Package org.opensaml.saml.saml2.profile.impl

Class AddNameIDToSubjects

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction

public class AddNameIDToSubjects
extends AbstractProfileAction

Action that builds a NameID and adds it to the Subject of all the assertions found in a Response. The message to update is returned by a lookup strategy, by default the message returned by InOutOperationContext.getOutboundMessageContext().

If no Response exists, then an Assertion directly in the outbound message context will be used or created by the default lookup strategy.

If no Subject exists in the assertions found, it will be cretaed.

The source of the NameID is one of a set of candidate SAML2NameIDGenerator plugins injected into the action. The plugin(s) to attempt to use are derived from the Format value, which is established by a lookup strategy.

In addition, the generation process is influenced by the requested NameIDPolicy, which is evaluated using a pluggable predicate.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, SAMLEventIds.INVALID_NAMEID_POLICY

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	AddNameIDToSubjects.AssertionStrategy	Default strategy for obtaining assertions to modify.
static class	AddNameIDToSubjects.NameIDPolicyLookupFunction	Lookup function that returns the NameIDPolicy from an AuthnRequest message returned from a lookup function, by default the inbound message.
static class	AddNameIDToSubjects.RequesterIdFromIssuerFunction	Lookup function that returns RequestAbstractType.getIssuer() from a request message returned from a lookup function, by default the inbound message.

Field Summary

Fields

Modifier and Type	Field	Description
private List<Assertion>	assertions	Response to modify.
private Function<ProfileRequestContext,List<Assertion>>	assertionsLookupStrategy	Strategy used to locate the Response to operate on.
private Function<ProfileRequestContext,List<String>>	formatLookupStrategy	Strategy used to determine the formats to try.
private List<String>	formats	Formats to try.
private SAML2NameIDGenerator	generator	Generator to use.
private IdentifierGenerationStrategy	idGenerator	The generator to use.
private Function<ProfileRequestContext,IdentifierGenerationStrategy>	idGeneratorLookupStrategy	Strategy used to locate the IdentifierGenerationStrategy to use.
private String	issuerId	EntityID to populate into Issuer element.
private Function<ProfileRequestContext,String>	issuerLookupStrategy	Strategy used to obtain the response issuer value.
private org.slf4j.Logger	log	Class logger.
private SAMLObjectBuilder<NameID>	nameIdBuilder	Builder for NameID objects.
private Predicate<ProfileRequestContext>	nameIDPolicyPredicate	Predicate to validate NameIDPolicy.
private boolean	overwriteExisting	Flag controlling whether to overwrite an existing NameID.
private AuthnRequest	request	Request to examine.
private Function<ProfileRequestContext,AuthnRequest>	requestLookupStrategy	Strategy used to locate the AuthnRequest to operate on, if any.
private String	requiredFormat	Format required by requested NameIDPolicy.
private SAMLObjectBuilder<Subject>	subjectBuilder	Builder for Subject objects.

Constructor Summary

Constructors

Constructor	Description
AddNameIDToSubjects()	Constructor.

Method Summary

Modifier and Type	Method	Description
private NameID	cloneNameID(NameID nameId)	Create an efficient field-wise copy of a NameID.
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
private NameID	generateNameID(ProfileRequestContext profileRequestContext)	Attempt to generate a NameID using each of the candidate Formats and plugins.
private Subject	getAssertionSubject(Assertion assertion)	Get the subject to which the name identifier will be added.
private String	getRequiredFormat(ProfileRequestContext profileRequestContext)	Extract a format required by the inbound request, if present.
void	setAssertionsLookupStrategy(Function<ProfileRequestContext,List<Assertion>> strategy)	Set the strategy used to locate the Assertions to operate on.
void	setFormatLookupStrategy(Function<ProfileRequestContext,List<String>> strategy)	Set the strategy function to use to obtain the formats to try.
void	setIdentifierGeneratorLookupStrategy(Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)	Set the strategy used to locate the IdentifierGenerationStrategy to use.
void	setIssuerLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set the strategy used to locate the issuer value to use.
void	setNameIDGenerator(SAML2NameIDGenerator theGenerator)	Set the generator to use.
void	setNameIDPolicyPredicate(Predicate<ProfileRequestContext> predicate)	Set the predicate used to evaluate the NameIDPolicy.
void	setOverwriteExisting(boolean flag)	Set whether to overwrite any existing NameID objects found.
void	setRequestLookupStrategy(Function<ProfileRequestContext,AuthnRequest> strategy)	Set the strategy used to locate the AuthnRequest to examine, if any.

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

subjectBuilder

@Nonnull
private SAMLObjectBuilder<Subject> subjectBuilder

Builder for Subject objects.

nameIdBuilder

@Nonnull
private SAMLObjectBuilder<NameID> nameIdBuilder

Builder for NameID objects.

overwriteExisting

private boolean overwriteExisting

Flag controlling whether to overwrite an existing NameID.

requestLookupStrategy

@Nonnull
private Function<ProfileRequestContext,AuthnRequest> requestLookupStrategy

Strategy used to locate the AuthnRequest to operate on, if any.

assertionsLookupStrategy

@Nonnull
private Function<ProfileRequestContext,List<Assertion>> assertionsLookupStrategy

Strategy used to locate the Response to operate on.

idGeneratorLookupStrategy

@Nonnull
private Function<ProfileRequestContext,IdentifierGenerationStrategy> idGeneratorLookupStrategy

Strategy used to locate the IdentifierGenerationStrategy to use.

issuerLookupStrategy

@Nullable
private Function<ProfileRequestContext,String> issuerLookupStrategy

Strategy used to obtain the response issuer value.

nameIDPolicyPredicate

@Nonnull
private Predicate<ProfileRequestContext> nameIDPolicyPredicate

Predicate to validate NameIDPolicy.

formatLookupStrategy

@Nonnull
private Function<ProfileRequestContext,List<String>> formatLookupStrategy

Strategy used to determine the formats to try.

generator

@NonnullAfterInit
private SAML2NameIDGenerator generator

Generator to use.

formats

@Nonnull
@NonnullElements
private List<String> formats

Formats to try.

requiredFormat

@Nullable
private String requiredFormat

Format required by requested NameIDPolicy.

request

@Nullable
private AuthnRequest request

Request to examine.

assertions

@Nullable
private List<Assertion> assertions

Response to modify.

idGenerator

@Nullable
private IdentifierGenerationStrategy idGenerator

The generator to use.

issuerId

@Nullable
private String issuerId

EntityID to populate into Issuer element.

Constructor Detail

AddNameIDToSubjects

public AddNameIDToSubjects()
                    throws ComponentInitializationException

Constructor.

Throws:

ComponentInitializationException - if an error occurs initializing default predicate.

Method Detail

setOverwriteExisting

public void setOverwriteExisting(boolean flag)

Set whether to overwrite any existing NameID objects found.

Parameters:

flag - true iff the action should overwrite any existing objects

setRequestLookupStrategy

public void setRequestLookupStrategy(@Nonnull
                                     Function<ProfileRequestContext,AuthnRequest> strategy)

Set the strategy used to locate the AuthnRequest to examine, if any.

Parameters:

strategy - strategy used to locate the AuthnRequest

setAssertionsLookupStrategy

public void setAssertionsLookupStrategy(@Nonnull
                                        Function<ProfileRequestContext,List<Assertion>> strategy)

Set the strategy used to locate the Assertions to operate on.

Parameters:

strategy - lookup strategy

setIdentifierGeneratorLookupStrategy

public void setIdentifierGeneratorLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)

Set the strategy used to locate the IdentifierGenerationStrategy to use.

Parameters:

strategy - lookup strategy

setIssuerLookupStrategy

public void setIssuerLookupStrategy(@Nullable
                                    Function<ProfileRequestContext,String> strategy)

Set the strategy used to locate the issuer value to use.

Parameters:

strategy - lookup strategy

setNameIDPolicyPredicate

public void setNameIDPolicyPredicate(@Nonnull
                                     Predicate<ProfileRequestContext> predicate)

Set the predicate used to evaluate the NameIDPolicy.

Parameters:

predicate - predicate used to evaluate the NameIDPolicy

setFormatLookupStrategy

public void setFormatLookupStrategy(@Nonnull
                                    Function<ProfileRequestContext,List<String>> strategy)

Set the strategy function to use to obtain the formats to try.

Parameters:

strategy - format lookup strategy

setNameIDGenerator

public void setNameIDGenerator(@Nullable
                               SAML2NameIDGenerator theGenerator)

Set the generator to use.

Parameters:

theGenerator - the generator to use

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractProfileAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

getRequiredFormat

@Nullable
private String getRequiredFormat(@Nonnull
                                 ProfileRequestContext profileRequestContext)

Extract a format required by the inbound request, if present.

Parameters:

profileRequestContext - current profile request context

Returns:

a format dictated by the request, or null

generateNameID

@Nullable
private NameID generateNameID(@Nonnull
                              ProfileRequestContext profileRequestContext)

Attempt to generate a NameID using each of the candidate Formats and plugins.

Parameters:

profileRequestContext - current profile request context

Returns:

a generated NameID or null

getAssertionSubject

@Nonnull
private Subject getAssertionSubject(@Nonnull
                                    Assertion assertion)

Get the subject to which the name identifier will be added.

Parameters:

assertion - the assertion being modified

Returns:

the assertion to which the name identifier will be added

cloneNameID

@Nonnull
private NameID cloneNameID(@Nonnull
                           NameID nameId)

Create an efficient field-wise copy of a NameID.

Parameters:

nameId - the object to clone

Returns:

the copy