext - current request context

戻り値:

subject locality for the authentication statement