Class AbstractSAML2ProfileConfiguration

All Implemented Interfaces:
ConditionalProfileConfiguration, ProfileConfiguration, SAMLProfileConfiguration, SAML2ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
AbstractSAML2ArtifactAwareProfileConfiguration, ArtifactResolutionProfileConfiguration

public abstract class AbstractSAML2ProfileConfiguration
extends AbstractSAMLProfileConfiguration
implements SAML2ProfileConfiguration
Base class for SAML 2 profile configurations.
  • Field Details

    • ignoreRequestSignaturesPredicate

      @Nonnull private Predicate<ProfileRequestContext> ignoreRequestSignaturesPredicate
      Whether to ignore signatures in requests.
    • encryptionOptionalPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptionOptionalPredicate
      Whether encryption is optional in the face of no key, etc.
    • encryptAssertionsPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptAssertionsPredicate
      Predicate used to determine if assertions should be encrypted.
    • encryptNameIDsPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptNameIDsPredicate
      Predicate used to determine if name identifiers should be encrypted.
    • encryptAttributesPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptAttributesPredicate
      Predicate used to determine if attributes should be encrypted.
    • proxyCountLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Integer> proxyCountLookupStrategy
      Lookup function to supply proxyCount property.
    • proxyAudiencesLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Collection<String>> proxyAudiencesLookupStrategy
      Lookup function to supply proxy audiences.
  • Constructor Details

    • AbstractSAML2ProfileConfiguration

      public AbstractSAML2ProfileConfiguration​(@Nonnull @NotEmpty String profileId)
      Constructor.
      Parameters:
      profileId - ID of the communication profile, never null or empty
  • Method Details

    • getProxyCount

      @Nullable public Integer getProxyCount​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied.
      Specified by:
      getProxyCount in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion may be proxied
    • setProxyCount

      public void setProxyCount​(@Nullable @NonNegative Integer count)
      Set the maximum number of times an assertion may be proxied.
      Parameters:
      count - maximum number of times an assertion may be proxied
    • setProxyCountLookupStrategy

      public void setProxyCountLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Integer> strategy)
      Set a lookup strategy for the maximum number of times an assertion may be proxied.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0
    • getProxyAudiences

      @Nonnull @NonnullElements @NotLive @Unmodifiable public Set<String> getProxyAudiences​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the unmodifiable collection of audiences for a proxied assertion.
      Specified by:
      getProxyAudiences in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      audiences for a proxied assertion
    • setProxyAudiences

      public void setProxyAudiences​(@Nullable @NonnullElements Collection<String> audiences)
      Set the proxy audiences to be added to responses.
      Parameters:
      audiences - proxy audiences to be added to responses
    • setProxyAudiencesLookupStrategy

      public void setProxyAudiencesLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Collection<String>> strategy)
      Set a lookup strategy for the proxy audiences to be added to responses.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0
    • isIgnoreRequestSignatures

      public boolean isIgnoreRequestSignatures​(@Nonnull ProfileRequestContext profileRequestContext)
      Gets whether to bypass verification of request signatures.

      This is typically of use to deal with broken services or to allow a signer's key to be bypassed in the event that it is managed improperly.

      Specified by:
      isIgnoreRequestSignatures in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff request signatures should be ignored
    • setIgnoreRequestSignatures

      public void setIgnoreRequestSignatures​(boolean flag)
      Sets whether to bypass verification of request signatures.
      Parameters:
      flag - flag to set
      Since:
      4.0.0
    • setIgnoreRequestSignaturesPredicate

      public void setIgnoreRequestSignaturesPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Sets a condition to determine whether to bypass verification of request signatures.
      Parameters:
      condition - condition to set
      Since:
      4.0.0
    • isEncryptionOptional

      public boolean isEncryptionOptional​(@Nullable ProfileRequestContext profileRequestContext)
      Gets whether to ignore an inability to encrypt due to external factors.

      This allows a deployer to signal that encryption is "best effort" and can be omitted if a relying party doesn't possess a key, support a compatible algorithm, etc.

      Defaults to false.

      Specified by:
      isEncryptionOptional in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff encryption should be treated as optional
    • setEncryptionOptional

      public void setEncryptionOptional​(boolean flag)
      Set whether encryption is optional in the face of a missing key, etc.
      Parameters:
      flag - flag to set
    • setEncryptionOptionalPredicate

      public void setEncryptionOptionalPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether encryption is optional in the face of a missing key, etc.
      Parameters:
      condition - condition to set
      Since:
      3.3.0
    • isEncryptAssertions

      public boolean isEncryptAssertions​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if assertions should be encrypted.
      Specified by:
      isEncryptAssertions in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if assertions should be encrypted
    • setEncryptAssertions

      public void setEncryptAssertions​(boolean flag)
      Set whether assertions should be encrypted.
      Parameters:
      flag - flag to set
    • setEncryptAssertionsPredicate

      public void setEncryptAssertionsPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if assertions should be encrypted.
      Parameters:
      predicate - predicate used to determine if assertions should be encrypted
      Since:
      4.0.0
    • isEncryptNameIDs

      public boolean isEncryptNameIDs​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if name identifiers should be encrypted.
      Specified by:
      isEncryptNameIDs in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if name identifiers should be encrypted
    • setEncryptNameIDs

      public void setEncryptNameIDs​(boolean flag)
      Set whether name identifiers should be encrypted.
      Parameters:
      flag - flag to set
    • setEncryptNameIDsPredicate

      public void setEncryptNameIDsPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if name identifiers should be encrypted.
      Parameters:
      predicate - predicate used to determine if name identifiers should be encrypted
      Since:
      4.0.0
    • isEncryptAttributes

      public boolean isEncryptAttributes​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if attributes should be encrypted.
      Specified by:
      isEncryptAttributes in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if attributes should be encrypted
    • setEncryptAttributes

      public void setEncryptAttributes​(boolean flag)
      Set whether attributes should be encrypted.
      Parameters:
      flag - flag to set
    • setEncryptAttributesPredicate

      public void setEncryptAttributesPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if attributes should be encrypted.
      Parameters:
      predicate - predicate used to determine if attributes should be encrypted
      Since:
      4.0.0