Interface SAML2ProfileConfiguration

All Known Implementing Classes:
AbstractSAML2ArtifactAwareProfileConfiguration, AbstractSAML2ProfileConfiguration, ArtifactResolutionProfileConfiguration, AttributeQueryProfileConfiguration, BrowserSSOProfileConfiguration, ECPProfileConfiguration, SingleLogoutProfileConfiguration, SSOSProfileConfiguration

public interface SAML2ProfileConfiguration
Base interface for SAML 2 profile configurations.
  • Method Details

    • getProxyCount

      @NonNegative @Nullable Integer getProxyCount​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion may be proxied
    • getProxyAudiences

      @Nonnull @NonnullElements @NotLive @Unmodifiable Set<String> getProxyAudiences​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the unmodifiable collection of audiences for a proxied assertion.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      audiences for a proxied assertion
    • isIgnoreRequestSignatures

      boolean isIgnoreRequestSignatures​(@Nonnull ProfileRequestContext profileRequestContext)
      Gets whether to bypass verification of request signatures.

      This is typically of use to deal with broken services or to allow a signer's key to be bypassed in the event that it is managed improperly.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff request signatures should be ignored
      Since:
      4.0.0
    • isEncryptionOptional

      boolean isEncryptionOptional​(@Nullable ProfileRequestContext profileRequestContext)
      Gets whether to ignore an inability to encrypt due to external factors.

      This allows a deployer to signal that encryption is "best effort" and can be omitted if a relying party doesn't possess a key, support a compatible algorithm, etc.

      Defaults to false.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff encryption should be treated as optional
    • isEncryptAssertions

      boolean isEncryptAssertions​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if assertions should be encrypted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if assertions should be encrypted
    • isEncryptNameIDs

      boolean isEncryptNameIDs​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if name identifiers should be encrypted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if name identifiers should be encrypted
    • isEncryptAttributes

      boolean isEncryptAttributes​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if attributes should be encrypted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if attributes should be encrypted