Package org.cilogon.oauth2.servlet.claims

Class SAMLAttributeClaimSource

  • All Implemented Interfaces:
    edu.uiuc.ncsa.oa4mp.delegation.oa2.server.claims.ClaimSource, Serializable
    Direct Known Subclasses:
    SAMLAttrbuteClaimSource
    public class SAMLAttributeClaimSource
extends edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl
    This will read SAML attributes that are sent in the header from the IDP then stored in an attribute that is sent. At the right time, this attribute is read and parsed into information about the user and returned as a set of claims. NOTE that this is created by introspection (hence the no arg constructor) and hence never seems to be used in the code base. Several clients, however, require it.

    Created by Jeff Gaynor
    on 7/10/18 at 8:15 AM

    See Also:
    Serialized Form

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isRunOnlyAtAuthorization()  
      static void main​(String[] arg)  
      protected net.sf.json.JSONObject newProcess​(net.sf.json.JSONObject claims, edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)
      The assumption is that all attributes will be JSONArrays since SAML supports multi-valued attributes.
      protected net.sf.json.JSONObject oldProcess​(net.sf.json.JSONObject claims, edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)
      As of next release (4.1) we should be getting SAML attributes that have been parsed into JSON, so we do not need to do the parsing ourselves.
      net.sf.json.JSONObject process​(net.sf.json.JSONObject claims, edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)  
      net.sf.json.JSONObject process​(net.sf.json.JSONObject claims, javax.servlet.http.HttpServletRequest request, edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)  
      protected static void test1()  
      protected static void test2()  
      edu.uiuc.ncsa.qdl.variables.QDLStem toQDL()  
      String toString()  

      • Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl

        fromQDL, getClaims, getConfiguration, getGroupHandler, getOa2SE, getOmitList, getPostProcessor, getPreProcessor, getScopes, hasConfiguration, hasJSONPostProcessor, hasJSONPreProcessor, isEnabled, realProcessing, setConfiguration, setGroupHandler, setOa2SE, setOmitList, setScopes

    • Field Detail

      • SHIBBOLETH_MEMBER_OF_KEY

        public String SHIBBOLETH_MEMBER_OF_KEY

      • SHIBBOLETH_LIST_DELIMITER

        public static String SHIBBOLETH_LIST_DELIMITER

    • Constructor Detail

      • SAMLAttributeClaimSource

        public SAMLAttributeClaimSource​(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE oa2SE)

      • SAMLAttributeClaimSource

        public SAMLAttributeClaimSource()

      • SAMLAttributeClaimSource

        public SAMLAttributeClaimSource​(edu.uiuc.ncsa.qdl.variables.QDLStem stem)

    • Method Detail

      • process

        public net.sf.json.JSONObject process​(net.sf.json.JSONObject claims,
                                      edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)
                               throws edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException
        Specified by:
        process in interface edu.uiuc.ncsa.oa4mp.delegation.oa2.server.claims.ClaimSource
        Overrides:
        process in class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl
        Throws:
        edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException

      • newProcess

        protected net.sf.json.JSONObject newProcess​(net.sf.json.JSONObject claims,
                                            edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)
                                     throws edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException
        The assumption is that all attributes will be JSONArrays since SAML supports multi-valued attributes.
        Update: CIL-532 requires eduPersonEntitlement support. After discussions, we have decided not to have pre-parsed JSON, but stick with the oldProcess(JSONObject, ServiceTransaction). This code should be kept for a bit in case we decide to change our minds, since it is debugged and works, but it may ultimately go away.
        Parameters:
        claims -
        transaction -
        Returns:
        Throws:
        edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException

      • oldProcess

        protected net.sf.json.JSONObject oldProcess​(net.sf.json.JSONObject claims,
                                            edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)
                                     throws edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException
        As of next release (4.1) we should be getting SAML attributes that have been parsed into JSON, so we do not need to do the parsing ourselves. Note that these attributes have been sent over out of band and stashed in a User attribute named User.getAttr_json(), since the assumption is that this servlet is access through Apache (or some other web server) and therefore cannot have direct access to the secure headers.
        Parameters:
        claims -
        transaction -
        Returns:
        Throws:
        edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException

      • process

        public net.sf.json.JSONObject process​(net.sf.json.JSONObject claims,
                                      javax.servlet.http.HttpServletRequest request,
                                      edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction transaction)
                               throws edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException
        Specified by:
        process in interface edu.uiuc.ncsa.oa4mp.delegation.oa2.server.claims.ClaimSource
        Overrides:
        process in class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl
        Throws:
        edu.uiuc.ncsa.oa4mp.delegation.oa2.server.UnsupportedScopeException

      • isRunOnlyAtAuthorization

        public boolean isRunOnlyAtAuthorization()
        Specified by:
        isRunOnlyAtAuthorization in interface edu.uiuc.ncsa.oa4mp.delegation.oa2.server.claims.ClaimSource
        Overrides:
        isRunOnlyAtAuthorization in class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl

      • main

        public static void main​(String[] arg)

      • toQDL

        public edu.uiuc.ncsa.qdl.variables.QDLStem toQDL()
        Specified by:
        toQDL in interface edu.uiuc.ncsa.oa4mp.delegation.oa2.server.claims.ClaimSource
        Overrides:
        toQDL in class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl