</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
+ <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
+ <xsd:annotation>
+ <xsd:documentation>
+ An ordered list of outbound bindings supported by this profile handler. The order
+ provided establishs the precedence given the bindings such that, from the left to right,
+ the first binding also supported by the relying party will be used.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:anyURI"/>
+ </xsd:simpleType>
+ </xsd:attribute>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
+ <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:1.0:profiles:browser-post">
+ <xsd:annotation>
+ <xsd:documentation>
+ An ordered list of outbound bindings supported by this profile handler. The order
+ provided establishs the precedence given the bindings such that, from the left to right,
+ the first binding also supported by the relying party will be used.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:anyURI"/>
+ </xsd:simpleType>
+ </xsd:attribute>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
import edu.internet2.middleware.shibboleth.common.config.BaseSpringNamespaceHandler;
import edu.internet2.middleware.shibboleth.common.config.profile.JSPErrorHandlerBeanDefinitionParser;
import edu.internet2.middleware.shibboleth.common.config.profile.VelocityErrorHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.authn.RemoteUserAuthenticationHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml1.SAML1AttributeQueryProfileHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml1.ShibbolethSSOProfileHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2AttributeQueryProfileHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2SSOProfileHandlerBeanDefinitionParser;
/**
* Spring namespace handler for profile handler configurations.
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+
/**
* Base class for authentication handler definition parsers.
*/
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
import java.util.List;
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
import javax.xml.namespace.QName;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+
/**
* Spring bean definition parser for remote user authentication handlers.
*/
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
import edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthenticationHandler;
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml1;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.AbstractSAMLProfileHandlerBeanDefinitionParser;
+
/**
* Base class for SAML 1 profile handler configuration parsers.
*/
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml1;
import javax.xml.namespace.QName;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.AbstractSAML2ProfileHandlerBeanDefinitionParser;
import edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler;
/**
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml1;
import javax.xml.namespace.QName;
import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
import edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler;
/**
* Spring bean configuration parser for {@link ShibbolethSSOProfileHandler}s.
*/
public class ShibbolethSSOProfileHandlerBeanDefinitionParser extends AbstractSAML1ProfileHandlerBeanDefinitionParser {
-
+
/** Schema type. */
public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ShibbolethSSO");
builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null,
"authenticationManagerPath")));
+
+ builder.addConstructorArg(XMLHelper.getAttributeValueAsList(config.getAttributeNodeNS(null,
+ "outboundBindingEnumeration")));
}
}
\ No newline at end of file
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.AbstractSAMLProfileHandlerBeanDefinitionParser;
+
/**
* Base class for SAML 2 profile handler configuration parsers.
*/
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
import javax.xml.namespace.QName;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
import edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler;
/**
* limitations under the License.
*/
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
import javax.xml.namespace.QName;
import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
import edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler;
/**
builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null,
"authenticationManagerPath")));
+ builder.addConstructorArg(XMLHelper.getAttributeValueAsList(config.getAttributeNodeNS(null,
+ "outboundBindingEnumeration")));
+
builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "decodingBinding")));
builder.addPropertyReference("securityPolicyFactory", DatatypeHelper.safeTrimOrNullString(config
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
+import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
/** URL of the authentication manager servlet. */
private String authenticationManagerPath;
+
+ /** URI of SAML 1 bindings supported for outgoing message encoding. */
+ private ArrayList<String> supportedOutgoingBindings;
/**
* Constructor.
*
* @param authnManagerPath path to the authentication manager servlet
+ * @param outgoingBindings URIs of SAML 1 bindings supported for outgoing message encoding
*
* @throws IllegalArgumentException thrown if either the authentication manager path or encoding binding URI are
* null or empty
*/
- public ShibbolethSSOProfileHandler(String authnManagerPath) {
+ public ShibbolethSSOProfileHandler(String authnManagerPath, List<String> outgoingBindings) {
if (DatatypeHelper.isEmpty(authnManagerPath)) {
throw new IllegalArgumentException("Authentication manager path may not be null");
}
-
authenticationManagerPath = authnManagerPath;
+
+ if(outgoingBindings == null || outgoingBindings.isEmpty()){
+ throw new IllegalArgumentException("List of supported outgoing bindings may not be empty");
+ }
+ supportedOutgoingBindings = new ArrayList<String>(outgoingBindings);
authnStatementBuilder = (SAMLObjectBuilder<AuthenticationStatement>) getBuilderFactory().getBuilder(
AuthenticationStatement.DEFAULT_ELEMENT_NAME);
endpointSelector.setRelyingParty(requestContext.getRelyingPartyMetadata());
endpointSelector.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
endpointSelector.setSamlRequest(requestContext.getSamlRequest());
- endpointSelector.getSupportedIssuerBindings().addAll(getMessageEncoderFactory().getEncoderBuilders().keySet());
+ endpointSelector.getSupportedIssuerBindings().addAll(supportedOutgoingBindings);
relyingPartyEndpoint = endpointSelector.selectEndpoint();
if (relyingPartyEndpoint == null) {
import java.io.IOException;
import java.util.ArrayList;
+import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
/** URL of the authentication manager servlet. */
private String authenticationManagerPath;
+
+ /** URI of SAML 2 bindings supported for outgoing messaged encoding. */
+ private ArrayList<String> supportedOutgoingBindings;
/** URI of request decoder. */
private String decodingBinding;
* Constructor.
*
* @param authnManagerPath path to the authentication manager servlet
+ * @param outgoingBindings URIs of SAML 2 bindings supported for outgoing message encoding
* @param decoder URI of the request decoder to use
*/
@SuppressWarnings("unchecked")
- public SSOProfileHandler(String authnManagerPath, String decoder) {
+ public SSOProfileHandler(String authnManagerPath, List<String> outgoingBindings, String decoder) {
super();
if (authnManagerPath == null || decoder == null) {
throw new IllegalArgumentException("AuthN manager path or decoding bindings URI may not be null");
}
-
authenticationManagerPath = authnManagerPath;
+
+ if(outgoingBindings == null || outgoingBindings.isEmpty()){
+ throw new IllegalArgumentException("List of supported outgoing bindings may not be empty");
+ }
+ supportedOutgoingBindings = new ArrayList<String>(outgoingBindings);
+
decodingBinding = decoder;
authnStatementBuilder = (SAMLObjectBuilder<AuthnStatement>) getBuilderFactory().getBuilder(
endpointSelector.setRelyingParty(requestContext.getRelyingPartyMetadata());
endpointSelector.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
endpointSelector.setSamlRequest(requestContext.getSamlRequest());
- endpointSelector.getSupportedIssuerBindings().addAll(getMessageEncoderFactory().getEncoderBuilders().keySet());
+ endpointSelector.getSupportedIssuerBindings().addAll(supportedOutgoingBindings);
Endpoint relyingPartyEndpoint = endpointSelector.selectEndpoint();
MessageEncoder<ServletResponse> encoder = getMessageEncoderFactory().getMessageEncoder(
projects / java-idp.git / commitdiff