/** {@inheritDoc} */ protected void processChildElement(XMLObject parentElement, XMLObject childElement) throws UnmarshallingException { SSODescriptor descriptor = (SSODescriptor) parentElement; if (childElement instanceof ArtifactResolutionService) { descriptor.getArtifactResolutionServices().add((ArtifactResolutionService) childElement); } else if (childElement instanceof SingleLogoutService) { descriptor.getSingleLogoutServices().add((SingleLogoutService) childElement); } else if (childElement instanceof ManageNameIDService) { descriptor.getManageNameIDServices().add((ManageNameIDService) childElement); } else if (childElement instanceof NameIDFormat) { descriptor.getNameIDFormats().add((NameIDFormat) childElement); } else { super.processChildElement(parentElement, childElement); } } }
/** * Returns Single logout service for given binding of the IDP. * * @param descriptor IDP to search for service in * @param binding binding supported by the service * @return SSO service capable of handling the given binding * @throws MetadataProviderException if the service can't be determined */ public static SingleLogoutService getLogoutServiceForBinding(SSODescriptor descriptor, String binding) throws MetadataProviderException { List<SingleLogoutService> services = descriptor.getSingleLogoutServices(); for (SingleLogoutService service : services) { if (binding.equals(service.getBinding())) { return service; } } log.debug("No binding found for IDP with binding " + binding); throw new MetadataProviderException("Binding " + binding + " is not supported for this IDP"); }
/** * Checks to see if the metadata for the entity supports the required NameID format. * * @param filterContext current filter context * * @return true if the entity supports the required NameID format, false otherwise */ protected boolean isNameIDFormatSupported(ShibbolethFilteringContext filterContext) { SSODescriptor role = getEntitySSODescriptor(filterContext); if (role == null) { log.debug("entity does contain an appropriate SSO role descriptor"); return false; } List<NameIDFormat> supportedFormats = role.getNameIDFormats(); if (supportedFormats == null || supportedFormats.isEmpty()) { log.debug("entity SSO role descriptor does not list any supported NameID formats"); return false; } for (NameIDFormat supportedFormat : supportedFormats) { if (nameIdFormat.equals(supportedFormat.getFormat())) { log.debug("entity does support the NameID format '{}'", nameIdFormat); return true; } } log.debug("entity does not support the NameID format '{}'", nameIdFormat); return false; }
/** * Checks that Response Location of Artifact Resolution Services is omitted. * * @param ssoDescriptor * @throws ValidationException */ protected void validateResponseLocation(SSODescriptor ssoDescriptor) throws ValidationException { if (ssoDescriptor.getArtifactResolutionServices() != null && ssoDescriptor.getArtifactResolutionServices().size() > 0) { for (int i = 0; i < ssoDescriptor.getArtifactResolutionServices().size(); i++) { if (!DatatypeHelper.isEmpty(ssoDescriptor.getArtifactResolutionServices().get(i).getResponseLocation())) { throw new ValidationException("ResponseLocation of all ArtificatResolutionServices must be null"); } } } } }