Class AbstractAuthnRequestGenerator
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.request.AbstractAuthnRequestGenerator
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,AuthnRequestGenerator
- Direct Known Subclasses:
DefaultAuthnRequestGenerator
public abstract class AbstractAuthnRequestGenerator
extends AbstractInitializableComponent
implements AuthnRequestGenerator
Abstract base class for generating AuthnRequest messages.
- Author:
- Martin Lindström (martin@idsec.se)
-
Constructor Summary
ConstructorsConstructorDescriptionAbstractAuthnRequestGenerator(String spEntityID, X509Credential signCredential) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddExtensions(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, EntityDescriptor idpMetadata) Method that adds theExtensionselement to theAuthnRequestbeing built.protected voidaddScoping(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, EntityDescriptor idpMetadata) Method that adds theScopingelement to theAuthnRequestbeing built.protected RequestHttpObject<AuthnRequest> buildRequestHttpObject(AuthnRequest request, String relayState, AuthnRequestGeneratorContext context, String binding, String destination, EntityDescriptor recipientMetadata) Builds a request HTTP object (including signing).protected voidgenerateAuthnRequest(String idpEntityID, String relayState, AuthnRequestGeneratorContext context) Generates a SAML authentication request message.generateAuthnRequest(EntityDescriptor idp, String relayState, AuthnRequestGeneratorContext context) Generates a SAML authentication request message.getAssuranceCertificationUris(EntityDescriptor idpMetadata, AuthnRequestGeneratorContext context) Gets the assurance certification URI:s for the IdP metadata.protected StringUtility method that, given aSingleSignOnService, gets the binding URI (redirect/post).protected EntityDescriptorgetIdpMetadata(String idpEntityID) Gets the IdP metadata for the given entityID.protected List<AssertionConsumerService> getPossibleAssertionConsumerServices(boolean hokActive) Extracts all possible SP AssertionConsumerService endpoints.Gets the signing credential to be used when signing theAuthnRequestmessages.protected SingleSignOnServiceReturns theSingleSignOnServiceelement to use when sending the request to the IdP.Gets the entityID for the service provider that this generator services.protected abstract EntityDescriptorGets the metadata for the SP that this generator services.Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized
-
Constructor Details
-
AbstractAuthnRequestGenerator
Constructor.- Parameters:
spEntityID- the SP entityIDsignCredential- the signing credential
-
-
Method Details
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
generateAuthnRequest
public RequestHttpObject<AuthnRequest> generateAuthnRequest(String idpEntityID, String relayState, AuthnRequestGeneratorContext context) throws RequestGenerationException Generates a SAML authentication request message.- Specified by:
generateAuthnRequestin interfaceAuthnRequestGenerator- Parameters:
idpEntityID- the entityID of the IdP that we should send the request torelayState- the RelayState to include (may be null)context- the generator context (may be null)- Returns:
- a request object
- Throws:
RequestGenerationException- for errors during request generation
-
generateAuthnRequest
public RequestHttpObject<AuthnRequest> generateAuthnRequest(EntityDescriptor idp, String relayState, AuthnRequestGeneratorContext context) throws RequestGenerationException Generates a SAML authentication request message.- Specified by:
generateAuthnRequestin interfaceAuthnRequestGenerator- Parameters:
idp- the metadata for the IdP that we should send the request torelayState- the RelayState to include (may be null)context- the generator context (may be null)- Returns:
- a request object
- Throws:
RequestGenerationException- for errors during request generation
-
addScoping
protected void addScoping(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, EntityDescriptor idpMetadata) throws RequestGenerationException Method that adds theScopingelement to theAuthnRequestbeing built.The default implementation does nothing.
- Parameters:
builder- the buildercontext- the generator contextidpMetadata- the IdP metadata- Throws:
RequestGenerationException- for generation errors
-
addExtensions
protected void addExtensions(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, EntityDescriptor idpMetadata) throws RequestGenerationException Method that adds theExtensionselement to theAuthnRequestbeing built.The default implementation does nothing.
- Parameters:
builder- the buildercontext- the generator contextidpMetadata- the IdP metadata- Throws:
RequestGenerationException- for generation errors
-
getAssuranceCertificationUris
protected List<String> getAssuranceCertificationUris(EntityDescriptor idpMetadata, AuthnRequestGeneratorContext context) throws RequestGenerationException Gets the assurance certification URI:s for the IdP metadata.The default implementation returns all URI:s found in the metadata.
- Parameters:
idpMetadata- the IdP metadatacontext- the context- Returns:
- a list of URI:s
- Throws:
RequestGenerationException- for errors
-
getSpEntityID
Gets the entityID for the service provider that this generator services.- Specified by:
getSpEntityIDin interfaceAuthnRequestGenerator- Returns:
- the SP entityID
-
getSignCredential
Gets the signing credential to be used when signing theAuthnRequestmessages.- Specified by:
getSignCredentialin interfaceAuthnRequestGenerator- Returns:
- the signing credential, or null if no signing should be performed
-
getSpMetadata
Gets the metadata for the SP that this generator services.- Returns:
- the SP metadata, or null if no metadata is found
-
getIdpMetadata
Gets the IdP metadata for the given entityID.- Parameters:
idpEntityID- the entityID for the IdP- Returns:
- the metadata or null if no metadata could be found
-
buildRequestHttpObject
protected RequestHttpObject<AuthnRequest> buildRequestHttpObject(AuthnRequest request, String relayState, AuthnRequestGeneratorContext context, String binding, String destination, EntityDescriptor recipientMetadata) throws RequestGenerationException Builds a request HTTP object (including signing).- Parameters:
request- the actual requestrelayState- the RelayState (may be null)context- the request generation contextbinding- the binding to usedestination- the destination URLrecipientMetadata- the recipient metadata- Returns:
- a request HTTP object
- Throws:
RequestGenerationException- for errors during signing or encoding
-
getPossibleAssertionConsumerServices
Extracts all possible SP AssertionConsumerService endpoints.- Parameters:
hokActive- a flag that tells whether HoK is active or not- Returns:
- a list of possible endpoints
-
getBinding
Utility method that, given aSingleSignOnService, gets the binding URI (redirect/post).- Parameters:
sso- the SingleSignOnService- Returns:
- the binding URI
-
getSingleSignOnService
protected SingleSignOnService getSingleSignOnService(EntityDescriptor idp, AuthnRequestGeneratorContext context) throws RequestGenerationException Returns theSingleSignOnServiceelement to use when sending the request to the IdP. The preferred binding will be searched for first, and if this is not found, another binding that we support will be used.- Parameters:
idp- the IdP metadatacontext- context for generating- Returns:
- a SingleSignOnService object
- Throws:
RequestGenerationException- if not valid endpoint can be found
-