Package se.swedenconnect.opensaml.saml2.request

Class AbstractAuthnRequestGenerator

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.request.AbstractAuthnRequestGenerator
All Implemented Interfaces:
net.shibboleth.shared.component.Component, net.shibboleth.shared.component.DestructableComponent, net.shibboleth.shared.component.InitializableComponent, AuthnRequestGenerator
Direct Known Subclasses:
DefaultAuthnRequestGenerator
public abstract class AbstractAuthnRequestGenerator extends net.shibboleth.shared.component.AbstractInitializableComponent implements AuthnRequestGenerator
Abstract base class for generating AuthnRequest messages.
Author:
Martin Lindström (martin@idsec.se)

  • Constructor Details

    • AbstractAuthnRequestGenerator

      public AbstractAuthnRequestGenerator(String spEntityID, org.opensaml.security.x509.X509Credential signCredential)
      Constructor.
      Parameters:
      spEntityID - the SP entityID
      signCredential - the signing credential

  • Method Details

    • doInitialize

      protected void doInitialize() throws net.shibboleth.shared.component.ComponentInitializationException
      Overrides:
      doInitialize in class net.shibboleth.shared.component.AbstractInitializableComponent
      Throws:
      net.shibboleth.shared.component.ComponentInitializationException

    • generateAuthnRequest

      public RequestHttpObject<org.opensaml.saml.saml2.core.AuthnRequest> generateAuthnRequest(String idpEntityID, String relayState, AuthnRequestGeneratorContext context) throws RequestGenerationException
      Generates a SAML authentication request message.
      Specified by:
      generateAuthnRequest in interface AuthnRequestGenerator
      Parameters:
      idpEntityID - the entityID of the IdP that we should send the request to
      relayState - the RelayState to include (may be null)
      context - the generator context (may be null)
      Returns:
      a request object
      Throws:
      RequestGenerationException - for errors during request generation

    • generateAuthnRequest

      public RequestHttpObject<org.opensaml.saml.saml2.core.AuthnRequest> generateAuthnRequest(org.opensaml.saml.saml2.metadata.EntityDescriptor idp, String relayState, AuthnRequestGeneratorContext context) throws RequestGenerationException
      Generates a SAML authentication request message.
      Specified by:
      generateAuthnRequest in interface AuthnRequestGenerator
      Parameters:
      idp - the metadata for the IdP that we should send the request to
      relayState - the RelayState to include (may be null)
      context - the generator context (may be null)
      Returns:
      a request object
      Throws:
      RequestGenerationException - for errors during request generation

    • addScoping

      protected void addScoping(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata) throws RequestGenerationException
      Method that adds the Scoping element to the AuthnRequest being built.

      The default implementation does nothing.

      Parameters:
      builder - the builder
      context - the generator context
      idpMetadata - the IdP metadata
      Throws:
      RequestGenerationException - for generation errors

    • addExtensions

      protected void addExtensions(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata) throws RequestGenerationException
      Method that adds the Extensions element to the AuthnRequest being built.

      The default implementation does nothing.

      Parameters:
      builder - the builder
      context - the generator context
      idpMetadata - the IdP metadata
      Throws:
      RequestGenerationException - for generation errors

    • getAssuranceCertificationUris

      protected List<String> getAssuranceCertificationUris(org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata, AuthnRequestGeneratorContext context) throws RequestGenerationException
      Gets the assurance certification URI:s for the IdP metadata.

      The default implementation returns all URI:s found in the metadata.

      Parameters:
      idpMetadata - the IdP metadata
      context - the context
      Returns:
      a list of URI:s
      Throws:
      RequestGenerationException - for errors

    • getSpEntityID

      public String getSpEntityID()
      Gets the entityID for the service provider that this generator services.
      Specified by:
      getSpEntityID in interface AuthnRequestGenerator
      Returns:
      the SP entityID

    • getSignCredential

      public org.opensaml.security.x509.X509Credential getSignCredential()
      Gets the signing credential to be used when signing the AuthnRequest messages.
      Specified by:
      getSignCredential in interface AuthnRequestGenerator
      Returns:
      the signing credential, or null if no signing should be performed

    • getSpMetadata

      protected abstract org.opensaml.saml.saml2.metadata.EntityDescriptor getSpMetadata()
      Gets the metadata for the SP that this generator services.
      Returns:
      the SP metadata, or null if no metadata is found

    • getIdpMetadata

      protected org.opensaml.saml.saml2.metadata.EntityDescriptor getIdpMetadata(String idpEntityID)
      Gets the IdP metadata for the given entityID.
      Parameters:
      idpEntityID - the entityID for the IdP
      Returns:
      the metadata or null if no metadata could be found

    • buildRequestHttpObject

      protected RequestHttpObject<org.opensaml.saml.saml2.core.AuthnRequest> buildRequestHttpObject(org.opensaml.saml.saml2.core.AuthnRequest request, String relayState, AuthnRequestGeneratorContext context, String binding, String destination, org.opensaml.saml.saml2.metadata.EntityDescriptor recipientMetadata) throws RequestGenerationException
      Builds a request HTTP object (including signing).
      Parameters:
      request - the actual request
      relayState - the RelayState (may be null)
      context - the request generation context
      binding - the binding to use
      destination - the destination URL
      recipientMetadata - the recipient metadata
      Returns:
      a request HTTP object
      Throws:
      RequestGenerationException - for errors during signing or encoding

    • getPossibleAssertionConsumerServices

      protected List<org.opensaml.saml.saml2.metadata.AssertionConsumerService> getPossibleAssertionConsumerServices(boolean hokActive)
      Extracts all possible SP AssertionConsumerService endpoints.
      Parameters:
      hokActive - a flag that tells whether HoK is active or not
      Returns:
      a list of possible endpoints

    • getBinding

      protected String getBinding(org.opensaml.saml.saml2.metadata.SingleSignOnService sso)
      Utility method that, given a SingleSignOnService, gets the binding URI (redirect/post).
      Parameters:
      sso - the SingleSignOnService
      Returns:
      the binding URI

    • getSingleSignOnService

      protected org.opensaml.saml.saml2.metadata.SingleSignOnService getSingleSignOnService(org.opensaml.saml.saml2.metadata.EntityDescriptor idp, AuthnRequestGeneratorContext context) throws RequestGenerationException
      Returns the SingleSignOnService element to use when sending the request to the IdP. The preferred binding will be searched for first, and if this is not found, another binding that we support will be used.
      Parameters:
      idp - the IdP metadata
      context - context for generating
      Returns:
      a SingleSignOnService object
      Throws:
      RequestGenerationException - if not valid endpoint can be found