Class AbstractAuthnRequestGenerator
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.request.AbstractAuthnRequestGenerator
- All Implemented Interfaces:
net.shibboleth.shared.component.Component
,net.shibboleth.shared.component.DestructableComponent
,net.shibboleth.shared.component.InitializableComponent
,AuthnRequestGenerator
- Direct Known Subclasses:
DefaultAuthnRequestGenerator
public abstract class AbstractAuthnRequestGenerator
extends net.shibboleth.shared.component.AbstractInitializableComponent
implements AuthnRequestGenerator
Abstract base class for generating AuthnRequest messages.
- Author:
- Martin Lindström (martin@idsec.se)
-
Constructor Summary
ConstructorDescriptionAbstractAuthnRequestGenerator
(String spEntityID, org.opensaml.security.x509.X509Credential signCredential) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
addExtensions
(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata) Method that adds theExtensions
element to theAuthnRequest
being built.protected void
addScoping
(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata) Method that adds theScoping
element to theAuthnRequest
being built.protected RequestHttpObject
<org.opensaml.saml.saml2.core.AuthnRequest> buildRequestHttpObject
(org.opensaml.saml.saml2.core.AuthnRequest request, String relayState, AuthnRequestGeneratorContext context, String binding, String destination, org.opensaml.saml.saml2.metadata.EntityDescriptor recipientMetadata) Builds a request HTTP object (including signing).protected void
RequestHttpObject
<org.opensaml.saml.saml2.core.AuthnRequest> generateAuthnRequest
(String idpEntityID, String relayState, AuthnRequestGeneratorContext context) Generates a SAML authentication request message.RequestHttpObject
<org.opensaml.saml.saml2.core.AuthnRequest> generateAuthnRequest
(org.opensaml.saml.saml2.metadata.EntityDescriptor idp, String relayState, AuthnRequestGeneratorContext context) Generates a SAML authentication request message.getAssuranceCertificationUris
(org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata, AuthnRequestGeneratorContext context) Gets the assurance certification URI:s for the IdP metadata.protected String
getBinding
(org.opensaml.saml.saml2.metadata.SingleSignOnService sso) Utility method that, given aSingleSignOnService
, gets the binding URI (redirect/post).protected org.opensaml.saml.saml2.metadata.EntityDescriptor
getIdpMetadata
(String idpEntityID) Gets the IdP metadata for the given entityID.protected List
<org.opensaml.saml.saml2.metadata.AssertionConsumerService> getPossibleAssertionConsumerServices
(boolean hokActive) Extracts all possible SP AssertionConsumerService endpoints.org.opensaml.security.x509.X509Credential
Gets the signing credential to be used when signing theAuthnRequest
messages.protected org.opensaml.saml.saml2.metadata.SingleSignOnService
getSingleSignOnService
(org.opensaml.saml.saml2.metadata.EntityDescriptor idp, AuthnRequestGeneratorContext context) Returns theSingleSignOnService
element to use when sending the request to the IdP.Gets the entityID for the service provider that this generator services.protected abstract org.opensaml.saml.saml2.metadata.EntityDescriptor
Gets the metadata for the SP that this generator services.Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized
-
Constructor Details
-
AbstractAuthnRequestGenerator
public AbstractAuthnRequestGenerator(String spEntityID, org.opensaml.security.x509.X509Credential signCredential) Constructor.- Parameters:
spEntityID
- the SP entityIDsignCredential
- the signing credential
-
-
Method Details
-
doInitialize
protected void doInitialize() throws net.shibboleth.shared.component.ComponentInitializationException- Overrides:
doInitialize
in classnet.shibboleth.shared.component.AbstractInitializableComponent
- Throws:
net.shibboleth.shared.component.ComponentInitializationException
-
generateAuthnRequest
public RequestHttpObject<org.opensaml.saml.saml2.core.AuthnRequest> generateAuthnRequest(String idpEntityID, String relayState, AuthnRequestGeneratorContext context) throws RequestGenerationException Generates a SAML authentication request message.- Specified by:
generateAuthnRequest
in interfaceAuthnRequestGenerator
- Parameters:
idpEntityID
- the entityID of the IdP that we should send the request torelayState
- the RelayState to include (may be null)context
- the generator context (may be null)- Returns:
- a request object
- Throws:
RequestGenerationException
- for errors during request generation
-
generateAuthnRequest
public RequestHttpObject<org.opensaml.saml.saml2.core.AuthnRequest> generateAuthnRequest(org.opensaml.saml.saml2.metadata.EntityDescriptor idp, String relayState, AuthnRequestGeneratorContext context) throws RequestGenerationException Generates a SAML authentication request message.- Specified by:
generateAuthnRequest
in interfaceAuthnRequestGenerator
- Parameters:
idp
- the metadata for the IdP that we should send the request torelayState
- the RelayState to include (may be null)context
- the generator context (may be null)- Returns:
- a request object
- Throws:
RequestGenerationException
- for errors during request generation
-
addScoping
protected void addScoping(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata) throws RequestGenerationException Method that adds theScoping
element to theAuthnRequest
being built.The default implementation does nothing.
- Parameters:
builder
- the buildercontext
- the generator contextidpMetadata
- the IdP metadata- Throws:
RequestGenerationException
- for generation errors
-
addExtensions
protected void addExtensions(AuthnRequestBuilder builder, AuthnRequestGeneratorContext context, org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata) throws RequestGenerationException Method that adds theExtensions
element to theAuthnRequest
being built.The default implementation does nothing.
- Parameters:
builder
- the buildercontext
- the generator contextidpMetadata
- the IdP metadata- Throws:
RequestGenerationException
- for generation errors
-
getAssuranceCertificationUris
protected List<String> getAssuranceCertificationUris(org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata, AuthnRequestGeneratorContext context) throws RequestGenerationException Gets the assurance certification URI:s for the IdP metadata.The default implementation returns all URI:s found in the metadata.
- Parameters:
idpMetadata
- the IdP metadatacontext
- the context- Returns:
- a list of URI:s
- Throws:
RequestGenerationException
- for errors
-
getSpEntityID
Gets the entityID for the service provider that this generator services.- Specified by:
getSpEntityID
in interfaceAuthnRequestGenerator
- Returns:
- the SP entityID
-
getSignCredential
public org.opensaml.security.x509.X509Credential getSignCredential()Gets the signing credential to be used when signing theAuthnRequest
messages.- Specified by:
getSignCredential
in interfaceAuthnRequestGenerator
- Returns:
- the signing credential, or null if no signing should be performed
-
getSpMetadata
protected abstract org.opensaml.saml.saml2.metadata.EntityDescriptor getSpMetadata()Gets the metadata for the SP that this generator services.- Returns:
- the SP metadata, or null if no metadata is found
-
getIdpMetadata
Gets the IdP metadata for the given entityID.- Parameters:
idpEntityID
- the entityID for the IdP- Returns:
- the metadata or null if no metadata could be found
-
buildRequestHttpObject
protected RequestHttpObject<org.opensaml.saml.saml2.core.AuthnRequest> buildRequestHttpObject(org.opensaml.saml.saml2.core.AuthnRequest request, String relayState, AuthnRequestGeneratorContext context, String binding, String destination, org.opensaml.saml.saml2.metadata.EntityDescriptor recipientMetadata) throws RequestGenerationException Builds a request HTTP object (including signing).- Parameters:
request
- the actual requestrelayState
- the RelayState (may be null)context
- the request generation contextbinding
- the binding to usedestination
- the destination URLrecipientMetadata
- the recipient metadata- Returns:
- a request HTTP object
- Throws:
RequestGenerationException
- for errors during signing or encoding
-
getPossibleAssertionConsumerServices
protected List<org.opensaml.saml.saml2.metadata.AssertionConsumerService> getPossibleAssertionConsumerServices(boolean hokActive) Extracts all possible SP AssertionConsumerService endpoints.- Parameters:
hokActive
- a flag that tells whether HoK is active or not- Returns:
- a list of possible endpoints
-
getBinding
Utility method that, given aSingleSignOnService
, gets the binding URI (redirect/post).- Parameters:
sso
- the SingleSignOnService- Returns:
- the binding URI
-
getSingleSignOnService
protected org.opensaml.saml.saml2.metadata.SingleSignOnService getSingleSignOnService(org.opensaml.saml.saml2.metadata.EntityDescriptor idp, AuthnRequestGeneratorContext context) throws RequestGenerationException Returns theSingleSignOnService
element to use when sending the request to the IdP. The preferred binding will be searched for first, and if this is not found, another binding that we support will be used.- Parameters:
idp
- the IdP metadatacontext
- context for generating- Returns:
- a SingleSignOnService object
- Throws:
RequestGenerationException
- if not valid endpoint can be found
-