import javax.servlet.http.HttpServletRequest;
import org.opensaml.common.IdentifierGenerator;
+import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
import org.opensaml.saml1.core.NameIdentifier;
*/
protected void encodeResponse(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
try {
- SAMLMessageEncoder encoder = null;
-
- Endpoint endpoint = requestContext.getPeerEntityEndpoint();
- if (endpoint == null) {
- log.warn("No peer endpoint available for peer. Unable to send response.");
- throw new ProfileException("No peer endpoint available for peer. Unable to send response.");
- }
-
- if (endpoint != null) {
- encoder = getMessageEncoders().get(endpoint.getBinding());
- if (encoder == null) {
- log.error("No outbound message encoder configured for binding: {}", requestContext
- .getPeerEntityEndpoint().getBinding());
- throw new ProfileException("No outbound message encoder configured for binding: "
- + requestContext.getPeerEntityEndpoint().getBinding());
- }
- }
+ SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
AbstractSAMLProfileConfiguration profileConfig = (AbstractSAMLProfileConfiguration) requestContext
.getProfileConfiguration();
}
/**
+ * Get the outbound message encoder to use.
+ *
+ * <p>The default implementation uses the binding URI from the
+ * {@link SAMLMessageContext#getPeerEntityEndpoint()} to lookup
+ * the encoder from the supported message encoders defined in {@link #getMessageEncoders()}.
+ * </p>
+ *
+ * <p>
+ * Subclasses may override to implement a different mechanism to determine the
+ * encoder to use, such as for example cases where an active intermediary actor
+ * sits between this provider and the peer entity endpoint (e.g. the SAML 2 ECP case).
+ * </p>
+ *
+ * @param requestContext current request context
+ * @return the message encoder to use
+ * @throws ProfileException if the encoder to use can not be resolved based on the request context
+ */
+ protected SAMLMessageEncoder getOutboundMessageEncoder(BaseSAMLProfileRequestContext requestContext)
+ throws ProfileException {
+ SAMLMessageEncoder encoder = null;
+
+ Endpoint endpoint = requestContext.getPeerEntityEndpoint();
+ if (endpoint == null) {
+ log.warn("No peer endpoint available for peer. Unable to send response.");
+ throw new ProfileException("No peer endpoint available for peer. Unable to send response.");
+ }
+
+ if (endpoint != null) {
+ encoder = getMessageEncoders().get(endpoint.getBinding());
+ if (encoder == null) {
+ log.error("No outbound message encoder configured for binding: {}", requestContext
+ .getPeerEntityEndpoint().getBinding());
+ throw new ProfileException("No outbound message encoder configured for binding: "
+ + requestContext.getPeerEntityEndpoint().getBinding());
+ }
+ }
+ return encoder;
+ }
+
+ /**
* Writes an audit log entry indicating the successful response to the attribute request.
*
* @param context current request context
signAssertion(requestContext, assertion);
- SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+ SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
try {
if (requestContext.getProfileConfiguration().getEncryptAssertion() == CryptoOperationRequirementLevel.always
|| (requestContext.getProfileConfiguration().getEncryptAssertion() == CryptoOperationRequirementLevel.conditional && !encoder
boolean signAssertion = false;
- SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+ SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
AbstractSAML2ProfileConfiguration profileConfig = requestContext.getProfileConfiguration();
try {
if (profileConfig.getSignAssertions() == CryptoOperationRequirementLevel.always
}
}
- SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+ SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
try {
if (nameIdEncRequiredByAuthnRequest
|| requestContext.getProfileConfiguration().getEncryptNameID() == CryptoOperationRequirementLevel.always