/** * Apply policy to the target object. * * @param input current profile request context * @param target target object * * @return result of policy */ private boolean doApply(@Nullable final ProfileRequestContext input, @Nonnull final NameIDPolicy target) { final String requesterId = requesterIdLookupStrategy != null ? requesterIdLookupStrategy.apply(input) : null; final String responderId = responderIdLookupStrategy != null ? responderIdLookupStrategy.apply(input) : null; final String format = target.getFormat(); if (formats.contains(format != null ? format : NameID.UNSPECIFIED)) { log.debug("Applying policy to NameIDPolicy with Format {}", format != null ? format : NameID.UNSPECIFIED); return doApply(requesterId, responderId, format, null, target.getSPNameQualifier()); } else { log.debug("Policy checking disabled for NameIDPolicy with Format {}", format != null ? format : NameID.UNSPECIFIED); return true; } }
/** {@inheritDoc} */ @Override @Nullable protected String getEffectiveSPNameQualifier(@Nonnull final ProfileRequestContext profileRequestContext) { // Override the default behavior if the SP specifies a qualifier in its request. final AuthnRequest request = requestLookupStrategy.apply(profileRequestContext); if (request != null && request.getNameIDPolicy() != null) { final String qual = request.getNameIDPolicy().getSPNameQualifier(); if (!Strings.isNullOrEmpty(qual)) { return qual; } } return super.getEffectiveSPNameQualifier(profileRequestContext); }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { NameIDPolicy policy = (NameIDPolicy) samlObject; if (policy.getFormat() != null) { domElement.setAttributeNS(null, NameIDPolicy.FORMAT_ATTRIB_NAME, policy.getFormat()); } if (policy.getSPNameQualifier() != null) { domElement.setAttributeNS(null, NameIDPolicy.SP_NAME_QUALIFIER_ATTRIB_NAME, policy.getSPNameQualifier()); } if (policy.getAllowCreateXSBoolean() != null) { domElement.setAttributeNS(null, NameIDPolicy.ALLOW_CREATE_ATTRIB_NAME, policy.getAllowCreateXSBoolean() .toString()); } } }
/** * Prepare name id encoder saml 2 string name id encoder. * * @param authnRequest the authn request * @param nameFormat the name format * @param attribute the attribute * @param service the service * @param adaptor the adaptor * @return the saml 2 string name id encoder */ protected static SAML2StringNameIDEncoder prepareNameIdEncoder(final RequestAbstractType authnRequest, final String nameFormat, final IdPAttribute attribute, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) { val encoder = new SAML2StringNameIDEncoder(); encoder.setNameFormat(nameFormat); if (getNameIDPolicy(authnRequest) != null) { val qualifier = getNameIDPolicy(authnRequest).getSPNameQualifier(); LOGGER.debug("NameID qualifier is set to [{}]", qualifier); encoder.setNameQualifier(qualifier); } return encoder; }
protected NameIdPolicy fromNameIDPolicy(NameIDPolicy nameIDPolicy) { NameIdPolicy result = null; if (nameIDPolicy != null) { result = new NameIdPolicy() .setAllowCreate(nameIDPolicy.getAllowCreate()) .setFormat(NameId.fromUrn(nameIDPolicy.getFormat())) .setSpNameQualifier(nameIDPolicy.getSPNameQualifier()); } return result; }