Package org.opensaml.saml.common.binding

Class SAMLBindingSupport

  • public final class SAMLBindingSupport
extends Object
    A support class for SAML binding operations.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static org.slf4j.Logger LOG
      Logger.

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private SAMLBindingSupport()
      Constructor.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean checkRelayState​(String relayState)
      Checks that the relay state is 80 bytes or less if it is not null.
      static int convertSAML2ArtifactEndpointIndex​(byte[] artifactEndpointIndex)
      Convert a 2-byte artifact endpoint index byte[] as typically used by SAML 2 artifact types to an integer, appropriate for use with IndexedEndpoint impls.
      static String getActualReceiverEndpointURI​(org.opensaml.messaging.context.MessageContext messageContext, javax.servlet.http.HttpServletRequest request)
      Extract the transport endpoint URI at which this message was received.
      static URI getEndpointURL​(org.opensaml.messaging.context.MessageContext messageContext)
      Get the response URL from the relying party endpoint.
      static String getIntendedDestinationEndpointURI​(org.opensaml.messaging.context.MessageContext messageContext)
      Extract the message information which indicates to what receiver endpoint URI the SAML message was intended to be delivered.
      static String getRelayState​(org.opensaml.messaging.context.MessageContext messageContext)
      Get the SAML protocol relay state from a message context.
      static boolean isIntendedDestinationEndpointURIRequired​(org.opensaml.messaging.context.MessageContext messageContext)
      Determine whether the binding in use requires the presence within the message of information indicating the intended message destination endpoint URI.
      static boolean isMessageSigned​(org.opensaml.messaging.context.MessageContext messageContext)
      Determine whether the SAML message represented by the message context is digitally signed.
      static boolean isMessageSigned​(org.opensaml.messaging.context.MessageContext messageContext, boolean presenceSatisfies)
      Determine whether the SAML message represented by the message context is digitally signed.
      static boolean isSigningCapableBinding​(org.opensaml.messaging.context.MessageContext messageContext)
      Determine whether the SAML binding to be used by the message context supports signatures at the binding layer.
      static void setRelayState​(org.opensaml.messaging.context.MessageContext messageContext, String relayState)
      Set the SAML protocol relay state on a message context.
      static void setSAML1ResponseRecipient​(SAMLObject outboundMessage, String endpointURL)
      Sets the destination attribute on the outbound message if it is a ResponseAbstractType message.
      static void setSAML2Destination​(SAMLObject outboundMessage, String endpointURL)
      Sets the destination attribute on an outbound message if it is either a RequestAbstractType or a StatusResponseType message.

    • Field Detail

      • LOG

        @Nonnull
private static final org.slf4j.Logger LOG
        Logger.

    • Constructor Detail

      • SAMLBindingSupport

        private SAMLBindingSupport()
        Constructor.

    • Method Detail

      • getRelayState

        @Nullable
@NotEmpty
public static String getRelayState​(@Nonnull
                                   org.opensaml.messaging.context.MessageContext messageContext)
        Get the SAML protocol relay state from a message context.
        Parameters:
        messageContext - the message context on which to operate
        Returns:
        the relay state or null

      • setRelayState

        public static void setRelayState​(@Nonnull
                                 org.opensaml.messaging.context.MessageContext messageContext,
                                 @Nullable
                                 String relayState)
        Set the SAML protocol relay state on a message context.
        Parameters:
        messageContext - the message context on which to operate
        relayState - the relay state to set

      • checkRelayState

        public static boolean checkRelayState​(@Nullable
                                      String relayState)
        Checks that the relay state is 80 bytes or less if it is not null.
        Parameters:
        relayState - relay state to check
        Returns:
        true if the relay state is not empty and is less than 80 bytes

      • getEndpointURL

        @Nonnull
public static URI getEndpointURL​(@Nonnull
                                 org.opensaml.messaging.context.MessageContext messageContext)
                          throws BindingException
        Get the response URL from the relying party endpoint. If the SAML message is a response and the relying party endpoint contains a response location then that location is returned otherwise the normal endpoint location is returned.
        Parameters:
        messageContext - current message context
        Returns:
        response URL from the relying party endpoint
        Throws:
        BindingException - throw if no relying party endpoint is available

      • setSAML1ResponseRecipient

        public static void setSAML1ResponseRecipient​(@Nonnull
                                             SAMLObject outboundMessage,
                                             @Nonnull @NotEmpty
                                             String endpointURL)
        Sets the destination attribute on the outbound message if it is a ResponseAbstractType message.
        Parameters:
        outboundMessage - outbound SAML message
        endpointURL - destination endpoint

      • setSAML2Destination

        public static void setSAML2Destination​(@Nonnull
                                       SAMLObject outboundMessage,
                                       @Nonnull @NotEmpty
                                       String endpointURL)
        Sets the destination attribute on an outbound message if it is either a RequestAbstractType or a StatusResponseType message.
        Parameters:
        outboundMessage - outbound SAML message
        endpointURL - destination endpoint

      • isMessageSigned

        public static boolean isMessageSigned​(@Nonnull
                                      org.opensaml.messaging.context.MessageContext messageContext)
        Determine whether the SAML message represented by the message context is digitally signed.

        First the SAML protocol message is examined as to whether an XML signature is present at the DOM level; if yes return true. Finally, the presence of a binding signature is evaluated by looking at SAMLBindingContext.hasBindingSignature().

        Parameters:
        messageContext - current message context
        Returns:
        true if the message is considered to be digitally signed, false otherwise

      • isMessageSigned

        public static boolean isMessageSigned​(@Nonnull
                                      org.opensaml.messaging.context.MessageContext messageContext,
                                      boolean presenceSatisfies)
        Determine whether the SAML message represented by the message context is digitally signed.

        First the SAML protocol message is examined as to whether an XML signature is present at the DOM level; if yes return true. Next if presenceSatisfies is true, then SignableXMLObject.getSignature() is evaluated for a non-null value; if yes return true. Finally, the presence of a binding signature is evaluated by looking at SAMLBindingContext.hasBindingSignature().

        Parameters:
        messageContext - current message context
        presenceSatisfies - whether the presence of a non-null Signature member satisfies the evaluation
        Returns:
        true if the message is considered to be digitally signed, false otherwise

      • isSigningCapableBinding

        public static boolean isSigningCapableBinding​(@Nonnull
                                              org.opensaml.messaging.context.MessageContext messageContext)
        Determine whether the SAML binding to be used by the message context supports signatures at the binding layer.

        The capability of the binding is determined by extracting a BindingDescriptor from a SAMLBindingContext.

        Parameters:
        messageContext - current message context
        Returns:
        true if the message is considered to be digitally signed, false otherwise

      • isIntendedDestinationEndpointURIRequired

        public static boolean isIntendedDestinationEndpointURIRequired​(@Nonnull
                                                               org.opensaml.messaging.context.MessageContext messageContext)
        Determine whether the binding in use requires the presence within the message of information indicating the intended message destination endpoint URI.
        Parameters:
        messageContext - current SAML message context
        Returns:
        true if the intended message destination endpoint is required, false if not

      • getIntendedDestinationEndpointURI

        @Nullable
public static String getIntendedDestinationEndpointURI​(@Nonnull
                                                       org.opensaml.messaging.context.MessageContext messageContext)
                                                throws org.opensaml.messaging.MessageException
        Extract the message information which indicates to what receiver endpoint URI the SAML message was intended to be delivered.
        Parameters:
        messageContext - the SAML message context being processed
        Returns:
        the value of the intended destination endpoint URI, or null if not present or empty
        Throws:
        org.opensaml.messaging.MessageException - thrown if the message is not an instance of SAML message that could be processed by the decoder

      • getActualReceiverEndpointURI

        @Nonnull
public static String getActualReceiverEndpointURI​(@Nonnull
                                                  org.opensaml.messaging.context.MessageContext messageContext,
                                                  @Nonnull
                                                  javax.servlet.http.HttpServletRequest request)
                                           throws org.opensaml.messaging.MessageException
        Extract the transport endpoint URI at which this message was received.
        Parameters:
        messageContext - current message context
        request - the HttpServletRequest being evaluated
        Returns:
        string representing the transport endpoint URI at which the current message was received
        Throws:
        org.opensaml.messaging.MessageException - thrown if the endpoint can not be looked up from the message context and converted to a string representation

      • convertSAML2ArtifactEndpointIndex

        @Nonnull
public static int convertSAML2ArtifactEndpointIndex​(@Nonnull
                                                    byte[] artifactEndpointIndex)
        Convert a 2-byte artifact endpoint index byte[] as typically used by SAML 2 artifact types to an integer, appropriate for use with IndexedEndpoint impls.

        The max input value supported is 0x7FFF (32767), which is the largest possible unsigned 16 bit value. This should be more than sufficient for typical SAML cases.

        Parameters:
        artifactEndpointIndex - the endpoint index byte array, must have length == 2, and big endian byte order.
        Returns:
        the convert integer value