src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java

   1 /*
   2  * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package edu.internet2.middleware.shibboleth.idp.profile.saml2;
  18
  19 import java.io.IOException;
  20 import java.util.ArrayList;
  21 import java.util.List;
  22
  23 import javax.servlet.RequestDispatcher;
  24 import javax.servlet.ServletException;
  25 import javax.servlet.ServletRequest;
  26 import javax.servlet.ServletResponse;
  27 import javax.servlet.http.HttpServletRequest;
  28 import javax.servlet.http.HttpSession;
  29
  30 import org.apache.log4j.Logger;
  31 import org.opensaml.common.SAMLObjectBuilder;
  32 import org.opensaml.common.binding.BindingException;
  33 import org.opensaml.common.binding.decoding.MessageDecoder;
  34 import org.opensaml.common.binding.encoding.MessageEncoder;
  35 import org.opensaml.common.binding.security.SAMLSecurityPolicy;
  36 import org.opensaml.common.xml.SAMLConstants;
  37 import org.opensaml.saml2.binding.AuthnResponseEndpointSelector;
  38 import org.opensaml.saml2.core.AuthnContext;
  39 import org.opensaml.saml2.core.AuthnContextClassRef;
  40 import org.opensaml.saml2.core.AuthnContextDeclRef;
  41 import org.opensaml.saml2.core.AuthnRequest;
  42 import org.opensaml.saml2.core.AuthnStatement;
  43 import org.opensaml.saml2.core.RequestedAuthnContext;
  44 import org.opensaml.saml2.core.Response;
  45 import org.opensaml.saml2.core.Statement;
  46 import org.opensaml.saml2.core.StatusCode;
  47 import org.opensaml.saml2.core.SubjectLocality;
  48 import org.opensaml.saml2.metadata.AssertionConsumerService;
  49 import org.opensaml.saml2.metadata.Endpoint;
  50 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
  51 import org.opensaml.ws.security.SecurityPolicyException;
  52 import org.opensaml.xml.io.MarshallingException;
  53 import org.opensaml.xml.io.UnmarshallingException;
  54
  55 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
  56 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
  57 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
  58 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
  59 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration;
  60 import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
  61 import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
  62 import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
  63
  64 /** SAML 2.0 SSO request profile handler. */
  65 public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
  66
  67     /** Class logger. */
  68     private final Logger log = Logger.getLogger(SSOProfileHandler.class);
  69
  70     /** Builder of AuthnStatement objects. */
  71     private SAMLObjectBuilder<AuthnStatement> authnStatementBuilder;
  72
  73     /** Builder of AuthnContext objects. */
  74     private SAMLObjectBuilder<AuthnContext> authnContextBuilder;
  75
  76     /** Builder of AuthnContextClassRef objects. */
  77     private SAMLObjectBuilder<AuthnContextClassRef> authnContextClassRefBuilder;
  78
  79     /** Builder of AuthnContextDeclRef objects. */
  80     private SAMLObjectBuilder<AuthnContextDeclRef> authnContextDeclRefBuilder;
  81
  82     /** Builder of SubjectLocality objects. */
  83     private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
  84
  85     /** URL of the authentication manager servlet. */
  86     private String authenticationManagerPath;
  87
  88     /** URI of SAML 2 bindings supported for outgoing messaged encoding. */
  89     private ArrayList<String> supportedOutgoingBindings;
  90
  91     /** URI of request decoder. */
  92     private String decodingBinding;
  93
  94     /**
  95      * Constructor.
  96      *
  97      * @param authnManagerPath path to the authentication manager servlet
  98      * @param outgoingBindings URIs of SAML 2 bindings supported for outgoing message encoding
  99      * @param decoder URI of the request decoder to use
 100      */
 101     @SuppressWarnings("unchecked")
 102     public SSOProfileHandler(String authnManagerPath, List<String> outgoingBindings, String decoder) {
 103         super();
 104
 105         if (authnManagerPath == null || decoder == null) {
 106             throw new IllegalArgumentException("AuthN manager path or decoding bindings URI may not be null");
 107         }
 108         authenticationManagerPath = authnManagerPath;
 109
 110         if(outgoingBindings == null || outgoingBindings.isEmpty()){
 111             throw new IllegalArgumentException("List of supported outgoing bindings may not be empty");
 112         }
 113         supportedOutgoingBindings = new ArrayList<String>(outgoingBindings);
 114
 115         decodingBinding = decoder;
 116
 117         authnStatementBuilder = (SAMLObjectBuilder<AuthnStatement>) getBuilderFactory().getBuilder(
 118                 AuthnStatement.DEFAULT_ELEMENT_NAME);
 119         authnContextBuilder = (SAMLObjectBuilder<AuthnContext>) getBuilderFactory().getBuilder(
 120                 AuthnContext.DEFAULT_ELEMENT_NAME);
 121         authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) getBuilderFactory().getBuilder(
 122                 AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
 123         authnContextDeclRefBuilder = (SAMLObjectBuilder<AuthnContextDeclRef>) getBuilderFactory().getBuilder(
 124                 AuthnContextDeclRef.DEFAULT_ELEMENT_NAME);
 125         subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
 126                 SubjectLocality.DEFAULT_ELEMENT_NAME);
 127     }
 128
 129     /** {@inheritDoc} */
 130     public String getProfileId() {
 131         return "urn:mace:shibboleth:2.0:idp:profiles:saml2:request:sso";
 132     }
 133
 134     /** {@inheritDoc} */
 135     public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response)
 136             throws ProfileException {
 137
 138         HttpSession httpSession = ((HttpServletRequest) request.getRawRequest()).getSession(true);
 139         if (httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY) == null) {
 140             performAuthentication(request, response);
 141         } else {
 142             completeAuthenticationRequest(request, response);
 143         }
 144     }
 145
 146     /**
 147      * Creates a {@link Saml2LoginContext} an sends the request off to the AuthenticationManager to begin the process of
 148      * authenticating the user.
 149      *
 150      * @param request current request
 151      * @param response current response
 152      *
 153      * @throws ProfileException thrown if there is a problem creating the login context and transferring control to the
 154      *             authentication manager
 155      */
 156     protected void performAuthentication(ProfileRequest<ServletRequest> request,
 157             ProfileResponse<ServletResponse> response) throws ProfileException {
 158         HttpServletRequest httpRequest = (HttpServletRequest) request.getRawRequest();
 159
 160         AuthnRequest authnRequest = null;
 161         try {
 162             MessageDecoder<ServletRequest> decoder = decodeRequest(request);
 163             SAMLSecurityPolicy securityPolicy = decoder.getSecurityPolicy();
 164
 165             String relyingParty = securityPolicy.getIssuer();
 166             RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingParty);
 167             if (rpConfig == null) {
 168                 log.error("No relying party configuration for " + relyingParty);
 169                 throw new ProfileException("No relying party configuration for " + relyingParty);
 170             }
 171
 172             authnRequest = (AuthnRequest) decoder.getSAMLMessage();
 173
 174             Saml2LoginContext loginContext = new Saml2LoginContext(relyingParty, decoder.getRelayState(), authnRequest);
 175             loginContext.setAuthenticationEngineURL(authenticationManagerPath);
 176             loginContext.setProfileHandlerURL(HttpHelper.getRequestUriWithoutContext(httpRequest));
 177             if (loginContext.getRequestedAuthenticationMethods().size() == 0) {
 178                 loginContext.getRequestedAuthenticationMethods().add(rpConfig.getDefaultAuthenticationMethod());
 179             }
 180
 181             HttpSession httpSession = httpRequest.getSession();
 182             httpSession.setAttribute(Saml2LoginContext.LOGIN_CONTEXT_KEY, loginContext);
 183             RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(authenticationManagerPath);
 184             dispatcher.forward(httpRequest, response.getRawResponse());
 185         } catch (MarshallingException e) {
 186             log.error("Unable to marshall authentication request context");
 187             throw new ProfileException("Unable to marshall authentication request context", e);
 188         } catch (IOException ex) {
 189             log.error("Error forwarding SAML 2 AuthnRequest " + authnRequest.getID() + " to AuthenticationManager", ex);
 190             throw new ProfileException("Error forwarding SAML 2 AuthnRequest " + authnRequest.getID()
 191                     + " to AuthenticationManager", ex);
 192         } catch (ServletException ex) {
 193             log.error("Error forwarding SAML 2 AuthnRequest " + authnRequest.getID() + " to AuthenticationManager", ex);
 194             throw new ProfileException("Error forwarding SAML 2 AuthnRequest " + authnRequest.getID()
 195                     + " to AuthenticationManager", ex);
 196         }
 197     }
 198
 199     /**
 200      * Creates a response to the {@link AuthnRequest} and sends the user, with response in tow, back to the relying
 201      * party after they've been authenticated.
 202      *
 203      * @param request current request
 204      * @param response current response
 205      *
 206      * @throws ProfileException thrown if the response can not be created and sent back to the relying party
 207      */
 208     protected void completeAuthenticationRequest(ProfileRequest<ServletRequest> request,
 209             ProfileResponse<ServletResponse> response) throws ProfileException {
 210
 211         HttpSession httpSession = ((HttpServletRequest) request.getRawRequest()).getSession(true);
 212
 213         Saml2LoginContext loginContext = (Saml2LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
 214         httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
 215
 216         SSORequestContext requestContext = buildRequestContext(loginContext, request, response);
 217
 218         checkSamlVersion(requestContext);
 219
 220         Response samlResponse;
 221         try {
 222             if (loginContext.getPrincipalName() == null) {
 223                 log.error("User's login context did not contain a principal, user considered unauthenticiated.");
 224                 requestContext
 225                         .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI, null));
 226                 throw new ProfileException("User failed authentication");
 227             }
 228
 229             resolveAttributes(requestContext);
 230
 231             ArrayList<Statement> statements = new ArrayList<Statement>();
 232             statements.add(buildAuthnStatement(requestContext));
 233             if(requestContext.getProfileConfiguration().includeAttributeStatement()){
 234                 statements.add(buildAttributeStatement(requestContext));
 235             }
 236
 237             samlResponse = buildResponse(requestContext, "urn:oasis:names:tc:SAML:2.0:cm:bearer", statements);
 238         } catch (ProfileException e) {
 239             samlResponse = buildErrorResponse(requestContext);
 240         }
 241
 242         requestContext.setSamlResponse(samlResponse);
 243         encodeResponse(requestContext);
 244         writeAuditLogEntry(requestContext);
 245     }
 246
 247     /**
 248      * Creates an appropriate message decoder, populates it, and decodes the incoming request.
 249      *
 250      * @param request current request
 251      *
 252      * @return message decoder containing the decoded message and other stateful information
 253      *
 254      * @throws ProfileException thrown if the incomming message failed decoding
 255      */
 256     protected MessageDecoder<ServletRequest> decodeRequest(ProfileRequest<ServletRequest> request)
 257             throws ProfileException {
 258         if(log.isDebugEnabled()){
 259             log.debug("Decoding message with decoder binding " + decodingBinding);
 260         }
 261         MessageDecoder<ServletRequest> decoder = getMessageDecoderFactory().getMessageDecoder(decodingBinding);
 262         if (decoder == null) {
 263             log.error("No request decoder was registered for binding type: " + decodingBinding);
 264             throw new ProfileException("No request decoder was registered for binding type: " + decodingBinding);
 265         }
 266
 267         populateMessageDecoder(decoder);
 268         decoder.setRequest(request.getRawRequest());
 269         try {
 270             decoder.decode();
 271             return decoder;
 272         } catch (BindingException e) {
 273             log.error("Error decoding authentication request message", e);
 274             throw new ProfileException("Error decoding authentication request message", e);
 275         } catch (SecurityPolicyException e) {
 276             log.error("Message did not meet security policy requirements", e);
 277             throw new ProfileException("Message did not meet security policy requirements", e);
 278         }
 279     }
 280
 281     /**
 282      * Creates an authentication request context from the current environmental information.
 283      *
 284      * @param loginContext current login context
 285      * @param request current request
 286      * @param response current response
 287      *
 288      * @return created authentication request context
 289      *
 290      * @throws ProfileException thrown if there is a problem creating the context
 291      */
 292     protected SSORequestContext buildRequestContext(Saml2LoginContext loginContext,
 293             ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response) throws ProfileException {
 294         SSORequestContext requestContext = new SSORequestContext(request, response);
 295
 296         try {
 297             requestContext.setMessageDecoder(decodingBinding);
 298
 299             requestContext.setRelayState(loginContext.getRelayState());
 300
 301             requestContext.setLoginContext(loginContext);
 302
 303             String relyingPartyId = loginContext.getRelyingPartyId();
 304             AuthnRequest authnRequest = loginContext.getAuthenticationRequest();
 305
 306             requestContext.setRelyingPartyId(relyingPartyId);
 307
 308             requestContext.setRelyingPartyMetadata(getMetadataProvider().getEntityDescriptor(relyingPartyId));
 309
 310             requestContext.setRelyingPartyRoleMetadata(requestContext.getRelyingPartyMetadata().getSPSSODescriptor(
 311                     SAMLConstants.SAML20P_NS));
 312
 313             RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
 314             requestContext.setRelyingPartyConfiguration(rpConfig);
 315
 316             requestContext.setAssertingPartyId(requestContext.getRelyingPartyConfiguration().getProviderId());
 317
 318             requestContext.setAssertingPartyMetadata(getMetadataProvider().getEntityDescriptor(
 319                     requestContext.getAssertingPartyId()));
 320
 321             requestContext.setAssertingPartyRoleMetadata(requestContext.getRelyingPartyMetadata().getIDPSSODescriptor(
 322                     SAMLConstants.SAML20P_NS));
 323
 324             requestContext.setPrincipalName(loginContext.getPrincipalName());
 325
 326             requestContext.setProfileConfiguration((SSOConfiguration) rpConfig
 327                     .getProfileConfiguration(SSOConfiguration.PROFILE_ID));
 328
 329             requestContext.setSamlRequest(authnRequest);
 330
 331             selectEndpoint(requestContext);
 332
 333             return requestContext;
 334         } catch (UnmarshallingException e) {
 335             log.error("Unable to unmarshall authentication request context");
 336             requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
 337                     "Error recovering request state"));
 338             throw new ProfileException("Error recovering request state", e);
 339         } catch (MetadataProviderException e) {
 340             log.error("Unable to locate metadata for asserting or relying party");
 341             requestContext
 342                     .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error locating party metadata"));
 343             throw new ProfileException("Error locating party metadata");
 344         }
 345     }
 346
 347     /**
 348      * Creates an authentication statement for the current request.
 349      *
 350      * @param requestContext current request context
 351      *
 352      * @return constructed authentication statement
 353      */
 354     protected AuthnStatement buildAuthnStatement(SSORequestContext requestContext) {
 355         Saml2LoginContext loginContext = requestContext.getLoginContext();
 356
 357         AuthnContext authnContext = buildAuthnContext(requestContext);
 358
 359         AuthnStatement statement = authnStatementBuilder.buildObject();
 360         statement.setAuthnContext(authnContext);
 361         statement.setAuthnInstant(loginContext.getAuthenticationInstant());
 362
 363         // TODO
 364         statement.setSessionIndex(null);
 365
 366         if (loginContext.getAuthenticationDuration() > 0) {
 367             statement.setSessionNotOnOrAfter(loginContext.getAuthenticationInstant().plus(
 368                     loginContext.getAuthenticationDuration()));
 369         }
 370
 371         statement.setSubjectLocality(buildSubjectLocality(requestContext));
 372
 373         return statement;
 374     }
 375
 376     /**
 377      * Creates an {@link AuthnContext} for a succesful authentication request.
 378      *
 379      * @param requestContext current request
 380      *
 381      * @return the built authn context
 382      */
 383     protected AuthnContext buildAuthnContext(SSORequestContext requestContext) {
 384         AuthnContext authnContext = authnContextBuilder.buildObject();
 385
 386         Saml2LoginContext loginContext = requestContext.getLoginContext();
 387         AuthnRequest authnRequest = requestContext.getSamlRequest();
 388         RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
 389         if (requestedAuthnContext != null) {
 390             if (requestedAuthnContext.getAuthnContextClassRefs() != null) {
 391                 for (AuthnContextClassRef classRef : requestedAuthnContext.getAuthnContextClassRefs()) {
 392                     if (classRef.getAuthnContextClassRef().equals(loginContext.getAuthenticationMethod())) {
 393                         AuthnContextClassRef ref = authnContextClassRefBuilder.buildObject();
 394                         ref.setAuthnContextClassRef(loginContext.getAuthenticationMethod());
 395                         authnContext.setAuthnContextClassRef(ref);
 396                     }
 397                 }
 398             } else if (requestedAuthnContext.getAuthnContextDeclRefs() != null) {
 399                 for (AuthnContextDeclRef declRef : requestedAuthnContext.getAuthnContextDeclRefs()) {
 400                     if (declRef.getAuthnContextDeclRef().equals(loginContext.getAuthenticationMethod())) {
 401                         AuthnContextDeclRef ref = authnContextDeclRefBuilder.buildObject();
 402                         ref.setAuthnContextDeclRef(loginContext.getAuthenticationMethod());
 403                         authnContext.setAuthnContextDeclRef(ref);
 404                     }
 405                 }
 406             }
 407         } else {
 408             AuthnContextDeclRef ref = authnContextDeclRefBuilder.buildObject();
 409             ref.setAuthnContextDeclRef(loginContext.getAuthenticationMethod());
 410             authnContext.setAuthnContextDeclRef(ref);
 411         }
 412
 413         return authnContext;
 414     }
 415
 416     /**
 417      * Constructs the subject locality for the authentication statement.
 418      *
 419      * @param requestContext curent request context
 420      *
 421      * @return subject locality for the authentication statement
 422      */
 423     protected SubjectLocality buildSubjectLocality(SSORequestContext requestContext) {
 424         SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
 425
 426         HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getProfileRequest().getRawRequest();
 427         subjectLocality.setAddress(httpRequest.getRemoteAddr());
 428         subjectLocality.setDNSName(httpRequest.getRemoteHost());
 429
 430         return subjectLocality;
 431     }
 432
 433     /**
 434      * Selects the appropriate endpoint for the relying party and stores it in the request context.
 435      *
 436      * @param requestContext current request context
 437      */
 438     protected void selectEndpoint(SSORequestContext requestContext){
 439         AuthnResponseEndpointSelector endpointSelector = new AuthnResponseEndpointSelector();
 440         endpointSelector.setEndpointType(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
 441         endpointSelector.setMetadataProvider(getMetadataProvider());
 442         endpointSelector.setRelyingParty(requestContext.getRelyingPartyMetadata());
 443         endpointSelector.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
 444         endpointSelector.setSamlRequest(requestContext.getSamlRequest());
 445         endpointSelector.getSupportedIssuerBindings().addAll(supportedOutgoingBindings);
 446         requestContext.setRelyingPartyEndpoint(endpointSelector.selectEndpoint());
 447     }
 448
 449     /**
 450      * Encodes the request's SAML response and writes it to the servlet response.
 451      *
 452      * @param requestContext current request context
 453      *
 454      * @throws ProfileException thrown if no message encoder is registered for this profiles binding
 455      */
 456     protected void encodeResponse(SSORequestContext requestContext) throws ProfileException {
 457         if (log.isDebugEnabled()) {
 458             log.debug("Encoding response to SAML request " + requestContext.getSamlRequest().getID()
 459                     + " from relying party " + requestContext.getRelyingPartyId());
 460         }
 461
 462         Endpoint relyingPartyEndpoint = requestContext.getRelyingPartyEndpoint();
 463         MessageEncoder<ServletResponse> encoder = getMessageEncoderFactory().getMessageEncoder(
 464                 relyingPartyEndpoint.getBinding());
 465         if (encoder == null) {
 466             log.error("No response encoder was registered for binding type: " + relyingPartyEndpoint.getBinding());
 467             throw new ProfileException("No response encoder was registered for binding type: "
 468                     + relyingPartyEndpoint.getBinding());
 469         }
 470
 471         super.populateMessageEncoder(encoder);
 472         encoder.setIssuer(requestContext.getAssertingPartyId());
 473         encoder.setRelayState(requestContext.getRelayState());
 474         encoder.setRelyingParty(requestContext.getRelyingPartyMetadata());
 475         encoder.setRelyingPartyEndpoint(relyingPartyEndpoint);
 476         encoder.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
 477         ProfileResponse<ServletResponse> profileResponse = requestContext.getProfileResponse();
 478         encoder.setResponse(profileResponse.getRawResponse());
 479         encoder.setSamlMessage(requestContext.getSamlResponse());
 480         requestContext.setMessageEncoder(encoder.getBindingURI());
 481
 482         try {
 483             encoder.encode();
 484         } catch (BindingException e) {
 485             throw new ProfileException("Unable to encode response to relying party: "
 486                     + requestContext.getRelyingPartyId(), e);
 487         }
 488     }
 489
 490     /** Represents the internal state of a SAML 2.0 SSO Request while it's being processed by the IdP. */
 491     protected class SSORequestContext extends SAML2ProfileRequestContext<AuthnRequest, Response, SSOConfiguration> {
 492
 493         /** Current login context. */
 494         private Saml2LoginContext loginContext;
 495
 496         /**
 497          * Constructor.
 498          *
 499          * @param request current profile request
 500          * @param response current profile response
 501          */
 502         public SSORequestContext(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response) {
 503             super(request, response);
 504         }
 505
 506         /**
 507          * Gets the current login context.
 508          *
 509          * @return current login context
 510          */
 511         public Saml2LoginContext getLoginContext() {
 512             return loginContext;
 513         }
 514
 515         /**
 516          * Sets the current login context.
 517          *
 518          * @param context current login context
 519          */
 520         public void setLoginContext(Saml2LoginContext context) {
 521             loginContext = context;
 522         }
 523     }
 524 }