edu.internet2.middleware.shibboleth.idp.profile.saml2

クラス SSOProfileHandler

java.lang.Object

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler

すべての実装されたインタフェース:

ProfileHandler<HTTPInTransport,HTTPOutTransport>

直系の既知のサブクラス:

SAML2ECPProfileHandler

public class SSOProfileHandler
extends AbstractSAML2ProfileHandler

SAML 2.0 SSO request profile handler.

ネストされたクラスの概要

ネストされたクラス

修飾子とタイプ	クラスと説明
protected class	SSOProfileHandler.SSORequestContext Represents the internal state of a SAML 2.0 SSO Request while it's being processed by the IdP.

クラスから継承されたネストされたクラス/インタフェース edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

AbstractSAML2ProfileHandler.SAML2AuditLogEntry

フィールドの概要

クラスから継承されたフィールド edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

SAML_VERSION

コンストラクタの概要

コンストラクタ

コンストラクタと説明
SSOProfileHandler(String authnManagerPath) Constructor.

メソッドの概要

メソッド

修飾子とタイプ	メソッドと説明
protected AuthnContext	buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext) Creates an AuthnContext for a successful authentication request.
protected AuthnStatement	buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext) Creates an authentication statement for the current request.
protected NameID	buildNameId(BaseSAML2ProfileRequestContext<?,?,?> requestContext) Builds a NameID appropriate for this request.
protected SSOProfileHandler.SSORequestContext	buildRequestContext(Saml2LoginContext loginContext, HTTPInTransport in, HTTPOutTransport out) Creates an authentication request context from the current environmental information.
protected SubjectLocality	buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext) Constructs the subject locality for the authentication statement.
protected void	checkNameIDPolicy(SSOProfileHandler.SSORequestContext requestContext) Checks to see, if present, if the affiliation associated with the SPNameQualifier given in the AuthnRequest NameIDPolicy lists the inbound message issuer as a member.
protected void	completeAuthenticationRequest(Saml2LoginContext loginContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Creates a response to the AuthnRequest and sends the user, with response in tow, back to the relying party after they've been authenticated.
protected void	decodeRequest(SSOProfileHandler.SSORequestContext requestContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Decodes an incoming request and stores the information in a created request context.
protected AuthnRequest	deserializeRequest(String request) Deserializes an authentication request from a string.
String	getProfileId() Gets the ID of the profile supported by this handler.
protected String	getRequiredNameIDFormat(BaseSAMLProfileRequestContext requestContext) Gets the name identifier format required to be sent back to the relying party.
protected void	performAuthentication(HTTPInTransport inTransport, HTTPOutTransport outTransport) Creates a Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.
protected void	populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the asserting party.
protected void	populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the relying party.
protected void	populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information from the inbound SAML message.
protected void	postProcessAssertion(BaseSAML2ProfileRequestContext<?,?,?> requestContext, Assertion assertion) Extension point for for subclasses to post-process the Assertion before it is signed and encrypted.
protected void	postProcessResponse(BaseSAML2ProfileRequestContext<?,?,?> requestContext, Response samlResponse) Extension point for for subclasses to post-process the Response before it is signed and encoded.
void	processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) Processes an incoming request.
protected Endpoint	selectEndpoint(BaseSAMLProfileRequestContext requestContext) Selects the appropriate endpoint for the relying party and stores it in the request context.

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, getSessionIndexFromNameID, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getAuditLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getOutboundMessageEncoder, getRelyingPartyConfiguration, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, populateProfileInformation, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler

getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService

クラスから継承されたメソッド edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler

getRequestPaths, setRequestPaths

クラスから継承されたメソッド java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

コンストラクタの詳細

SSOProfileHandler

public SSOProfileHandler(String authnManagerPath)

Constructor.

パラメータ:

authnManagerPath - path to the authentication manager Servlet

メソッドの詳細

getProfileId

public String getProfileId()

Gets the ID of the profile supported by this handler.

定義:

getProfileId クラス内 AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

戻り値:

ID of the profile supported by this handler

processRequest

public void processRequest(HTTPInTransport inTransport,
                  HTTPOutTransport outTransport)
                    throws ProfileException

Processes an incoming request.

パラメータ:

inTransport - the incoming request transport

outTransport - the outgoing response transport

例外:

ProfileException - throw if there was a problem while processing the request

performAuthentication

protected void performAuthentication(HTTPInTransport inTransport,
                         HTTPOutTransport outTransport)
                              throws ProfileException

Creates a Saml2LoginContext an sends the request off to the AuthenticationManager to begin the process of authenticating the user.

パラメータ:

inTransport - inbound request transport

outTransport - outbound response transport

例外:

ProfileException - thrown if there is a problem creating the login context and transferring control to the authentication manager

completeAuthenticationRequest

protected void completeAuthenticationRequest(Saml2LoginContext loginContext,
                                 HTTPInTransport inTransport,
                                 HTTPOutTransport outTransport)
                                      throws ProfileException

Creates a response to the AuthnRequest and sends the user, with response in tow, back to the relying party after they've been authenticated.

パラメータ:

loginContext - login context for this request

inTransport - inbound message transport

outTransport - outbound message transport

例外:

ProfileException - thrown if the response can not be created and sent back to the relying party

decodeRequest

protected void decodeRequest(SSOProfileHandler.SSORequestContext requestContext,
                 HTTPInTransport inTransport,
                 HTTPOutTransport outTransport)
                      throws ProfileException

Decodes an incoming request and stores the information in a created request context.

パラメータ:

inTransport - inbound transport

outTransport - outbound transport

requestContext - request context to which decoded information should be added

例外:

ProfileException - thrown if the incoming message failed decoding

checkNameIDPolicy

protected void checkNameIDPolicy(SSOProfileHandler.SSORequestContext requestContext)
                          throws ProfileException

Checks to see, if present, if the affiliation associated with the SPNameQualifier given in the AuthnRequest NameIDPolicy lists the inbound message issuer as a member.

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there the request is not a member of the affiliation or if there was a problem determining membership

buildRequestContext

protected SSOProfileHandler.SSORequestContext buildRequestContext(Saml2LoginContext loginContext,
                                                      HTTPInTransport in,
                                                      HTTPOutTransport out)
                                                           throws ProfileException

Creates an authentication request context from the current environmental information.

パラメータ:

loginContext - current login context

in - inbound transport

out - outbount transport

戻り値:

created authentication request context

例外:

ProfileException - thrown if there is a problem creating the context

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                        throws ProfileException

Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: inbound message issuer This methods populates the following request context properties: peer entityID, peer entity metadata, relying party configuration

オーバーライド:

populateRelyingPartyInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                          throws ProfileException

Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

オーバーライド:

populateAssertingPartyInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if there is a problem looking up the asserting party's metadata

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
                                       throws ProfileException

Populates the request context with information from the inbound SAML message. This method requires the the following request context properties to be populated: login context This methods populates the following request context properties: inbound saml message, relay state, inbound saml message ID, subject name identifier

定義:

populateSAMLMessageInformation クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

例外:

ProfileException - thrown if the inbound SAML message or subject identifier is null

buildAuthnStatement

protected AuthnStatement buildAuthnStatement(SSOProfileHandler.SSORequestContext requestContext)

Creates an authentication statement for the current request.

パラメータ:

requestContext - current request context

戻り値:

constructed authentication statement

buildAuthnContext

protected AuthnContext buildAuthnContext(SSOProfileHandler.SSORequestContext requestContext)

Creates an AuthnContext for a successful authentication request.

パラメータ:

requestContext - current request

戻り値:

the built authn context

buildSubjectLocality

protected SubjectLocality buildSubjectLocality(SSOProfileHandler.SSORequestContext requestContext)

Constructs the subject locality for the authentication statement.

パラメータ:

requestContext - curent request context

戻り値:

subject locality for the authentication statement

getRequiredNameIDFormat

protected String getRequiredNameIDFormat(BaseSAMLProfileRequestContext requestContext)

Gets the name identifier format required to be sent back to the relying party. This implementation of this method returns null. Profile handler implementations should override this method if an incoming request is capable of requiring a specific format.

オーバーライド:

getRequiredNameIDFormat クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

戻り値:

the required name ID format or null if no specific format is required

buildNameId

protected NameID buildNameId(BaseSAML2ProfileRequestContext<?,?,?> requestContext)
                      throws ProfileException

Builds a NameID appropriate for this request. NameIDs are built by inspecting the SAML request and metadata, picking a name format that was requested by the relying party or is mutually supported by both the relying party and asserting party as described in their metadata entries. Once a set of supported name formats is determined the principals attributes are inspected for an attribute supported an attribute encoder whose category is one of the supported name formats.

オーバーライド:

buildNameId クラス内 AbstractSAML2ProfileHandler

パラメータ:

requestContext - current request context

戻り値:

the NameID appropriate for this request

例外:

ProfileException - thrown if a NameID can not be created either because there was a problem encoding the name ID attribute or because there are no supported name formats

selectEndpoint

protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext)

Selects the appropriate endpoint for the relying party and stores it in the request context.

定義:

selectEndpoint クラス内 AbstractSAMLProfileHandler

パラメータ:

requestContext - current request context

戻り値:

Endpoint selected from the information provided in the request context

deserializeRequest

protected AuthnRequest deserializeRequest(String request)
                                   throws UnmarshallingException

Deserializes an authentication request from a string.

パラメータ:

request - request to deserialize

戻り値:

the request XMLObject

例外:

UnmarshallingException - thrown if the request can no be deserialized and unmarshalled

postProcessAssertion

protected void postProcessAssertion(BaseSAML2ProfileRequestContext<?,?,?> requestContext,
                        Assertion assertion)
                             throws ProfileException

Extension point for for subclasses to post-process the Assertion before it is signed and encrypted.

オーバーライド:

postProcessAssertion クラス内 AbstractSAML2ProfileHandler

パラメータ:

requestContext - the current request context

assertion - the SAML Assertion being built

例外:

ProfileException - if there is an error processing the assertion

postProcessResponse

protected void postProcessResponse(BaseSAML2ProfileRequestContext<?,?,?> requestContext,
                       Response samlResponse)
                            throws ProfileException

Extension point for for subclasses to post-process the Response before it is signed and encoded.

オーバーライド:

postProcessResponse クラス内 AbstractSAML2ProfileHandler

パラメータ:

requestContext - the current request context

samlResponse - the SAML Response being built

例外:

ProfileException - if there was an error processing the response