Class AbstractSAMLProfileConfiguration

All Implemented Interfaces:
ConditionalProfileConfiguration, ProfileConfiguration, SAMLProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
AbstractSAML1ArtifactAwareProfileConfiguration, AbstractSAML2ProfileConfiguration, ArtifactResolutionProfileConfiguration

public abstract class AbstractSAMLProfileConfiguration
extends AbstractConditionalProfileConfiguration
implements SAMLProfileConfiguration
Base class for SAML profile configurations.
  • Field Details

    • DEFAULT_ASSERTION_LIFETIME

      @Nonnull public static final Duration DEFAULT_ASSERTION_LIFETIME
      Default assertion lifetime.
    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
    • signRequestsPredicate

      @Nonnull private Predicate<ProfileRequestContext> signRequestsPredicate
      Predicate used to determine if the generated request should be signed. Default returns false.
    • signResponsesPredicate

      @Nonnull private Predicate<ProfileRequestContext> signResponsesPredicate
      Predicate used to determine if the generated response should be signed. Default returns false.
    • signAssertionsPredicate

      @Nonnull private Predicate<ProfileRequestContext> signAssertionsPredicate
      Predicate used to determine if the generated assertion should be signed. Default returns false.
    • includeNotBeforePredicate

      @Nonnull private Predicate<ProfileRequestContext> includeNotBeforePredicate
      Controls whether to include a NotBefore attribute in the Conditions of generated assertions.
    • assertionLifetimeLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Duration> assertionLifetimeLookupStrategy
      Lookup function to supply assertionLifetime property.
    • assertionAudiencesLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Set<String>> assertionAudiencesLookupStrategy
      Lookup function to supply assertionAudiences property.
  • Constructor Details

    • AbstractSAMLProfileConfiguration

      public AbstractSAMLProfileConfiguration​(@Nonnull @NotEmpty String profileId)
      Constructor.
      Parameters:
      profileId - ID of the communication profile
  • Method Details

    • getInboundInterceptorFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getInboundInterceptorFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of interceptor flows to run for this profile after an inbound message is decoded.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getInboundInterceptorFlows in interface ProfileConfiguration
      Overrides:
      getInboundInterceptorFlows in class AbstractProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable
    • isSignAssertions

      public boolean isSignAssertions​(@Nullable ProfileRequestContext profileRequestContext)
      Get the predicate used to determine if generated assertions should be signed.
      Specified by:
      isSignAssertions in interface SAMLProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if generated assertions should be signed
    • setSignAssertions

      public void setSignAssertions​(boolean flag)
      Set whether generated assertions should be signed.
      Parameters:
      flag - flag to set
    • setSignAssertionsPredicate

      public void setSignAssertionsPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if generated assertions should be signed.
      Parameters:
      predicate - predicate used to determine if generated assertions should be signed
      Since:
      4.0.0
    • isSignRequests

      public boolean isSignRequests​(@Nullable ProfileRequestContext profileRequestContext)
      Get the predicate used to determine if generated requests should be signed.
      Specified by:
      isSignRequests in interface SAMLProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if generated requests should be signed
    • setSignRequests

      public void setSignRequests​(boolean flag)
      Set whether generated requests should be signed.
      Parameters:
      flag - flag to set
    • setSignRequestsPredicate

      public void setSignRequestsPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if generated requests should be signed.
      Parameters:
      predicate - predicate used to determine if generated requests should be signed
      Since:
      4.0.0
    • isSignResponses

      public boolean isSignResponses​(@Nullable ProfileRequestContext profileRequestContext)
      Get the predicate used to determine if generated responses should be signed.
      Specified by:
      isSignResponses in interface SAMLProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if generated responses should be signed
    • setSignResponses

      public void setSignResponses​(boolean flag)
      Set whether generated responses should be signed.
      Parameters:
      flag - flag to set
    • setSignResponsesPredicate

      public void setSignResponsesPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if generated responses should be signed.
      Parameters:
      predicate - predicate used to determine if generated responses should be signed
      Since:
      4.0.0
    • getAssertionLifetime

      @Nonnull public Duration getAssertionLifetime​(@Nullable ProfileRequestContext profileRequestContext)
      Get the lifetime of generated assertions.
      Specified by:
      getAssertionLifetime in interface SAMLProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      lifetime of generated assertions
    • setAssertionLifetime

      public void setAssertionLifetime​(@Nonnull Duration lifetime)
      Set the lifetime of an assertion.
      Parameters:
      lifetime - lifetime of an assertion
    • setAssertionLifetimeLookupStrategy

      public void setAssertionLifetimeLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Duration> strategy)
      Set a lookup strategy for the lifetime of an assertion.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0
    • isIncludeConditionsNotBefore

      public boolean isIncludeConditionsNotBefore​(@Nullable ProfileRequestContext profileRequestContext)
      Get whether to include a NotBefore attribute in the Conditions of generated assertions.
      Specified by:
      isIncludeConditionsNotBefore in interface SAMLProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether to include a NotBefore attribute in the Conditions of generated assertions
    • setIncludeConditionsNotBefore

      public void setIncludeConditionsNotBefore​(boolean flag)
      Set whether to include a NotBefore attribute in the Conditions of generated assertions.
      Parameters:
      flag - flag to set
    • setIncludeConditionsNotBeforePredicate

      public void setIncludeConditionsNotBeforePredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.
      Parameters:
      condition - lookup strategy
      Since:
      3.3.0
    • getAdditionalAudiencesForAssertion

      @Nonnull @NonnullElements @NotLive public Set<String> getAdditionalAudiencesForAssertion​(@Nullable ProfileRequestContext profileRequestContext)
      Get an unmodifiable set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
      Specified by:
      getAdditionalAudiencesForAssertion in interface SAMLProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      additional audiences to which an assertion may be shared
    • setAdditionalAudiencesForAssertion

      public void setAdditionalAudiencesForAssertion​(@Nullable @NonnullElements Collection<String> audiences)
      Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
      Parameters:
      audiences - the additional audiences
    • setAdditionalAudiencesForAssertionLookupStrategy

      public void setAdditionalAudiencesForAssertionLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Set<String>> strategy)
      Set a lookup strategy for the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
      Parameters:
      strategy - lookup strategy
      Since:
      4.0.0