/** * Gets required name id format if any. * * @param authnRequest the authn request * @return the required name id format if any */ protected static String getRequiredNameIdFormatIfAny(final RequestAbstractType authnRequest) { val nameIDPolicy = getNameIDPolicy(authnRequest); val requiredNameFormat = nameIDPolicy != null ? nameIDPolicy.getFormat() : null; LOGGER.debug("AuthN request indicates [{}] is the required NameID format", requiredNameFormat); return requiredNameFormat; }
/** * Extract a format required by the inbound request, if present. * * @param profileRequestContext current profile request context * * @return a format dictated by the request, or null */ @Nullable private String getRequiredFormat(@Nonnull final ProfileRequestContext profileRequestContext) { if (request != null) { final NameIDPolicy policy = request.getNameIDPolicy(); if (policy != null) { final String format = policy.getFormat(); if (!Strings.isNullOrEmpty(format) && !NameID.UNSPECIFIED.equals(format) && !NameID.ENCRYPTED.equals(format)) { return format; } } } return null; }
/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameIDPolicy target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameID.UNSPECIFIED)) { log.debug("Applying policy to NameIDPolicy with Format {}", format != null ? format : NameID.UNSPECIFIED); return doApply(requesterId, responderId, format, null, target.getSPNameQualifier()); } else { log.debug("Policy checking disabled for NameIDPolicy with Format {}", format != null ? format : NameID.UNSPECIFIED); return true; } }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { NameIDPolicy policy = (NameIDPolicy) samlObject; if (policy.getFormat() != null) { domElement.setAttributeNS(null, NameIDPolicy.FORMAT_ATTRIB_NAME, policy.getFormat()); } if (policy.getSPNameQualifier() != null) { domElement.setAttributeNS(null, NameIDPolicy.SP_NAME_QUALIFIER_ATTRIB_NAME, policy.getSPNameQualifier()); } if (policy.getAllowCreateXSBoolean() != null) { domElement.setAttributeNS(null, NameIDPolicy.ALLOW_CREATE_ATTRIB_NAME, policy.getAllowCreateXSBoolean() .toString()); } } }
final AuthnRequest request = (AuthnRequest) msg; if (request.getNameIDPolicy() != null) { final String requestedFormat = request.getNameIDPolicy().getFormat(); if (requestedFormat != null && NameID.ENCRYPTED.equals(requestedFormat)) { log.debug("{} Request asked for encrypted identifier, disregarding installed predicate");
protected NameIdPolicy fromNameIDPolicy(NameIDPolicy nameIDPolicy) { NameIdPolicy result = null; if (nameIDPolicy != null) { result = new NameIdPolicy() .setAllowCreate(nameIDPolicy.getAllowCreate()) .setFormat(NameId.fromUrn(nameIDPolicy.getFormat())) .setSpNameQualifier(nameIDPolicy.getSPNameQualifier()); } return result; }