All Classes

Class Description
AbstractAttributeDefinition
Base class for attribute definition resolver plugins.
AbstractAttributeDisplayFunction
Abstract Function which returns Locale-aware information about an attribute.
AbstractAttributePredicate
Abstract base class for predicates operating on an AttributeContext.
AbstractAttributeReleaseAction
Base class for attribute release consent actions.
AbstractAttributeResolutionLookupFunction<Type>
Base class for a function that takes a ProfileRequestContext and requires access to an AttributeResolutionContext.
AbstractAttributeTranscoder<T>
Base class for transcoders.
AbstractAuthenticationAction
A base class for authentication related actions.
AbstractBasicCredentialFactoryBean
A factory bean to collect information to do with a BasicCredential.
AbstractBasicCredentialFactoryBean.SecretKeyEncoding
Form of encoding for SecretKey info.
AbstractBasicCredentialParser
Specific parser for all BasicCredentials.
AbstractBasicPKIXValidationInfoFactoryBean
A factory bean to collect information to do with a BasicPKIXValidationInformation.
AbstractCASAttributeTranscoder<EncodedType extends IdPAttributeValue>
Base class for transcoders that support CAS attributes.
AbstractCASAttributeTranscoder.NamingFunction
A function to produce a "canonical" name for a CAS Attribute for transcoding rules.
AbstractCASProtocolAction<RequestType,​ResponseType>
Base class for CAS protocol actions.
AbstractChainingParser
Base Parser for trust engines of type SignatureChaining and Chaining.
AbstractCollectionConfigurationLookupStrategy<T1,​T2>
A strategy function that examines SAML metadata associated with a relying party and derives List<String>-valued configuration settings based on EntityAttribute extension tags.
AbstractCommandLineArguments
Base class for JCommander command line argument handling for an HTTP-based remote service call, with an abstract method that adds to a URL based on a derived class' arguments.
AbstractComposedMatcher
Base class for Matcher implementations that are compositions of two or more other Matchers.
AbstractComposedPolicyRule
Base class for PolicyRequirementRule implementations that are compositions of other PolicyRequirementRules.
AbstractConditionalProfileConfiguration
Base class for ConditionalProfileConfiguration implementations.
AbstractConsentAction
Base class for consent actions.
AbstractConsentIndexedStorageAction
Base class for consent actions which write to a StorageService.
AbstractConsentStorageAction
Base class for consent actions which interact with a StorageService.
AbstractCredentialFactoryBean<T extends Credential>
A factory bean to accumulate the information pertaining to an AbstractCredential.
AbstractCredentialParser
Base parser for all <Credential> elements.
AbstractCredentialValidator
An abstract CredentialValidator that handles some common behavior.
AbstractDataConnector
Base class for data connector resolver plugins.
AbstractDataConnectorParser
Base spring bean definition parser for data connectors.
AbstractDuoAuthenticator
A base class for authentication actions which call a Duo AuthAPI endpont.
AbstractDynamicHTTPMetadataProviderParser
Parser for abstract dynamic HTTP metadata resolvers.
AbstractDynamicMetadataProviderParser
AbstractEntityAttributeExactPolicyRule
Matcher that checks, via an exact match, for an entity attribute with a given value.
AbstractEntityAttributeExactRuleParser
Parser for EntityAttributeExactPolicyRule types.
AbstractEntityAttributePolicyRule
Base class for matchers that check whether a particular entity attribute is present and contains a given value.
AbstractEntityAttributeRegexPolicyRule
Matcher functor that checks entity attribute values via matching against a regular expression.
AbstractEntityAttributeRegexRuleParser
Parser for EntityAttributeRegexPolicyRule types.
AbstractEntityAttributeRuleParser
Base definition for all EntityAttribute Parsers.
AbstractEntityGroupPolicyRule
A matcher that evaluates to true if an entity's metadata matches the provided entity group name, or a valid metadata-sourced affiliation of entities.
AbstractEntityGroupRuleParser
Parser for entity group policy rules.
AbstractExecutableSearchFilterBuilder
Abstract executable search filter builder for implementations that can provide a search filter.
AbstractExecutableStatementBuilder
Basis of statement builder.
AbstractExtractionAction
A base class for authentication actions that extract usernames for subsequent use.
AbstractHTTPSearchBuilder
Basis of request builder.
AbstractIdPHomeAwareCommandLine<T extends AbstractIdPHomeAwareCommandLineArguments>
An extension to AbstractCommandLine that auto-adds our context initializer for idp.home and property support.
AbstractIdPHomeAwareCommandLineArguments
An extension to AbstractCommandLineArguments that allows idp.home override and includes HTTP client support.
AbstractIdPModule
IdPModule base class implementing basic file management.
AbstractIdPPlugin
A base class implementing IdPPlugin that defaults common settings.
AbstractIdPSession
Abstract base for implementations of IdPSession, handles basic management of the instance data without addressing persistence.
AbstractIdPSession.AddressFamily
Address syntaxes supported for address binding.
AbstractMappingStrategy<T>
Base class for implementing MappingStrategy instances that includes support for field renaming/aliasing.
AbstractMatcher
This is the base of all implementations of Matcher which do some sort of comparison.
AbstractMatchesShibMDScopeMatcher
Base class for filters which rely on the issuer's <shibmd:scope> extensions.
AbstractMetadataDrivenConfigurationLookupStrategy<T>
A strategy function that examines SAML metadata associated with a relying party and derives configuration settings based on EntityAttribute extension tags.
AbstractMetadataDrivenConfigurationLookupStrategy.CachedConfigurationContext
A child context that caches derived configuration properties.
AbstractMetadataProviderParser
Parser for the MetadataProviderType in the urn:mace:shibboleth:2.0:metadata namespace.
AbstractNameIDFormatExactPolicyRule
Checks if the attribute issuer supports the required NameID format.
AbstractNameIDFormatRuleParser
Parser for NameIDFormat rules.
AbstractOutgoingSamlMessageAction
Base class for all actions that build SAML Response messages for output.
AbstractPersistentIdDataConnector
The basis of a DataConnector that handles persistent IDs that depend on a source IdPAttribute.
AbstractPKIXValidationInfoParser
Base parser for all <ValidationInfo> types.
AbstractPolicyRule
Basis of all implementations of PolicyRequirementRule which do some sort of comparison.
AbstractPrincipalSerializer<Type>
Base class for PrincipalSerializer implementations.
AbstractProfileAction
Base class for Spring-aware profile actions.
AbstractProfileConfiguration
Base class for ProfileConfiguration implementations.
AbstractProfileInterceptorAction
A base class for profile interceptor actions.
AbstractProfileInterceptorResult
Base class for profile interceptor results.
AbstractProtocolConfiguration
Base class for CAS protocol configuration.
AbstractProtocolResponse
Abstract base class for protocol response messages.
AbstractRegexMatcherParser
Base class for regex matching functors of natural type Matcher (mostly attribute value matchers).
AbstractRegexPolicyRuleParser
Base class for regex matching functors of natural type PolicyRule.
AbstractRegexpPolicyRule
General Matcher for regexp comparison of strings in Attribute Filters.
AbstractRegexpStringMatcher
General Matcher for regexp comparison of strings in Attribute Filters.
AbstractRegistrationAuthorityPolicyRule
Base class for rules operating on the RPI extension in metadata.
AbstractRegistrationAuthorityRuleParser
Spring bean definition parser that creates RegistrationAuthorityPolicyRule beans.
AbstractReloadingMetadataProviderParser
Parser for all types which extend the <ReloadingMetadataProviderType>.
AbstractRelyingPartyLookupFunction<ResultType>
Abstract base class for a function that requires a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
AbstractRelyingPartyLookupFunction<ResultType>
Abstract base class for a function that requires a ProfileRequestContext obtained via a lookup function, by default the parent of the specified MessageContext, and a RelyingPartyContext obtained via a lookup function, by default a child of the aforementioned parent.
AbstractRelyingPartyPredicate
Base class for a predicate that evaluates a ProfileRequestContext and requires access to a RelyingPartyContext.
AbstractRelyingPartyPredicate
Abstract base class for a predicate that evaluates a MessageContext and which requires a RelyingPartyContext obtained via a lookup function, by default a child of the InOutOperationContext the parent of the specified MessageContext.
AbstractResolverPlugin<ResolvedType>
Base class for all ResolverPlugins.
AbstractResolverPluginFactoryBean<T extends AbstractResolverPlugin<?>>
A factory bean to collect the parameterization that goes onto a AbstractResolverPlugin.
AbstractSAML1ArtifactAwareProfileConfiguration
Configuration support for artifact-aware profiles.
AbstractSAML1AttributeTranscoder<EncodedType extends IdPAttributeValue>
Base class for transcoders that operate on a SAML 1 Attribute or AttributeDesignator.
AbstractSAML1AttributeTranscoder.NamingFunction
A function to produce a "canonical" name for a SAML 1 AttributeDesignator for transcoding rules.
AbstractSAML2ArtifactAwareProfileConfiguration
Configuration support for artifact-aware profiles.
AbstractSAML2AttributeTranscoder<EncodedType extends IdPAttributeValue>
Base class for transcoders that operate on a SAML 2 Attribute or RequestedAttribute.
AbstractSAML2AttributeTranscoder.NamingFunction
A function to produce a "canonical" name for a SAML 2.0 Attribute for transcoding rules.
AbstractSAML2ProfileConfiguration
Base class for SAML 2 profile configurations.
AbstractSAMLAttributeTranscoder<AttributeType extends SAMLObject,​EncodedType extends IdPAttributeValue>
Base class for transcoders that support SAML attributes.
AbstractSAMLProfileConfiguration
Base class for SAML profile configurations.
AbstractSearchDataConnector<T1 extends ExecutableSearch,​T2 extends MappingStrategy<?>>
A DataConnector containing functionality common to data connectors that retrieve attribute data by searching a data source.
AbstractSPSessionSerializer
Base class for SPSession serializers that handles data common to all such objects.
AbstractStaticPKIXParser
Base Parser for trust engines of type StaticPKIXKeySignature and StaticPKIXX509Credential.
AbstractStaticPKIXParser.X509CredentialNameEvaluatorFactoryBean
FactoryBean to do a deferred decision on whether to create a X509CredentialNameEvaluator.
AbstractStringMatcher
General Matcher for String comparison of strings in Attribute Filters.
AbstractStringMatcherParser
Base class for string matching functors of natural type Matcher (mostly attribute value matchers).
AbstractStringPolicyRule
General PolicyRequirementRule for String comparison of strings in Attribute Filters.
AbstractStringPolicyRuleParser
Base class for string matching functors of natural type PolicyRule.
AbstractSubjectCanonicalizationAction
A base class for subject canonicalization actions.
AbstractTemplateSearchDnResolver
Base class for Template based search dn resolvers.
AbstractTemplateSearchDnResolver.EscapingReferenceInsertionEventHandler
Escapes LDAP attribute values added to the template context.
AbstractTicketSerializer<T extends Ticket>
Base class for ticket serializers that use a simple field-delimited serialization strategy.
AbstractTicketService
Abstract base class for ticket services that rely on StorageService for ticket storage.
AbstractTrustEngineParser
Basis of all parsers for <security:TrustEngine>.
AbstractUsernamePasswordCredentialValidator
An abstract CredentialValidator that checks for a UsernamePasswordContext and delegates to subclasses to produce a result.
AbstractValidationAction
A base class for authentication related actions that validate credentials and produce an AuthenticationResult.
AbstractX509CredentialFactoryBean
A factory bean to collect information to do with an X509 backed BasicX509Credential.
AbstractX509CredentialParser
Specific parser for all X509Credentials.
AccountLockoutManager
A component that manages lockout state for accounts.
ACSUIInfo
Class to contain a processed form of the AttributeConsumingService suitable for display purposes.
ActionSupport
Helper class for Action operations.
AddAttributeStatementToAssertion
Action that builds an AttributeStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
AddAttributeStatementToAssertion
Action that builds an AttributeStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
AddAuthenticationStatementToAssertion
Action that builds an AuthenticationStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
AddAuthnRequest
Action that creates an AuthnRequest and sets it as the message returned by InOutOperationContext.getOutboundMessageContext().
AddAuthnStatementToAssertion
Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
AddAuthnStatementToAssertionFromInboundAssertionToken
Action that builds an AuthnStatement and adds it to an Assertion returned by a lookup strategy, by default in the InOutOperationContext.getOutboundMessageContext().
AddDelegationPolicyToAssertion
Action which adds a DelegationPolicy element to the Advice of an Assertion.
AddDelegationRestrictionToAssertions
Action which adds a DelegationRestrictionType Condition to each Assertion contained within the outbound Response.
AddFrameworkHandler
Handler implementation that adds a Liberty sbf:Framework header to the outbound SOAP envelope.
AdditionalAudiencesForAssertionLookupFunction
A function that returns SAMLProfileConfiguration.getAdditionalAudiencesForAssertion(ProfileRequestContext) if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
AddLogoutRequest
Action that creates a LogoutRequest based on an SAML2SPSession in a LogoutPropagationContext and sets it as the message returned by InOutOperationContext.getOutboundMessageContext().
AddSenderHandler
Handler implementation that adds a Liberty sb:Sender header to the outbound SOAP envelope.
AddSenderHandler.SAMLSelfEntityIDLookupFunction
Function to return the SAML self entityID from the MessageContext.
AdministrativeFlowDescriptor
A descriptor for an administrative flow.
AdministrativeFlowDescriptorManager
Manager of AdministrativeFlowDescriptor objects.
AlgorithmFilterParser
Parser for Algorithm filter.
AllowedSAMLPresentersPredicate
Predicate which evaluates the inbound AbstractSAMLEntityContext.getEntityId() against a specified collection of entityIDs.
AndMatcher
Matcher that implements the conjunction of matchers.
AndMatcherParser
Bean definition parser for AndMatcher or AndPolicyRule objects.
AndPolicyRule
PolicyRequirementRule that implements the conjunction of Policy Rules.
AnyParser
Bean definition parser for PolicyRequirementRule.MATCHES_ALL objects.
ArtifactResolutionProfileConfiguration
Configuration support for SAML 1 artifact resolution requests.
ArtifactResolutionProfileConfiguration
Configuration support for SAML 2 artifact resolution requests.
AssertionIDAuditExtractor
Function that returns the ID attribute from the assertions in a response.
AssertionInstantAuditExtractor
Function that returns the IssueInstant attribute from the assertions in a response.
AssertionLifetimeLookupFunction
A function that returns SAMLProfileConfiguration.getAssertionLifetime(ProfileRequestContext) if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
Attribute
Wrapper class for a CAS attribute/values construct in a validate response.
AttributeContext
A BaseContext that tracks a set of attributes.
AttributeDecodingException
Indicates a problem during decoding into an attribute.
AttributeDefinition
Definition of attribute definition resolver plugins.
AttributeDisplayDescriptionFunction
Function which returns the locale-aware display description of an attribute, defaulting to the attribute ID if the attribute has no display description.
AttributeDisplayNameFunction
Function which returns the locale-aware display name of an attribute, defaulting to the attribute ID if the attribute has no display name.
AttributeEncodingException
Indicates a problem during the encoding of an attribute.
AttributeException
Base class for attribute related exceptions.
AttributeFilter
Interface that filters out attributes and values based upon loaded policies.
AttributeFilterContext
A context supplying input to the AttributeFilter interface.
AttributeFilterContext.Direction
Used to indicate the "direction" of filtering relative to the IdP.
AttributeFilterException
Indicates that an error has occurred during an attribute filtering process.
AttributeFilterImpl
Service that filters out attributes and values based upon loaded policies.
AttributeFilterNamespaceHandler
Namespace handler for the attribute filtering engine.
AttributeFilterPolicy
A policy describing if a set of attribute value filters is applicable.
AttributeFilterPolicyGroupParser
Bean definition parser for <afp:AttributeFilterPolicyGroup>, top top level of the filter "stack".
AttributeFilterPolicyParser
Bean definition parser for an AttributeFilterPolicy.
AttributeFilterServiceStrategy
Strategy for summoning up an AttributeFilterImpl from a populated ApplicationContext.
AttributeFilterWorkContext
A context which carries and collects information through the attribute filtering process, and coordinates data between the filter implementation and the various resolver MatchFunctor implementations.
AttributeInMetadataMatcher
Matcher that checks whether an attribute is enumerated in an SP's metadata as a required or optional attribute.
AttributeInMetadataRuleParser
Bean definition parser for AttributeInMetadataMatcher.
AttributeIssuerEntityAttributeExactPolicyRule
Matcher that checks, via an exact match, if the attribute issuer contains an entity attribute with a given value.
AttributeIssuerEntityAttributeExactRuleParser
AttributeIssuerEntityAttributeRegexPolicyRule
Matcher that checks, via regex, if the attribute issuer contains an entity attribute with a given value.
AttributeIssuerEntityAttributeRegexRuleParser
AttributeIssuerIdLookupFunction
A function that returns AttributeResolutionContext.getAttributeIssuerID() if available from a AttributeResolutionContext obtained via a lookup function defined on the base class.
AttributeIssuerIdPredicate
Predicate that evaluates a ProfileRequestContext by looking for an attribute issuer that matches one of a designated set or a generic predicate.
AttributeIssuerInEntityGroupPolicyRule
A matcher that evaluates to true if attribute issuer's metadata matches the provided entity group name, or a valid metadata-sourced affiliation of entities.
AttributeIssuerInEntityGroupRuleParser
AttributeIssuerNameIDFormatExactPolicyRule
Checks if the attribute issuer supports the required NameID format.
AttributeIssuerNameIDFormatRuleParser
AttributeIssuerPolicyRule
Compare the attribute issuer's entity ID for this resolution with the provided name.
AttributeIssuerRegexpPolicyRule
Compare the attribute issuer's entity ID for this resolution with the provided regexp.
AttributeIssuerRegexRuleParser
Bean definition parser for AttributeIssuerRegexpPolicyRule.
AttributeIssuerRegistrationAuthorityPolicyRule
Rule based on RPI extension in attribute issuer's metadata.
AttributeIssuerRegistrationAuthorityRuleParser
Spring bean definition parser that creates AttributeIssuerRegistrationAuthorityPolicyRule beans.
AttributeIssuerRuleParser
Bean definition parser for AttributeIssuerPolicyRule.
AttributeMappingNodeProcessor
An implementation of MetadataNodeProcessor which extracts IdPRequestedAttributes from any AttributeConsumingService we find and IdPAttributes from any EntityDescriptor that we find.
AttributePredicate
Predicate to determine whether consent should be obtained for an attribute.
AttributePrincipalLookupFunction
A function that returns AttributeResolutionContext.getPrincipal() if available from a AttributeResolutionContext obtained via a lookup function defined on the base class.
AttributePrincipalPredicate
Predicate that evaluates a ProfileRequestContext by looking for an attribute subject that matches one of a designated set or a generic predicate.
AttributeQueryProfileConfiguration
Configuration support for SAML 1 attribute query requests.
AttributeQueryProfileConfiguration
Configuration support for SAML 2 attribute query requests.
AttributeRecipientIdLookupFunction
A function that returns AttributeResolutionContext.getAttributeRecipientID() if available from a AttributeResolutionContext obtained via a lookup function defined on the base class.
AttributeRecipientIdPredicate
Predicate that evaluates a ProfileRequestContext by looking for an attribute recipient that matches one of a designated set.
AttributeRegistryServiceStrategy
Strategy for summoning up an AttributeTranscoderRegistryImpl from a populated ApplicationContext.
AttributeReleaseConsentFunction
Function that returns a map of consent objects representing consent to attribute release.
AttributeReleaseContext
Context for attribute release consent.
AttributeReleaseFlowDescriptor
Descriptor for an attribute release flow.
AttributeRequesterEntityAttributeExactPolicyRule
Matcher that checks, via an exact match, if the attribute requester contains an entity attribute with a given value.
AttributeRequesterEntityAttributeExactRuleParser
AttributeRequesterEntityAttributeRegexPolicyRule
Matcher that checks, via regex, if the attribute requester contains an entity attribute with a given value.
AttributeRequesterEntityAttributeRegexRuleParser
AttributeRequesterInEntityGroupPolicyRule
A matcher that evaluates to true if attribute requester's metadata matches the provided entity group name, or a valid metadata-sourced affiliation of entities.
AttributeRequesterInEntityGroupRuleParser
AttributeRequesterNameIDFormatExactPolicyRule
Checks if the attribute requester supports the required NameID format.
AttributeRequesterNameIDFormatRuleParser
AttributeRequesterPolicyRule
Compare the attribute requester's entity ID for this resolution with the provided name.
AttributeRequesterRegexpPolicyRule
Compare the attribute requester's entity ID for this resolution with the provided regexp.
AttributeRequesterRegexRuleParser
Bean definition parser for AttributeRequesterRegexpPolicyRule.
AttributeRequesterRegistrationAuthorityPolicyRule
Rule based on RPI extension in attribute requester's metadata.
AttributeRequesterRegistrationAuthorityRuleParser
Spring bean definition parser that creates AttributeRequesterRegistrationAuthorityPolicyRule beans.
AttributeRequesterRuleParser
Bean definition parser for AttributeRequesterPolicyRule.
AttributeResolutionContext
A context supplying input to the AttributeResolver interface.
AttributeResolver
A component that resolves the attributes for a particular subject.
AttributeResolverImpl
A component that resolves the attributes for a particular subject.
AttributeResolverNamespaceHandler
Namespace handler for the attribute resolver.
AttributeResolverParser
Bean definition parser for an AttributeResolver.
AttributeResolverServiceGaugeSet
Additional gauges for attribute resolver.
AttributeResolverServiceStrategy
Strategy for summoning up an AttributeResolverImpl from a populated ApplicationContext.
AttributeResolverWorkContext
A context which carries and collects information through the attribute resolution process, and coordinates data between the resolver implementation and the various resolver plugin implementations.
AttributeRule
Represents a value filtering rule for a particular attribute.
AttributeRuleParser
Spring bean definition parser to configure an AttributeRule.
AttributesAuditExtractor
Function that returns the attribute IDs from an AttributeContext.
AttributeScopeMatcherParser
Bean definition parser for AttributeScopeStringMatchers.
AttributeScopeMatchesShibMDScope
Class to implement a filter of scopes against <shibmd:scope>.
AttributeScopeRegexMatcherParser
Bean definition parser for AttributeScopeRegexpMatchers.
AttributeScopeRegexpMatcher
Test that the scope in a ScopedStringAttributeValue is a regexp match to configured value.
AttributeScopeStringMatcher
Test that the scope of a ScopedStringAttributeValue is a string match to the value configured.
AttributesMapContainer
Container for decoded attributes.
AttributeSourcedSAML1NameIdentifierGenerator
Generator for NameIdentifier objects based on IdPAttribute data.
AttributeSourcedSAML2NameIDGenerator
Generator for NameID objects based on IdPAttribute data.
AttributeSourcedSubjectCanonicalization
An action that extracts a resolved IdPAttribute value from an AttributeContext child obtained via lookup function (by default a child of the SubjectCanonicalizationContext), and uses it as the result of subject canonicalization.
AttributeTranscoder<T>
Transcoders are objects that support both attribute encoding and decoding for bidirectional translation between IdPAttribute format and technology-specific formats.
AttributeTranscoderRegistry
The transcoder registry provides access to "instructions" for converting between the IdPAttribute "neutral" representation within the IdP and protocol-specific forms such as SAML Attributes or OIDC claims.
AttributeTranscoderRegistry.NamingFunction<T>
Interface to a naming function that allows an object to be turned into a unique string name.
AttributeTranscoderRegistryImpl
Service implementation of the AttributeTranscoderRegistry interface.
AttributeValueLookupFunction
ContextDataLookupFunction to return the value of an attribute from an AttributeContext.
AttributeValueMatchesShibMDScope
Class to implement a filter of string values against <shibmd:scope>.
AttributeValueRegexMatcherParser
Bean definition parser for AttributeValueRegexpMatchers.
AttributeValueRegexpMatcher
Test that an IdPAttributeValue is a regexp match to the configured string.
AttributeValuesHashFunction
Function to calculate the hash of the values of an IdP attribute.
AttributeValueStringMatcher
Test that an IdPAttributeValue is a string match to the configured string.
AttributeValueStringMatcherParser
Bean definition parser for AttributeValueStringMatchers.
AudienceRestrictionsLookupFunction
A function that returns the effective audience restrictions to include in assertions, based on combining a relying party's entityID with the result of SAMLProfileConfiguration.getAdditionalAudiencesForAssertion(ProfileRequestContext), if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
AuditContext
BaseContext containing information to preserve for auditing/logging.
AuthenticationContext
A context representing the state of an authentication attempt, this is the primary input/output context for the action flow responsible for authentication, and within that flow, the individual flows that carry out a specific kind of authentication.
AuthenticationErrorContext
A context that holds information about authentication failures.
AuthenticationFlowAuditExtractor
Function that returns the authentication flow ID used to satisfy a request.
AuthenticationFlowDescriptor
A descriptor for an authentication flow.
AuthenticationFlowDescriptorManager
Manager of AuthenticationFlowDescriptor objects.
AuthenticationFlowsLookupFunction
A function that returns AuthenticationProfileConfiguration.getAuthenticationFlows(org.opensaml.profile.context.ProfileRequestContext)() if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
AuthenticationMethodPrincipal
Principal based on a SAML 1.x AuthenticationMethod.
AuthenticationProfileConfiguration
Configuration of profiles for authentication.
AuthenticationResult
Describes an act of authentication.
AuthenticationResultPrincipal
Principal that wraps an AuthenticationResult.
AuthenticationResultPrincipalSerializer
Principal serializer for AuthenticationResultPrincipal.
AuthenticationWarningContext
A context that holds information about authentication warnings.
AuthnAuditFields
Constants to use for audit logging fields stored in an AuditContext.
AuthnContextAuditExtractor
Function that returns the first AuthenticationMethod, AuthnContextCLassRef, or AuthnContextDeclRef from an assertions in a response.
AuthnContextClassRefPrincipal
Principal based on a SAML AuthnContextClassRef.
AuthnContextDeclPrincipal
Principal based on a SAML AuthnContextDecl.
AuthnContextDeclRefPrincipal
Principal based on a SAML AuthnContextDeclRef.
AuthnEventIds
Constants to use for ProfileAction EventContext results related to authentication and subject c14n.
AuthnInstantAuditExtractor
Function that returns the first authentication timestamp from an assertions in a response.
BaseAddAttributeStatementToAssertion<T extends SAMLObject>
Base class for actions that encode an AttributeContext into a SAML attribute statement.
BaseAddAuthenticationStatementToAssertion
Base class for actions that encode authentication information into a SAML 1 or SAML 2 statement.
BaseAttributeDefinitionParser
Base spring bean definition parser for attribute definitions.
BaseAttributeEncoderParser
Base class for Spring bean definition parser for attribute encoders.
BaseAttributeValueMatcherParser
Base function for all Attribute Value matchers.
BaseBridgingClass
Base class for all classes which bridge between PolicyRequirementRule and Matcher (in either direction).
BaseCryptoTransientDecoder
An abstract action which contains the logic to do crypto transient decoding matching.
BaseCSRFTokenPredicate
A base helper class for predicates that determine if CSRF protection is required per state.
BaseFilterParser
Base class for Spring bean definition parsers within the filter engine configuration.
BaseIdPInitiatedSSORequestMessageDecoder
Decodes an incoming Shibboleth Authentication Request message.
BasePolicyRuleParser
Base function for all natural policy rules.
BaseResolverPluginDependencyParser
BaseResolverPluginParser
Bean definition parser for a ResolverPlugin.
BaseSAML1AttributeEncoderParser
Base class for Spring bean definition parser for SAML 1 attribute encoders.
BaseSAML2AttributeEncoderParser
Base class for Spring bean definition parser for SAML 1 attribute encoders.
BaseTransformingDecoder
Regular expression, etc.
BaseTransientDecoder
An abstract action which contains the logic to do transient decoding matching (shared between SAML2 and SAML1).
BasicAdministrativeFlowDescriptor
A descriptor for an administrative flow.
BasicAdministrativeFlowDescriptor.Logo
A wrapper class to construct logo objects for exposure by UIInfo interface.
BasicAttribute
A class which is here solely to provide compatibility for V2 scripted attribute definitions.
BasicDuoIntegration
Wrapper for use of Duo.
BasicInlineCredentialFactoryBean
Factory bean for BasicInline Credentials.
BasicInlineCredentialParser
Parser for BasicInline Credentials.
BasicKeystoreKeyStrategyTask
BasicNamingFunction<T>
BasicResourceCredentialFactoryBean
Spring bean factory for producing a BasicCredential from Resources.
BasicResourceCredentialParser
Parser for BasicFilesystem and BasicResourceBacked Credentials.
BasicSAMLArtifactConfiguration
Interface for outbound SAML artifact configuration.
BasicSPSession
Implementation support for a concrete SPSession implementation.
BasicSPSessionCreationStrategy
A function to create a BasicSPSession based on profile execution state.
BasicSPSessionSerializer
A serializer for BasicSPSession objects.
BasicX509CredentialFactoryBean
Spring bean factory for producing a BasicX509Credential from Resources.
BeanConfigurationLookupStrategy<T>
A strategy function that examines SAML metadata associated with a relying party and derives bean-based configuration settings based on EntityAttribute extension tags.
BindingDescriptor
Subclass that adds awareness of a Spring bean ID for a binding's MessageEncoder.
BooleanConfigurationLookupStrategy
A strategy function that examines SAML metadata associated with a relying party and derives Boolean-valued configuration settings based on EntityAttribute extension tags.
BrowserSSOProfileConfiguration
Configuration for SAML 1 Browser SSO profile requests.
BrowserSSOProfileConfiguration
Configuration support for SAML 2 Browser SSO.
BuildAuthenticationContextAction
Builds an authentication context from an incoming ServiceTicketRequest message.
BuildProxyChainAction
Action that builds the chain of visited proxies for a successful proxy ticket validation event.
BuildRelyingPartyContextAction<RequestType,​ResponseType>
Creates the RelyingPartyContext as a child of the ProfileRequestContext.
BuildSAMLMetadataContextAction<RequestType,​ResponseType>
Builds a SAMLMetadataContext child of RelyingPartyContext to facilitate relying party selection by group name.
BuildSamlValidationFailureMessageAction
Creates the SAML response message for failed ticket validation at the /samlValidate URI.
BuildSamlValidationSuccessMessageAction
Creates the SAML response message for successful ticket validation at the /samlValidate URI.
BuildWar
Code to build the war file during an install or on request.
ByReferenceFilterBeanPostProcessor
ByReferenceMetadataFilterBridge
This is a bridge filter that uses Spring to locate extant ByReferenceMetadataFilter objects to run.
ByReferenceParser
Parser for a <ByReference> filter.
ByteAttributeValue
A byte[] value for an IdPAttribute.
CacheConfigParser
Utility class for parsing v2 cache configuration.
CanonicalUsernameLookupStrategy
Function that returns a principal name from one of two places: a SubjectCanonicalizationContext child of the root context or a SessionContext.
CAS
IdPModule implementation.
CASAttributeTranscoder
Marker interface for transcoders that support CAS attributes.
CASAuditFields
Constants to use for audit logging fields stored in an AuditContext.
CASScopedStringAttributeTranscoder
CASSPSession
Describes a CAS protocol-specific service provider session created in response to a successful ticket validation.
CASSPSessionSerializer
JSON serializer for CASSPSession class.
CASStringAttributeTranscoder
CertificateContext
Context that carries a Certificate to be validated.
CertPathPKIXValidationOptionsParser
Spring bean definition parser for {urn:mace:shibboleth:2.0:security}ValidationOptions elements which have a type specialization of {urn:mace:shibboleth:2.0:security}CertPathValidationOptionsType.
ChainingMetadataProviderParser
Parser for <ChainingMetadataProvider>.
ChainingParser
Parser for trust engines of type SignatureChaining.
ChainingSignatureTrustEngineFactory
ChainingTrustEngineFactory
Factory bean for ChainingTrustEngine.
CheckAddressPredicate
A predicate that evaluates a ProfileRequestContext and extracts the effective setting of BrowserSSOProfileConfiguration.isCheckAddress(ProfileRequestContext).
CheckProxyAuthorizationAction<RequestType,​ResponseType>
Checks the current ServiceContext to determine whether the service/relying party is authorized to proxy.
CLI
Entry point for command line attribute utility.
ClientTLSArtifactRequestsPredicate
ClientTLSSOAPLogoutRequestsPredicate
ClientTLSValidationConfigurationLookupFunction
A function that returns a ClientTLSValidationConfiguration list by way of various lookup strategies.
CloneablePrincipal
Principal that can be cloned without knowledge of the underlying type.
CollectionSerializer
Serializes a Collection of strings.
CommandLineArguments
Interface for JCommander command line argument handling for an HTTP-based remote service call.
ComputedIdDataConnectorParser
Spring bean definition parser for configuring ComputedIdDataConnector.
ComputedPairwiseIdStore
A PairwiseIdStore that generates a pairwise ID by computing the hash of a given attribute value, the entity ID of the recipient, and a provided salt.
ComputedPairwiseIdStore.Encoding
Post-digest encoding types.
ConditionalProfileConfiguration
A ProfileConfiguration supporting an activation condition.
ConfigLookupFunction<T extends AbstractProtocolConfiguration>
Lookup function for extracting CAS profile configuration from the profile request context.
ConnectionFactoryValidator
Validator implementation that invokes Connection.open() to determine if the ConnectionFactory is properly configured.
Consent
Represents consent.
Consent
IdPModule implementation.
ConsentAuditFields
Constants to use for audit logging fields stored in an AuditContext as a child of an ConsentContext.
ConsentContext
Context representing the state of a consent flow.
ConsentFlowDescriptor
Descriptor for a consent flow.
ConsentManagementContext
Context representing signals to consent flows for managing their state.
ConsentResult
The result of a consent flow, suitable for storage.
ConsentSerializer
Serializes Consent.
ContextCheck
IdPModule implementation.
ContextDerivedAttributeDefinition
An attribute definition which returns an attribute whose values are derived from the ProfileRequestContext associated with the request via a plugged in Function.
ContextDerivedAttributeDefinitionParser
Spring Bean Definition Parser for attribute definitions derived from the Principal.
ContinueSAMLAuthentication
An action that checks for an ExternalAuthenticationContext for a signaled event via the ExternalAuthenticationContext.getAuthnError() method, and otherwise enforces the presence of an inbound SAML Response to process.
CopyDistribution
Copy the distribution to the final location.
CoreGaugeSet
A set of gauges for core system information.
CoreIdPModule
Implementation base class for IdPModule that lives within the core code and whose documentation URLs will float with the IdP's own.
CounterStorageKeyComparator
A Comparator used to order storage keys so that the least used and oldest storage keys are returned first.
CounterStorageKeyFunction
Function to order storage keys by least-used and oldest first during pruning of storage records.
CreateGlobalConsentResult
Consent action to create a consent result representing global consent to be stored in a storage service.
CreateResult
Consent action to create a consent result representing the result of a consent flow.
CredentialConfigFactoryBean
A Factory bean to summon up CredentialConfig from supplied <Credential> statements.
CredentialValidator
High-level API for validating credentials and producing a Java Subject as a result.
CredentialValidator.ErrorHandler
Interface to use to report errors to the caller.
CredentialValidator.WarningHandler
Interface to use to report warnings to the caller.
CriteriaRelyingPartyConfigurationResolver
Resolves a RelyingPartyConfiguration for a given CriteriaSet.
CriteriaSelfEntityIDResolver
Resolver which uses an instance of CriteriaRelyingPartyConfigurationResolver to resolve the self entityID.
CryptoTransientIdGenerationStrategy
Generates transients using a DataSealer to encrypt the result into a recoverable value, for use with stateless clustering.
CryptoTransientNameIDDecoder
Processes a transient NameID, checks that its NameIDType.getNameQualifier() and NameIDType.getSPNameQualifier() are correct, and decodes XSString.getValue() via the base class (reversing the work done by CryptoTransientIdGenerationStrategy).
CryptoTransientNameIdentifierDecoder
Processes a transient NameIdentifier, checks that its NameIdentifier.getNameQualifier() is correct, and decodes XSString.getValue() via the base class (reversing the work done by CryptoTransientIdGenerationStrategy).
CSRFToken
An anti cross-site request forgery token.
CSRFTokenFlowExecutionListener
A flow execution lifecycle listener that, if enabled: Sets an anti-CSRF token into the view-scope map on rendering of a suitable view-state Checks the CSRF token in a HTTP request matches that stored in the view-scope map when a suitable view-state event occurs.
CSRFTokenManager
A thread-safe helper class for dealing with cross-site request forgery tokens.
CSRFTokenManager.DefaultCSRFTokenValidationPredicate
A simple default CSRF token validation predicate.
CurrentConsentIdsAuditExtractor
Function that returns the current consent IDs from a ConsentContext.
CurrentConsentIsApprovedAuditExtractor
Function that returns whether the current consents are approved from an ConsentContext.
CurrentConsentValuesAuditExtractor
Function that returns the current consent values from an ConsentContext.
CurrentInstallState
Tells the installers about the current install state.
CurrentInstallStateImpl
Tells the installers about the current install state.
DataConnector
Base class for data connector resolver plugins.
DataConnectorFactoryBean
A factory bean to collect the parameterization that goes onto a AbstractDataConnector.
DataSealerArguments
Arguments for DataSealer CLI.
DataSealerArguments.OperationType
Operation enum.
DataSealerCLI
Command line utility for DataSealer.
DataSourceValidator
Validator implementation that invokes DataSource.getConnection() to determine if the DataSource is properly configured.
DateAttributePredicate
Provides a date/time matching predicate that compares a date-based attribute value against current system time with optional offset.
DecorateDelegatedAssertion
A profile action which decorates instances of Assertion appropriately for use as delegation tokens.
DecorateDelegatedAssertion.LibertySSOSEndpointURLStrategy
Strategy that builds the SSOS endpoint URL based on the current HTTP request using default values for scheme, port and URI path suffix.
DecryptedAttributeDefinition
An AttributeDefinition that creates an attribute whose values are the decrypted values of its dependencies.
DecryptedAttributeDefinitionParser
Bean definition parser for a DecryptedAttributeDefinition.
DecryptionConfigurationLookupFunction
A function that returns a DecryptionConfiguration list by way of various lookup strategies.
DefaultAuthenticationResultSerializer
Handles serialization of results, delegating handling of Principal objects to one or more PrincipalSerializer plugins.
DefaultEventRequiresCSRFTokenValidationPredicate
Default BiPredicate for determining if CSRF token validation should occur from a compatible request context and event.
DefaultNameIdentifierFormatStrategy
Function to filter a set of candidate NameIdentifier/NameID Format values derived from an entity's SAML metadata against configuration preferences.
DefaultPrincipalDeterminationStrategy<T extends Principal>
Function that returns the first custom Principal of a particular type found on the AuthenticationResult returned by AuthenticationContext.getAuthenticationResult().
DefaultRelyingPartyConfigurationResolver
Retrieves a per-relying party configuration for a given profile request based on the request context.
DefaultServiceComparator
Default comparator implementation for comparing CAS service URLs.
DefaultServiceComparator Deprecated, for removal: This API element is subject to removal in a future version. 
DefaultViewRequiresCSRFTokenPredicate
Default Predicate for determining if a CSRF token is required for the given request context.
DelegatedAssertionLookupStrategy
Lookup function to return the valid delegated assertion token in effect for the Liberty SSOS request.
DelegatingCriteriaRelyingPartyConfigurationResolver
An implementation of CriteriaRelyingPartyConfigurationResolver which delegates to an instance of RelyingPartyConfigurationResolver.
DelegationContext
Context which holds data relevant to the issuance of a delegated Assertion.
DelegationPolicy
SAMLObject for the Shibboleth DelegationPolicy extension supporting SAML delegation.
DelegationPolicyBuilder
Builder of DelegationPolicy objects.
DelegationPolicyImpl
Implementation of DelegationPolicy.
DelegationPolicyMarshaller
Marshaller for DelegationPolicy.
DelegationPolicyUnmarshaller
Unmarshaller for DelegationPolicy.
DelegationRequest
Enum which represents the state of the relying party's indication of whether a delegated assertion token is requested.
Demo
IdPModule implementation.
DeprecatedEntityRoleFilterParser Deprecated, for removal: This API element is subject to removal in a future version. 
DeprecatedPropertyBean
A bean that emits deprecation warnings if a configurable set of properties are set.
DestroySessions
Profile action that destroys any IdPSessions found in a LogoutContext.
DetailedErrorsPredicate
Predicate to determine whether a relying party should see detailed error information.
DetailedErrorsProfileConfigPredicate
A predicate that evaluates RelyingPartyConfiguration.isDetailedErrors(ProfileRequestContext) if available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
DetectIdentitySwitch
An authentication action that checks for a mismatch between an existing session's identity and the result of a newly canonicalized subject (from a SubjectCanonicalizationContext).
DirectionPolicyRule
General PolicyRequirementRule for testing the filtering direction.
DiscoveryProfileRequestFunction
A Function that produces a discovery request URL using the protocol defined in https://wiki.oasis-open.org/security/IdpDiscoSvcProtonProfile
DoLockoutManagerOperation
Action that implements a JSON REST API for the AccountLockoutManager interface.
DoStorageOperation
Action that implements a JSON REST API for accessing StorageService records.
DoubleConfigurationLookupStrategy
A strategy function that examines SAML metadata associated with a relying party and derives Double-valued configuration settings based on EntityAttribute extension tags.
Duo
IdPModule implementation.
DuoAuthAPI
Constants defined in the Duo AuthAPI.
DuoAuthAPIResponse
Describes the results of a Duo AuthAPI call, intended for use with a jackson ObjectMapper.
DuoAuthAuthenticator
Implementation of the the Duo AuthApi /v2/auth endpoint.
DuoAuthenticationContext
Context that carries Duo factor and device or passcode to be used in validation.
DuoAuthResponse
Describes the results of an authentication attempt via the Duo AuthAPI, intended for use with a jackson ObjectMapper.
DuoDevice
Represents a Duo device, intended for use with a jackson ObjectMapper.
DuoFailureResponse
Describes the failure of a Duo AuthAPI call.
DuoIntegration
Interface to a particular Duo integration point.
DuoPreauthAuthenticator
Implementation of the the Duo AuthAPI /v2/preauth endpoint.
DuoPreauthResponse
Describes the results of an pre-authentication attempt via the Duo AuthAPI.
DuoPrincipal
Principal based on a Duo authentication.
DuoResponseWrapper<T extends DuoAuthAPIResponse>
Handle a generic object returned from the response that will come from the Duo AuthAPI.
DuoSupport
Helpers for DuoWeb and Duo AuthAPI operations.
DurablePairwiseIdStore
Extended PairwiseIdStore interface that supports reversal, mutation, and deactivation features requiring durable storage.
DurationConfigurationLookupStrategy
A strategy function that examines SAML metadata associated with a relying party and derives Long-valued configuration settings that are durations, based on EntityAttribute extension tags.
DynamicAttributePredicate
Predicate over an AttributeContext that derives the value(s) to match based on one or more supplied Functions instead of static values.
DynamicHTTPMetadataProviderParser
Parser for concrete dynamic HTTP metadata resolvers, based on FunctionDrivenDynamicHTTPMetadataResolver.
ECPProfileConfiguration
Configuration support for SAML 2 ECP.
EmptyAttributeValue
An IdPAttributeValue that is empty.
EmptyAttributeValue.EmptyType
Types of empty values.
EncodingTicketService
Ticket service that uses two different strategies for ticket persistence: Service tickets, proxy tickets, and root proxy-granting tickets are persisted by serializing ticket data and encrypting it into the opaque part of the ticket ID using a DataSealer. Chained proxy-granting tickets are persisted using a StorageService.
EncryptionAlgorithmAuditExtractor
Function that returns the data encryption algorithm used.
EncryptionConfigurationLookupFunction
A function that returns a EncryptionConfiguration list using injected lookup strategies.
EncryptionCredentialsResolver
Credential resolver whose purpose is to resolve configured IdP encryption credentials.
EntitiesDescriptorNameParser
Parser for a <EntitiesDescriptorName> node processor.
EntityAttributesFilterParser
Parser for a <EntityAttributes> filter.
EntityRoleFilterParser
Parser for a <EntityRolet> filter.
EvaluateDelegationPolicy
Action which implements policy controls to decide whether an SSO request based on a delegated Assertion token is allowed to proceed.
Events
CAS protocol flow event identifiers.
ExactPrincipalEvalPredicateFactory
PrincipalEvalPredicateFactory that implements exact matching of principals, and works for any type.
ExecutableSearch
Should be implemented by objects used to search for attributes, that uniquely identify those search results.
ExecutableSearchBuilder<T extends ExecutableSearch>
Builder used to created ExecutableSearch instances.
ExecutableSearchFilter
A search filter that can be executed against an LDAP to fetch results.
ExecutableStatement
A statement that can be executed against a database to fetch results.
ExpiringPassword
IdPModule implementation.
ExtensionsConstants
Constants used in XMLObject extensions.
External
IdPModule implementation.
ExternalAuthentication
Public interface supporting external authentication outside the webflow engine.
ExternalAuthenticationContext
A context representing the state of an externalized authentication attempt, a case where authentication happens outside of a web flow.
ExternalAuthenticationException
Exception indicating a problem with the external authentication process.
ExternalAuthenticationImpl
Implementation of the ExternalAuthentication API that handles moving information in and out of request attributes.
ExternalInterceptor
Public interface supporting external interceptor flows outside the webflow engine.
ExternalInterceptorContext
A context representing the state of an externalized interceptor flow.
ExternalInterceptorException
Exception indicating a problem with the external interceptor process.
ExternalInterceptorImpl
Implementation of the ExternalInterceptor API that handles moving information in and out of request attributes.
ExtractActiveAuthenticationResults
An authentication action that populates a AuthenticationContext with the active AuthenticationResult objects found in a SessionContext that is a direct child of the ProfileRequestContext.
ExtractConsent
Consent action which extracts user input and updates current consent objects in the consent context accordingly.
ExtractDiscoveryResponse
An action that extracts a discovery service result and copies it to the AuthenticationContext.
ExtractDuoAuthenticationFromHeaders
An action that extracts the Duo factor and device or passcode from HTTP request headers into a DuoAuthenticationContext, and attaches it to the AuthenticationContext.
ExtractKerberosTicketFromWSSToken
TODO.
ExtractRemoteUser
An action that extracts an asserted user identity from the incoming request, creates a UsernameContext, and attaches it to the AuthenticationContext.
ExtractSubjectFromRequest
Action that extracts a SAML Subject from an inbound message, and prepares a SubjectCanonicalizationContext to process it into a principal identity.
ExtractSubjectFromRequest.SubjectNameLookupFunction
Lookup function that returns the NameIdentifier or NameID from the request in the inbound message context.
ExtractUserAgentAddress
An action that extracts the user-agent's IP address from the incoming request, creates a UserAgentContext, and attaches it to the AuthenticationContext.
ExtractUserAgentIdentifier
An action that extracts the user-agent's identifier from the incoming request, creates a UserAgentContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromBasicAuth
/** An action that extracts a username and password from the HTTP HttpHeaders.AUTHORIZATION header, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromFormRequest
An action that extracts a username and password from an HTTP form body or query string, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
ExtractUsernamePasswordFromWSSToken
An authentication stage that extracts a username/password from the WSS Username/Password attached to a SOAP message.
ExtractX509CertificateFromRequest
An action that extracts an X.509 certificate from the standard servlet request attribute, creates a CertificateContext, and attaches it to the AuthenticationContext.
FileBackedHTTPMetadataProviderParser
Parser for a <FileBackedHTTPMetadataProvider>.
FileCachingHttpClientFactoryBean
Factory bean customization for the Shibboleth IdP.
FileCachingHttpClientFactoryBean Deprecated, for removal: This API element is subject to removal in a future version. 
FilesystemMetadataProviderParser
Parser for a <FilesystemMetadataProvider>.
FilterAttributes
Action that invokes the AttributeFilter for the current request.
FilterByQueriedAttributeDesignators
Action that filters a set of attributes against the AttributeDesignator objects in an AttributeQuery.
FilterByQueriedAttributes
Action that filters a set of attributes against the Attribute objects in an AttributeQuery.
FilterFlowsByForcedAuthn
An authentication action that filters out potential authentication flows if the request requires forced authentication or max age behavior and the flows don't support forced authentication.
FilterFlowsByNonBrowserSupport
An authentication action that filters out potential authentication flows if the request requires non-browser support and the flows require a browser.
FilterFlowsByNonBrowserSupport
A profile interceptor action that filters out available interceptor flows if the request requires non-browser support and the flows require a browser.
FinalizeAuthentication
An authentication action that runs after a completed authentication flow (or the reuse of an active result) and transfers information from other contexts into a SubjectContext child of the ProfileRequestContext.
FinalizeMultiFactorAuthentication
An authentication action that completes MFA by producing a final AuthenticationResult out of whatever constituent parts and pieces exist, by means of an overridable function, storing it in the AuthenticationContext and preparing a fresh SubjectCanonicalizationContext to operate on.
FinalizeMultiFactorAuthentication.DefaultResultMergingStrategy
Default merging strategy to combine individual AuthenticationResult objects into a single result.
FinalizeSAMLSubjectCanonicalization
An action that runs after a completed canonicalization of a SAML Subject and transfers information into a SubjectContext child of the ProfileRequestContext.
FinalizeSAMLTokenProcessing
Post-process the results of Assertion token subject canonicalization.
FirstPartyIdPPlugin
Implementation class for plugins from the project itself to centralize update handling.
FlowDefinitionRegistryFactoryBean
A bean factory for creating FlowDefinitionRegistry instances, based on the programmatic builder built into SWF.
FlowDefinitionRegistryFactoryBean.DefaultFlowRegistry
Copied from SWF, a basic registry implementation.
FlowDefinitionResourceFactory
Derivation of SWF-supplied resource factory for flow definitions.
FlowDescriptor
Marker interface for a descriptor for a webflow allowing managed injection of configuration settings.
FlowDescriptorLookupFunction<T extends ProfileInterceptorFlowDescriptor>
Function that returns a profile interceptor flow descriptor from a profile request context using a lookup strategy.
FlowIdLookupFunction
ContextDataLookupFunction that returns the current flow id.
FlowModelFlowBuilder
This code is extended from FlowModelFlowBuilder in order to customize the Spring ApplicationContext used for flow configuration.
FlowRelativeResourceLoader
This code is extended from org.springframework.webflow.engine.builder.model.FlowRelativeResourceLoader with modifications to support proper lookup of resources via both filesystem and classpath along with custom protocol-specific loaders.
ForceAuthnAuditExtractor
Function that returns the ForceAuthn attribute from an AuthnRequest.
ForceAuthnProfileConfigPredicate
A predicate that evaluates a ProfileRequestContext and determines whether forced authentication should be set based on the associated AuthenticationProfileConfiguration.
FormatExecutableStatementBuilder
FormatExecutableStatementBuilder Deprecated.
Replaced by api class.
Function
IdPModule implementation.
GatewayLookupFunction
Looks up the value of the CAS gateway parameter from the request to the /login URI.
GenericPrincipalSerializer
Principal serializer for arbitrary principal types.
GenericPrincipalService<T extends Principal>
PrincipalService for most principal types that just exposes the proper PrincipalSerializer.
GlobalAttributeConsentPredicate
Predicate to determine whether global consent has been given by user.
GrantProxyTicketAction
Generates and stores a CAS protocol proxy ticket.
GrantServiceTicketAction
Generates and stores a CAS protocol service ticket.
GSSAcceptorLoginModule
Kerberos login utility for the context acceptor, encapsulates a number of special options used to create a security context for the GSS acceptor, usually based on a keytab file.
GSSContextAcceptor
Helper class that manages context establishment for the SPNEGO GSS-API mechanism.
Hello
IdPModule implementation.
HOTPPrincipal
Principal based on an HOTP authentication.
HTPasswdCredentialValidator
A password validator that authenticates against Apache htpasswd files.
HttpClientFactoryBean
Factory bean customization for the Shibboleth IdP.
HttpClientFactoryBean Deprecated, for removal: This API element is subject to removal in a future version. 
HttpClientProxyValidator
Authenticates a CAS proxy callback endpoint using an HttpClient instance to establish the connection and a TrustEngine to verify the TLS certificate presented by the remote peer.
HttpClientSecurityConfigurationLookupFunction
A MessageContext function that returns a HttpClientSecurityConfiguration list by way of various lookup strategies.
HTTPDataConnector
This class implements a DataConnector that obtains data from an HTTP service.
HTTPDataConnectorParser
Bean definition Parser for a HTTPDataConnector.
HTTPDataConnectorParser.V2Parser
Utility class for parsing v2 schema configuration.
HTTPMetadataProviderParser
Parser for a FilesystemMetadataProvider.
HTTPMetadataProvidersParserSupport
Helper class for Spring configuration of HTTP metadata providers.
HTTPReporter
A metrics reporter that runs at scheduled times and posts a JSON feed of metrics to a designated endpoint.
HTTPResourceFactoryBean
Factory bean for simple use cases that auto-configure PKIX or key pinning for an HTTPResource.
HTTPResponseMappingStrategy
Strategy for processing an HttpClient response into a map of IdPAttributes.
HTTPSearch
An HTTP request that returns attribute data.
HttpServletRequestCriterion
Criterion representing a session bound to a servlet request, which is implicitly the "current" request known to the resolver.
IdentifierGenerationStrategyLookupFunction
A function that returns an IdentifierGenerationStrategy by way of a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
IdPAttribute
Each attribute represents one piece of information about a user and has associated encoders used to turn that information in to protocol-specific formats.
IdPAttributePrincipal
Principal that wraps an IdPAttribute.
IdPAttributePrincipalSerializer
Principal serializer for IdPAttributePrincipal.
IdPAttributePrincipalValuesFunction
Engine to mine values from IdPAttributePrincipals.
IdPAttributeValue
Interface for values of an IdPAttribute.
IdPAuditFields
Constants to use for audit logging fields stored in an AuditContext.
IdPEventIds
IdP-specific constants to use for ProfileAction EventContexts.
IdPGaugeSet
A set of gauges for core system information.
IdPInitiatedSSORequest
Object representing a Shibboleth Authentication Request message.
IdPInitiatedSSORequestMessageDecoder
Decodes an incoming Shibboleth Authentication Request message.
IdPInitiatedSSORequestMessageDecoder
Decodes an incoming Shibboleth Authentication Request message.
IdPModule
This interface is exported (via the service API) by every IdP module.
IdPModule.ModuleResource
Interface to a resource managed by the module.
IdPModule.ResourceResult
Resource management outcome.
IdPPlugin
This interface is exported (via the service API) by every IdP plugin.
IdPPropertiesApplicationContextInitializer
An ApplicationContextInitializer which appends properties to the application context's environment.
IdPRequestedAttribute
IdP Representation of the SAML2 RequestedAttribute.
IdPSession
An identity provider session belonging to a particular subject and client device.
IdPUIInfo
Class to contain a processed form of the UIInfo suitable for display purposes.
IgnoreRequestSignaturesPredicate
Predicate that decides whether to ignore a request signature.
IgnoreScopingProfileConfigPredicate
A predicate that evaluates a ProfileRequestContext and extracts the effective setting of BrowserSSOProfileConfiguration.isIgnoreScoping(ProfileRequestContext).
Impersonate
IdPModule implementation.
InboundFlowsLookupFunction
A function that returns ProfileConfiguration.getInboundInterceptorFlows(org.opensaml.profile.context.ProfileRequestContext)() if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
InboundRuleParser
IncludeAttributeStatementPredicate
A predicate that evaluates a SSO ProfileRequestContext and determines whether an attribute statement should be included in the outgoing assertion.
InexactPrincipalEvalPredicateFactory
PrincipalEvalPredicateFactory that implements inexact matching of principals, based on an arbitrary set of "matches" configured at runtime.
InitializeAdministrativeProfileContextTree
An action that processes settings from a supplied AdministrativeFlowDescriptor to prepare the profile context tree for subsequent use by an administrative profile flow.
InitializeAttributeReleaseContext
Action that creates an AttributeReleaseContext and attaches it to the current ProfileRequestContext.
InitializeAuthenticationContext
An action that creates an AuthenticationContext and attaches it to the current ProfileRequestContext.
InitializeConsentContext
Action that creates a ConsentContext and attaches it to the current ProfileRequestContext.
InitializeLoginAction
Initializes the CAS protocol interaction at the /login URI.
InitializeOutboundMessageContext
Action that adds an outbound MessageContext and related SAML contexts to the ProfileRequestContext based on the identity of a relying party accessed via a lookup strategy, by default an immediate child of the profile request context.
InitializeOutboundMessageContextForError
Action that prepares an outbound MessageContext and related SAML contexts in the event that they are not already prepared, to allow error responses to be generated in the case of synchronous bindings (i.e., SOAP).
InitializeProfileRequestContext
Action that creates a new ProfileRequestContext and binds it to the current conversation under the ProfileRequestContext.BINDING_KEY key, and sets the profile and logging IDs, if provided.
InitializeProxyAction
Initializes the CAS protocol interaction at the /proxy URI.
InitializeProxyProfileRequestContext
Action that creates a new ProfileRequestContext via a creation strategy, and sets the profile and logging IDs, if provided.
InitializeRelyingPartyContextFromSAMLPeer
Message handler that adds a RelyingPartyContext to the current InOutOperationContext tree via a creation function.
InitializeRelyingPartyContextFromSAMLPeer
Action that adds a RelyingPartyContext to the current ProfileRequestContext tree via a creation function.
InitializeRequestedPrincipalContext
An action that creates an RequestedPrincipalContext and attaches it to the current AuthenticationContext, if the profile request context contains a RelyingPartyContext with an AuthenticationProfileConfiguration containing one or more default authentication methods.
InitializeValidateAction
Initializes the CAS protocol interaction at the /login URI.
InlineMetadataProviderParser
Parser for <InlineMetadataProvider>.
InMemoryCachingHttpClientFactoryBean Deprecated, for removal: This API element is subject to removal in a future version. 
InMemoryCachingHttpClientFactoryBean
Factory bean customization for the Shibboleth IdP.
InputAttributeDefinitionParser
Bean definition parser for a ResolverAttributeDefinitionDependency.
InputDataConnectorParser
Bean definition parser for a ResolverDataConnectorDependency.
InResponseToAuditExtractor
Function that returns the InResponseTo attribute from a response.
Installer
Entry point to run the main classes.
InstallerProperties
Interface to describe simply parameterization and status of the installation.
InstallerPropertiesImpl
Class implement InstallerProperties with properties/UI driven values.
InstallerSupport
General common names and helper functions for the Installer.
IntegerConfigurationLookupStrategy
A strategy function that examines SAML metadata associated with a relying party and derives Integer-valued configuration settings based on EntityAttribute extension tags.
InvalidCSRFTokenException
Exception indicating a problem validating a CSRF token at runtime.
IPAddress
IdPModule implementation.
IPRangeBiPredicate
A BiPredicate that checks if a pair of addresses are either equal, or share an IPRange.
IsAttributeRequiredPredicate
Predicate that determines whether an IdP attribute is required by the requester.
IsConsentRequiredPredicate
Predicate that returns whether consent is required by comparing the previous and current consents from the consent context.
IsPassiveAuditExtractor
Function that returns the IsPassive attribute from an AuthnRequest.
IssuingDelegatedAssertionPredicate
A predicate which determines whether issuance of a delegated SAML 2 Assertion is active.
JAASCredentialValidator
A password validator that authenticates against JAAS.
JarCheckArguments
Command line arguments for JarCheckCLI.
JarCheckCLI
Program to check for potential jar clashes.
JDBCPairwiseIdStore
JDBC-based storage management for pairwise IDs.
JoinFunction
Function to join the result of two functions with a separator.
KerberosCredentialValidator
A password validator that authenticates against Kerberos natively, with optional service ticket verification.
KerberosRealmSettings
Kerberos realm settings for the SPNEGO authentication flow.
KerberosSettings
Kerberos settings for the SPNEGO authentication flow.
KerberosTicketContext
Context that carries a KerberosTicket to be validated.
KeyAuthority
XMLObject for the Shibboleth KeyAuthority metadata extension.
KeyAuthorityBuilder
Builder of KeyAuthority objects.
KeyAuthorityImpl
Implementation of KeyAuthority.
KeyAuthorityMarshaller
Marshaller for KeyAuthority.
KeyAuthorityNodeProcessor
An implementation of MetadataNodeProcessor which supports processing the Shibboleth KeyAuthority information within a metadata document.
KeyAuthorityParser
Parser for a <KeyAuthority> node processor.
KeyAuthoritySupport
Utility class for extracting PKIXValidationInformation from a KeyAuthority.
KeyAuthoritySupport.KeyAuthorityPKIXValidationInformation
Basic implementation of PKIXValidationInformation.
KeyAuthorityUnmarshaller
Unmarshaller for KeyAuthority.
KeystoreResourceCredentialConfig
Implementation of CredentialConfig that loads keystore and truststore data using a Resource.
LDAPAuthenticationFactoryBean
LDAP Authentication configuration.
LDAPAuthenticationFactoryBean.AuthenticatorType
Enum that defines authenticator configuration.
LDAPAuthenticationFactoryBean.ConnectionStrategyType
Enum that defines LDAP connection strategy.
LDAPAuthenticationFactoryBean.PassivatorType
Enum that defines an LDAP pool passivator.
LDAPAuthenticationFactoryBean.TrustType
Enum that defines LDAP trust configuration.
LDAPCredentialValidator
A password validator that authenticates against LDAP natively.
LDAPDataConnector
A DataConnector that queries an LDAP in order to retrieve attribute data.
LDAPDataConnectorParser
Bean definition Parser for a LDAPDataConnector.
LDAPDataConnectorParser.V2Parser
Utility class for parsing v2 schema configuration.
LDAPPrincipalSerializer
Principal serializer for LdapPrincipal.
LDAPResponseContext
A context containing data about an LDAP authentication operation.
LegacyCanonicalization Deprecated. 
LegacyEncryptionRequirementPredicate
A predicate implementation that supports the legacy V2 configuration options of "always", "conditional", and "never" for encryption.
LegacyEncryptionRequirementPredicate.EncryptionRequirementSetting
Internal enum for the options supported.
LegacySigningRequirementPredicate
A predicate implementation that supports the legacy V2 configuration options of "always", "conditional", and "never" for signing.
LegacySigningRequirementPredicate.SigningRequirementSetting
Internal enum for the options supported.
LibertyConstants
Liberty-related constants.
LibertyHTTPSOAP11Decoder
Decoder for Liberty ID-WSF 2.0 SOAP 1.1 HTTP binding carrying SAML protocol messages used in SAML delegation.
LibertyHTTPSOAP11Encoder
Encoder for Liberty ID-WSF 2.0 SOAP 1.1 HTTP binding carrying SAML protocol messages used in SAML delegation.
LibertySSOSContext
Context for storing information related to the Liberty SSOS profile and use of an inbound delegated Assertion token.
ListConfigurationLookupStrategy<T>
A strategy function that examines SAML metadata associated with a relying party and derives List<String>-valued configuration settings based on EntityAttribute extension tags.
LocalDynamicMetadataProviderParser
LocaleLookupFunction
Function which resolves the Locale from a ProfileRequestContext.
LocalFlowBuilderContext
This code is copied verbatim from org.springframework.webflow.engine.builder.model.LocalFlowBuilderContext A builder context that delegates to a flow-local bean factory for builder services.
LockoutManagerContext
A context that holds information about a management operation on an AccountLockoutManager.
LogbackLoggingService
Simple LoggingService that watches for logback configuration file changes and reloads the file when a change occurs.
LogContextTree
Spring Web Flow utility action for logging on DEBUG a representation of the current ProfileRequestContext.
LoggingService
A logging configuration abstraction that piggybacks on the ReloadableService interface.
LoggingVisitor
A @{link FileVisitor copies directory trees keeping a note of all copied target files.
LoginConfiguration
CAS protocol configuration that applies to the /login URI.
LogoutContext
A BaseContext that holds a multimap of SPSession objects.
LogoutContextSessionLookupFunction
A function that returns a session from a LogoutContext and removes it from that context at the same time.
LogoutPropagationContext
Context holding information needed to perform logout for a single SP session.
LogoutPropagationContext.Result
Logout propagation result.
LogoutPropagationFlowDescriptor
A descriptor for a logout propagation flow.
LogoutPropagationFlowDescriptorManager
LogoutPropagationFlowDescriptorSelector
Selection function to retrieve the logout propagation flow descriptor that is suitable for a given SPSession.
LogoutStatusStrategyFunction
A strategy function for determining the status of a logout based on the content of a LogoutContext.
LogSpringContextInfo
Spring Web Flow utility action for logging on DEBUG details about the current hierarchy of Spring ApplicationContext and the beans contained within each.
LongConfigurationLookupStrategy
A strategy function that examines SAML metadata associated with a relying party and derives Long-valued configuration settings based on EntityAttribute extension tags.
LoopDetectionPredicate
A condition that relies on a Meter to detect looping SPs.
ManagedConnectionParser
Utility class for parsing v2 managed connection configuration.
MapDrivenAuthnContextTranslationStrategy
Implements a set of default logic for mapping an AuthnContext's content into a set of custom Principals based on a set of static mapping rules.
MappedAttributeDefinition
Implementation of Mapped Attributes.
MappedAttributeDefinitionParser
Bean definition parser for a MappedAttributeDefinition.
MappedAttributeInMetadataRuleParser
Bean definition parser for deprecated variant of AttributeInMetadataMatcher.
MappedEntityAttributesPredicate
Extended version of EntityAttributes-driven predicate that uses an optimization to check for mapped attributes in an AttributesMapContainer structure.
MappingStrategy<T>
Strategy for mapping from an arbitrary result type to a collection of IdPAttributes.
MapRequestedAttributesInAttributeConsumingService
Action that ensures that the attributes in the ACS (if any) are mapped.
Matcher
Java definition of MatchFunctorType as applied to value filtering.
MatcherFromPolicy
Bridging class to go from a PolicyRequirementRule to a Matcher.
MaximumTimeSinceAuthnLookupFunction
A function that returns BrowserSSOProfileConfiguration.getMaximumTimeSinceAuthn(ProfileRequestContext) if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
MergePropertiesTask
A class to merge a property file into another property file, preserving the comments.
MessageSourceConsentFunction
Function that returns a consent object whose id and value are resolved from a lookup function and MessageSource.
MetadataGenerator
Interface to define Metadata Generation.
MetadataGeneratorImpl
This class gathers information which it then uses to generate IdP Metadata.
MetadataGeneratorImpl.Endpoints
The end points we understand.
MetadataGeneratorParameters
Interface which describes metadata that needs to be generated.
MetadataGeneratorParametersImpl
Implementation of MetadataGeneratorParameters.
MetadataGeneratorTask
Task to generate metadata.
MetadataNamespaceHandler
Namespace handler for urn:mace:shibboleth:2.0:metadata.
MetadataPKIXValidationInformationResolver
An implementation of PKIXValidationInformationResolver which resolves PKIXValidationInformation based on information stored in SAML 2 metadata.
MetadataProtocolAuditExtractor
Function that returns the Metadata protocol (as defined by the bean called shibboleth.MetadataLookup.Protocol).
MetadataProviderContainer
This class is a sortable container of MetadataResolvers, wrapped into a serviceable component.
MetadataQueryArguments
Command line processing for MetadataQuery flow.
MetadataQueryRequest
Object representing a query for metadata.
MetadataQueryRequestDecoder
Decodes an incoming metadata query request.
MetadataResolverServiceGaugeSet
Additional gauges for metadata resolvers.
MetadataResolverServiceStrategy
Strategy for summoning up a MetadataResolver from a populated ApplicationContext.
MetadataServiceRegistry
CAS service registry implementation that queries SAML metadata for a CAS service given a CAS service URL using the following strategy.
MetadataServiceRegistry.LoginEndpointPredicate
Predicate defines CAS login endpoints so that the metadata index on endpoints can be scoped to the smallest set needed to support CAS entities in SAML metadata.
MFA
IdPModule implementation.
ModuleContext
Information required to perform some module operations.
ModuleException
Module exception class.
ModuleManagerArguments
Arguments for IdPModule management CLI.
ModuleManagerCLI
Command line for IdPModule management.
MultiFactorAuthenticationContext
A context that holds information about the intermediate state of the multi-factor login flow.
MultiFactorAuthenticationTransition
A ruleset for managing the transition out of a step during the multi-factor authn flow.
MultipleResultAnErrorResolutionException
A special ResolutionException which is thrown if multiple results were resolved by a data connector and the deployer specified "MultipleResultsAnError".
MultiRelyingPartyContext
BaseContext representing multiple relying parties involved in a request, usually a subcontext of ProfileRequestContext.
NameDecoderException
Error thrown if decoding of a SAML subject identifier fails.
NameIDAuditExtractor
Function that returns the Name Identifier from a request or response.
NameIDCanonicalization
Action to perform subject canonicalization, transforming the input Subject into a principal name by searching for one and only one NameIDPrincipal custom principal, using an injected NameIDDecoder to carry out the process.
NameIDCanonicalization.ActivationCondition
A predicate that determines if this action can run or not.
NameIDCanonicalizationFlowDescriptor
A class used to describe flow descriptors for NameIDPrincipal and NameIdentifierPrincipal c14n.
NameIDDecoder
Interface for converting a NameID back into a principal name.
NameIdentifierCanonicalization
Action to perform subject canonicalization, transforming the input Subject into a principal name by searching for one and only one NameIdentifierPrincipal custom principal, using an injected NameIdentifierDecoder to carry out the process.
NameIdentifierCanonicalization.ActivationCondition
A predicate that determines if this action can run or not.
NameIdentifierDecoder
Interface for converting a NameIdentifier back into a principal name.
NameIdentifierGenerationService
A service interface for obtaining name identifier generators.
NameIdentifierGenerationServiceImpl
NameIdentifierPrincipal
Principal based on the SAML2 NameIdentifier.
NameIDFormatAuditExtractor
Function that returns the Name Identifier Format from a SAML Subject.
NameIDFormatFilterParser
Parser for a <NameIDFormat> filter.
NameIDPolicyFormatAuditExtractor
Function that returns the NameID Format from a NameIDPolicy element.
NameIDPolicySPNameQualifierAuditExtractor
Function that returns the SPNameQualifier from a NameIDPolicy element.
NameIDPrincipal
Principal based on the SAML2 NameID.
NameIDPrincipalSerializer
Principal serializer for NameIDPrincipal.
NodeProcessingAttachingBeanPostProcessor
A BeanPostProcessor for MetadataResolver beans that ensures a NodeProcessingMetadataFilter containing a set of default MetadataNodeProcessor plugins is attached.
NodeProcessingParser
Parser for a <NodeProcessing> filter.
NonFailFastValidator
Used to determine whether a Data Connector initialized properly and continues to be fit for use.
NoResultAnErrorResolutionException
A special ResolutionException which is thrown if no results were resolved by a data connector and the deployer specified "NoResultsAnError".
NotBeforeProfileConfigPredicate
A predicate that returns SAMLProfileConfiguration.isIncludeConditionsNotBefore(ProfileRequestContext) if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
NotMatcher
Matcher that implements the negation of a matcher.
NotMatcherParser
Bean definition parser for NotMatcher or NotPolicyRule objects.
NotPolicyRule
PolicyRequirementRule that implements the negation of a matcher.
NumOfAttributeValuesPolicyRule
A policy rule that checks if the given attribute has more than the minimum number of values but less than the maximum.
NumOfAttributeValuesRuleParser
Bean definition parser for NumOfAttributeValuesPolicyRule.
OneTimeAdministrativeFlowDescriptor
Descriptor for an administrative flow that tracks whether it's been run or not to limit use.
OpenSAMLConfigBean
A simple bean that may be used with Spring to initialize the OpenSAML library with injected instances of some critical objects.
OrganizationDisplayNameTag
Service OrganizationDisplayName - directly from the metadata if present.
OrganizationNameTag
Service OrganizationName - directly from the metadata if present.
OrganizationUIInfo
Class to contain a processed form of the Organization suitable for display purposes.
OrganizationURLTag
Service OrganizationURL - directly from the metadata if present.
OrMatcher
Matcher that implements the disjunction of matchers.
OrMatcherParser
Bean definition parser for OrMatcher or OrPolicyRule objects.
OrPolicyRule
PolicyRequirementRule that implements the disjunction of Policy Rules.
OutboundFlowsLookupFunction
A function that returns ProfileConfiguration.getOutboundInterceptorFlows(org.opensaml.profile.context.ProfileRequestContext)() if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
OutboundRuleParser
OutputMetrics
Action that outputs one or more Metric objects.
OverriddenIssuerProfileConfiguration
ProfileConfiguration with optional override of issuer setting.
PairwiseId
Object representing a pairwise/targeted identifier entry as a storage input/output.
PairwiseIdDataConnector
A DataConnector that generates pairwise IDs that depend on a seed IdPAttribute.
PairwiseIdDataConnectorParser
Spring bean definition parser for configuring PairwiseIdDataConnector variants.
PairwiseIdStore
Storage and retrieval interface for pairwise/targeted identifiers allowing for custom implementations.
ParameterizedExecutableSearchFilterBuilder Deprecated.
Replaced by api class.
ParameterizedExecutableSearchFilterBuilder
An ExecutableSearchBuilder that generates the search filter to be executed by evaluating a parameterized filter string against the currently resolved attributes within a AttributeResolutionContext.
Password
IdPModule implementation.
PasswordHandler
Ant helper class to ask for passwords, rejecting zero length passwords and asking for confirmation.
PasswordPrincipal
Principal that wraps a password.
PathInfoSupportingFlowUrlHandler
Extension of standard SWF URL handler that checks for requests in which a valid flow ID is a prefix of the PATH_INFO value, allowing the flow to run with the rest of the path available to it as input.
PatternServiceRegistry
Service registry that evaluates a candidate service URL against one or more defined services, where each definition contains a service URL regular expression pattern.
PersistenceManager<ItemType> Deprecated. 
PersistentSAML2NameIDGenerator
Generator for "persistent" Format NameID objects that provides a source/seed ID based on IdPAttribute data.
PKIXInlineValidationInfoFactoryBean
File system specific bean for PKIXValidationInfo.
PKIXInlineValidationInfoParser
Parser for <ValidationInfo type="PKIXInline">.
PKIXResourceValidationInfoFactoryBean
File system specific bean for PKIXValidationInfo.
PKIXResourceValidationInfoParser
Parser for <ValidationInfo type="PKIXFilesystem"> and <ValidationInfo type="PKIXResourceBacked">.
PKIXValidationOptionsParser
A Parser for the < ValidationOptions > within a StaticPKIXSignature.
PluginDependencySupport
Support class for working with dependencies both ResolverAttributeDefinitionDependency and ResolverDataConnectorDependency.
PluginException
Plugin exception class.
PluginIdPModule
Implementation base class for IdPModule that is shipped in a plugin produced by the Shibboleth Project ourselves and for which the documentation will be in the wiki in a fixed location.
PluginInstaller
The class where the heavy lifting of managing a plugin happens.
PluginInstallerArguments
Arguments for Plugin Installer CLI.
PluginInstallerArguments.OperationType
Operation enum.
PluginInstallerCLI
Command line for Plugin Installation.
PluginInstallerCLI.InstallerQuery
Predicate to ask the user if they want to install the trust store provided.
PluginInstallerSupport
Support for copying files during plugin manipulation.
PluginInstallerSupport.DeletingVisitor
A @{link FileVisitor which deletes files.
PluginInstallerSupport.NameClashVisitor
A @{link FileVisitor which detects (and logs) whether a copy would overwrite.
PluginState
A class which will answer questions about a plugin state as of now (by querying the information Resources for the current published state).
PluginState.VersionInfo
Encapsulation of the information about a given IdP version.
PluginSupport
Useful methods for supporting plugins.
PluginSupport.SupportLevel
Value for support level pointed to by PluginSupport.SUPPORT_LEVEL_INTERFIX.
PluginVersion
A version string (Major.minor.patch) as a handy class.
PolicyFromMatcher
Bridging class to go from a Matcher to a PolicyRequirementRule.
PolicyFromMatcherId
Bridging class to go from a Matcher to a PolicyRequirementRule.
PolicyRequirementRule
Java definition of PolicyRequirementRule.
PolicyRequirementRule.Tristate
Representation of the three outcomes of a PolicyRequirementRule.
PooledTemplateSearchDnResolver
Template-based pooled search dn resolver.
PopulateAttributeReleaseContext
Attribute consent action to populate the attribute consent context with the attributes for which consent should be obtained.
PopulateAuditContext
Action that populates fields in an AuditContext using injected functions.
PopulateAuditContext.FormattingMapParser
Parser for the formatting strings that exposes a final set of field labels that are present in any of the input formatters.
PopulateAuthenticationContext
An action that populates an AuthenticationContext with the AuthenticationFlowDescriptor objects configured into the IdP, potential flows filtered by flow IDs from a lookup function.
PopulateBindingAndEndpointContexts
Action that populates the outbound SAMLBindingContext and when appropriate the SAMLEndpointContext based on the inbound request.
PopulateConsentContext
Consent action which populates the current consents of a consent context with the output value of a function whose input value is a profile request context.
PopulateDelegationContext
A profile action which determines whether issuance of a delegated Assertion token is active, and populates a DelegationContext appropriately.
PopulateEncryptionParameters
Action that resolves and populates EncryptionParameters on an EncryptionContext created/accessed via a lookup function, by default on a RelyingPartyContext child of the profile request context.
PopulateInboundMessageContextWithSAMLSelf
Action that adds a SAMLSelfEntityContext to the inbound MessageContext
PopulateLibertyContext
Locate a pre-validated Assertion WS-Security token, and populate the LibertySSOSContext.
PopulateLogoutPropagationContext
Profile action that creates a LogoutPropagationContext containing SPSession to be destroyed.
PopulateMultiFactorAuthenticationContext
An action that creates and populates a MultiFactorAuthenticationContext with the set of transition rules to use for coordinating activity, the executing AuthenticationFlowDescriptor and with any active "factors" found, if an active result from the MFA flow is present in the AuthenticationContext.
PopulateMultiRPContextFromLogoutContext
Profile action that populates a MultiRelyingPartyContext with the relying party information from a LogoutContext, and extends each RelyingPartyContext created with a SAMLMetadataContext based on metadata lookup.
PopulateOutboundMessageContext
Populate the outbound message context with data that is specific to the delegation flow.
PopulateProfileInterceptorContext
An profile interceptor action that populates a ProfileInterceptorContext with ProfileInterceptorFlowDescriptor objects based on flow IDs from a lookup function.
PopulateProtocolErrorAction<RequestType>
Populates error information needed for protocol error messages.
PopulateSessionContext
A profile action that populates a SessionContext with an active, valid IdPSession.
PopulateSubjectCanonicalizationContext
An action that populates a SubjectCanonicalizationContext with the SubjectCanonicalizationFlowDescriptor objects configured into the IdP.
PopulateSubjectContext
An action that populates a principal name obtained from a lookup function into a SubjectContext child of the ProfileRequestContext.
PopulateUserAgentContext
An action that conditionally populates a UserAgentContext as a child of the ProfileRequestContext.
PostAuthenticationFlowsLookupFunction
A function that returns AuthenticationProfileConfiguration.getPostAuthenticationFlows(org.opensaml.profile.context.ProfileRequestContext)() if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
PredicateFilterDirectionFactoryBean
Factory bean allow property replacements of the direction going in to a PredicateFilter.
PredicateFilterParser
Parser for a <Predicate> filter.
PredicatePolicyRule
Call out to an externally define predicate.
PredicateRuleParser
Bean definition parser for PredicatePolicyRule.
PreferExplicitOrderComparator
Comparator which prefers to order strings according to the order in which they appear in a list, and which falls back to natural ordering for strings not present in the list.
PreferredPrincipalContext
A context that holds information about an authentication request's preference for a specific custom Principal.
PrepareInboundMessageContext
Action that adds an inbound MessageContext and a SAMLPeerEntityContext to the ProfileRequestContext based on the identity of a relying party, by default from a SAML2SPSession found in a LogoutPropagationContext.
PrepareTicketValidationResponseAction
Prepares TicketValidationResponse for use in CAS protocol response views.
PrescopedAttributeDefinition
An attribute definition that creates ScopedStringAttributeValues by taking a source attribute value splitting it at a delimiter.
PrescopedAttributeDefinitionParser
Spring bean definition parser for prescoped attributes.
PreserveAuthenticationFlowState
An action that extracts configured parameters from a servlet request and populates AuthenticationContext.getAuthenticationStateMap() with the data.
PreviousResultLookupFunction
A function that returns the value of AuthenticationResult.isPreviousResult() or null if the input context is null or AuthenticationContext.getAuthenticationResult() is null.
PrincipalEvalPredicate
A Predicate to evaluate a Principal that represents a requested form of authentication against a set of principals supported by a PrincipalSupportingComponent.
PrincipalEvalPredicateFactory
Generates a Predicate to evaluate a PrincipalSupportingComponent against a requested form of authentication expressed in terms of a Principal.
PrincipalEvalPredicateFactoryRegistration
Wraps the association of a PrincipalEvalPredicateFactory against a particular Principal subtype and a string operator.
PrincipalEvalPredicateFactoryRegistry
A registry of mappings between a custom Principal subtype with a matching operator and a corresponding PrincipalEvalPredicateFactory that returns predicates enforcing a particular set of matching rules for that operator and subtype.
PrincipalNameAttributeDefinition
An attribute definition which returns an attribute with a single value - the principal.
PrincipalNameAttributeDefinitionParser
Spring Bean Definition Parser for PrincipalName attribute definitions.
PrincipalNamePolicyRule
Compare the principal name for this resolution with the provided string.
PrincipalNameRegexpPolicyRule
Compare the principal name for this resolution with the provided regexp.
PrincipalNameRegexRuleParser
Bean definition parser for PrincipalNameRegexpPolicyRule.
PrincipalNameRuleParser
Bean definition parser for PrincipalNamePolicyRule.
PrincipalSerializer<Type>
Interface for the serialization/deserialization of principals.
PrincipalService<T extends Principal>
Interface that provides services for a Principal of a given type.
PrincipalServiceManager
Manages and exposes instances of the PrincipalService interface.
PrincipalSupportingComponent
Interface for an authentication component that exposes custom Principal objects.
ProcessAssertionsForAuthentication
Perform processing of a SAML 2 Response's Assertions that have been validated by earlier actions for use in finalization of SAML-based authentication by later actions.
ProcessDelegatedAssertion
Process the pre-validated inbound Assertion WS-Security token, and set up the resulting NameID for subject canonicalization as the effective subject of the request.
ProcessFrameworkHandler
Handler implementation that handles sbf:Framework header on the inbound SOAP envelope.
ProcessLogout
Profile action that resolves an active session from the profile request, and records it, populating the associated SPSession objects into a LogoutContext.
ProcessLogoutRequest
Profile action that processes a LogoutRequest by resolving matching sessions, and destroys them, populating the associated SPSession objects (excepting the one initiating the logout) into a LogoutContext.
ProcessRequestedAuthnContext
An authentication action that processes the RequestedAuthnContext in a SAML 2 AuthnRequest, and populates a RequestedPrincipalContext with the corresponding information.
ProcessSamlMessageAction
Processes the ticket validation request message from decoded SAML 1.1 message and request parameters.
ProcessSenderHandler
Handler implementation that handles the sb:Sender header on the inbound SOAP envelope.
ProfileActionBeanFactoryPostProcessor
Post-processes bean configuration metadata to ensure that stateful beans are scoped properly.
ProfileActionBeanPostProcessor
Post-processes ProfileAction beans by wrapping them in a Spring Web Flow adaptor.
ProfileConfiguration
Represents the configuration of a particular communication profile.
ProfileInterceptorContext
A BaseContext which holds flows that are available to be executed, the last flow attempted, and any flow result.
ProfileInterceptorFlowDescriptor
A descriptor for a profile interceptor flow.
ProfileInterceptorFlowDescriptorManager
ProfileInterceptorResult
Represents the result of a profile interceptor flow intended for storage by a StorageService.
ProfileRequestContextFlowExecutionListener
Exposes the ProfileRequestContext in a request attribute to make it accessible outside the Webflow execution pipeline.
ProgressReportingOutputStream
A version of BufferedOutputStream which provides some idea of progress.
PropertiesWithComments
A package which is similar to Properties, but allows comments to be preserved.
PropertiesWithComments.CommentedProperty
A POJO which looks like a property.
PropertyDrivenIdPModule
Implementation of IdPModule relying on Java Properties.
PropertyDrivenIdPPlugin
Implementation of IdPPlugin relying on Java Properties.
ProtocolContext<RequestType,​ResponseType>
Context container for CAS protocol request and response messages.
ProtocolError
CAS protocol errors.
ProtocolParam
Protocol parameter name enumeration.
ProxiedRequesterPolicyRule
Compare a proxied attribute requester's entity ID for this resolution with the provided name.
ProxiedRequesterRegexpPolicyRule
Compare a proxied attribute requester's entity ID for this resolution with the provided regexp.
ProxiedRequesterRegexRuleParser
Bean definition parser for ProxiedRequesterRegexpPolicyRule.
ProxiedRequesterRuleParser
Bean definition parser for ProxiedRequesterPolicyRule.
ProxyAuthenticationLookupFunction
A function that returns the first value stored in a ProxyAuthenticationPrincipal contained in a Subject.
ProxyAuthenticationPrincipal
Principal that wraps a set of proxied authentication authorities and any restrictions on subsequent re-use.
ProxyAuthenticationPrincipalSerializer
Principal serializer for ProxyAuthenticationPrincipal.
ProxyAwareAuthnContextComparisonLookupFunction
Implements a set of default logic for determining the RequestedAuthnContext operator to use.
ProxyAwareDefaultAuthenticationMethodsLookupFunction
Implements a set of default logic for determining the custom principals to derive the RequestedAuthnContext from.
ProxyAwareForceAuthnPredicate
Implements a set of default logic for determining whether ForceAuthn should be applied.
ProxyConfiguration
CAS protocol configuration that applies to the /proxy URI.
ProxyCountLookupFunction
A function that returns the allowable proxy count based on the result of SAML2ProfileConfiguration.getProxyCount(ProfileRequestContext), if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
ProxyGrantingTicket
CAS proxy-granting ticket.
ProxyGrantingTicketLookupFunction
Looks up the PGT from a proxy ticket request.
ProxyGrantingTicketSerializer
Serializes proxy-granting tickets in simple field-delimited form.
ProxyIdentifiers
Container for identifiers used in authenticating a proxy callback endpoint.
ProxyRestrictionLookupFunction
A function that returns the allowable proxy count and audiences to include in assertions, based on the results of lookup functions for local configuration merged with upstream proxy restrictions to compute a final result in accordance with the standard.
ProxySAML1NameIdentifierGenerator
A compound implementation of the SAML1NameIdentifierGenerator interface that wraps a sequence of candidate generators along with a default to try if no format-specific options are available.
ProxySAML2NameIDGenerator
A compound implementation of the SAML2NameIDGenerator interface that wraps a sequence of candidate generators along with a default to try if no format-specific options are available.
ProxyTicket
CAS proxy ticket.
ProxyTicketRequest
Container for proxy ticket request parameters provided to /proxy URI.
ProxyTicketResponse
Container for proxy ticket response parameters returned from /proxy URI.
ProxyTicketSerializer
Proxy ticket storage serializer.
ProxyValidator
Strategy pattern component for proxy callback endpoint validation.
PublishProtocolMessageAction<RequestType,​ResponseType>
Action to publish the CAS protocol request or response messages, i.e.
QualifiedNameIDFormatsLookupFunction
A function that returns the NameID Formats whose NameQualifier attributes should allow for defaulting based on the result of SingleLogoutProfileConfiguration.getQualifiedNameIDFormats(ProfileRequestContext) if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
RDBMSDataConnector
A DataConnector that queries a relation database in order to retrieve attribute data.
RDBMSDataConnectorParser
Bean definition Parser for a RDBMSDataConnector.
RDBMSDataConnectorParser.V2Parser
Utility class for parsing v2 schema configuration.
ReadConsentFromStorage
Consent action which reads consent records from storage and adds the serialized consent records to the consent context as previous consents.
RecordResponseComplete
Action that records the "Response Complete" status on the external context if not done so already.
RegexAttributePredicate
Predicate that evaluates an AttributeContext and checks a specific attribute for value(s) that match a regular expression.
RegexSplitAttributeDefinition
An AttributeDefinition that produces its attribute values by taking the first group match of a regular expression evaluating against the values of this definition's dependencies.
RegexSplitAttributeDefinitionParser
Spring Bean Definition Parser for Regexp split attribute definitions.
ReleaseAttributes
Attribute consent action which constrains the attributes released to those consented to.
ReloadableServiceGaugeSet<T>
A set of gauges for a reloadable service.
ReloadingAccessControlService
This class wraps an AccessControlService in a ServiceableComponent.
ReloadingRelyingPartyConfigurationResolver
Retrieves a per-relying party configuration for a given profile request based on the request context.
ReloadingRelyingPartyMetadataProvider
This class uses the service interface to implement MetadataResolver.
ReloadingServiceRegistry
Service registry wrapper around a ReloadableService.
ReloadMetadata
Action that refreshes or clears a MetadataResolver manually.
ReloadMetadataArguments
Command line processing for reload-metadata flow.
ReloadServiceArguments
Command line processing for reload-service flow.
ReloadServiceConfiguration
Action that refreshes a ReloadableService manually.
RelyingPartyConfiguration
The configuration that applies to a given relying party.
RelyingPartyConfigurationResolver
Resolves a RelyingPartyConfiguration for a given profile request context.
RelyingPartyConfigurationSupport
Support functions for building RelyingPartyConfiguration objects with SAML functionality.
RelyingPartyContext
BaseContext containing relying party specific information, usually a subcontext of ProfileRequestContext.
RelyingPartyContextLookupByCurrent
RelyingPartyContextLookupById
A function that returns a RelyingPartyContext based on ID.
RelyingPartyContextLookupByLabel
A function that returns a collection of RelyingPartyContexts based on a label.
RelyingPartyIdLookupFunction
A function that returns RelyingPartyContext.getRelyingPartyId() from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
RelyingPartyIdPredicate
Predicate that evaluates a ProfileRequestContext by looking for a relying party ID that matches one of a designated set, or a generic predicate.
RelyingPartyMapJAASLoginConfigStrategy
An implementation of the loginConfigStrategy for JAASCredentialValidator which uses a supplied map to resolve the JAAS config to use.
RelyingPartyUIContext
The context which carries the user interface information.
RemoteUser
IdPModule implementation.
RemoteUserAuthServlet
Extracts authentication information from the request and returns it via the IdP's external authentication interface.
RemoteUserInternal
IdPModule implementation.
RenewLookupFunction
Looks up the value of the CAS renew parameter from the request to the /login URI.
RequestedPrincipalContext
A context that holds information about an authentication request's requirement for a specific custom Principal.
RequestedPrincipalContextOperatorLookupFunction
RequestedPrincipalContextPrincipalLookupFunction
A function that returns RequestedPrincipalContext.getRequestedPrincipals() but transforms the values into strings.
RequiredValidUntilParser
Parser for a <RequiredValidUntil> filter.
ResolutionException
An exception indicating a problem resolving attribute data.
ResolutionLabelLookupFunction
A function that returns AttributeResolutionContext.getResolutionLabel() if available from a AttributeResolutionContext obtained via a lookup function defined on the base class.
ResolutionLabelPredicate
Predicate that evaluates a ProfileRequestContext by looking for an attribute resolution label that matches one of a designated set or a generic predicate.
ResolveAttributes
Action that invokes the AttributeResolver for the current request.
ResolveAttributesProfileConfigPredicate
A predicate that evaluates a ProfileRequestContext and determines whether attribute resolution and filtering should take place.
ResolvedAttributeDefinition
A proxy which wraps a resolved attribute definition and always returns the same attribute.
ResolvedDataConnector
A proxy which wraps a resolved data connector and always returns the same attributes.
ResolverAttributeDefinitionDependency
A Dependency that references to an Attribute Definition.
ResolverDataConnectorDependency
A Dependency that references to an Data Connector.
ResolverPlugin<ResolvedType>
Interface defining the base work done by all plugins used within attribute resolution.
ResolverTestArguments
Command line processing for ResolverTest flow.
ResolverTestPrincipalLookup
Returns the principal name from a ResolverTestRequest message in the inbound message context.
ResolverTestRequest
Object representing a request to run the attribute resolution and filtering components.
ResolverTestRequestDecoder
Decodes an incoming resolver test message.
ResourceBackedMetadataProviderParser
Parser for a ResourceBackedMetadataProvider.
ResponderIdLookupFunction
A function that returns RelyingPartyConfiguration.getResponderId(org.opensaml.profile.context.ProfileRequestContext)() if available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
RestoreProfileRequestContextTree
Restores specific portions of the context tree used during logout processing to enable reuse of logout propagation subflows during back channel logout.
ResultMappingStrategy
Strategy for mapping from a ResultSet to a collection of IdPAttributes.
RethrowingFlowExecutionExceptionHandler
This handler can be attached to view or end states that are used to respond to errors, including RuntimeExceptions, so that if they themselves raise another RuntimeException, it won't trigger the state again, but just fail the flow.
RethrowingFlowHandlerAdapter
Extension of SWF's built-in FlowHandlerAdapter implementation that overrides its poor assumption that a missing flow exception should result in the flow being restarted.
RevokeConsent
Consent action which deletes a consent record from storage.
RewritePropertiesTask
A class to rename the property names in a property file, preserving the comments.
RollbackPluginInstall
An object which does installation rollback in its AutoCloseable.close() method.
SAML1AttributeTranscoder<EncodedType extends IdPAttributeValue>
Marker interface for transcoders that operate on a SAML 1 Attribute or AttributeDesignator.
SAML1Base64AttributeEncoderParser
Spring Bean Definition Parser for SAML1ByteAttributeTranscoder.
SAML1ByteAttributeTranscoder
SAML1NameIdentifierAttributeDefinition Deprecated, for removal: This API element is subject to removal in a future version. 
SAML1NameIdentifierAttributeDefinitionParser
Spring bean definition parser for SAML 1 NameIdentifier attribute definitions.
SAML1ProfileConfiguration
Marker interface for SAML 1.x profile configuration interfaces, currently empty.
SAML1ScopedStringAttributeEncoderParser
Spring Bean Definition Parser for SAML1ScopedStringAttributeTranscoder.
SAML1ScopedStringAttributeTranscoder
SAML1SPSession
Marker subtype for a SAML 1 session, adds no actual information other than its identity as a SAML 1 session.
SAML1SPSessionCreationStrategy
A function to create a SAML1SPSession based on profile execution state.
SAML1SPSessionSerializer
A serializer for SAML1SPSession objects.
SAML1StringAttributeEncoderParser
Spring Bean Definition Parser for SAML1StringAttributeTranscoder.
SAML1StringAttributeTranscoder
SAML1XMLObjectAttributeEncoderParser
Spring Bean Definition Parser for SAML1XMLObjectAttributeTranscoder.
SAML1XMLObjectAttributeTranscoder
SAML2AttributeTranscoder<EncodedType extends IdPAttributeValue>
Marker interface for transcoders that operate on a SAML 2 Attribute or RequestedAttribute.
SAML2Base64AttributeEncoderParser
Spring Bean Definition Parser for SAML2ByteAttributeTranscoder.
SAML2ByteAttributeTranscoder
SAML2NameIDAttributeDefinition Deprecated, for removal: This API element is subject to removal in a future version. 
SAML2NameIDAttributeDefinitionParser
Spring bean definition parser for SAML 2 NameID attribute definitions.
SAML2ProfileConfiguration
Base interface for SAML 2 profile configurations.
SAML2ScopedStringAttributeEncoderParser
Spring Bean Definition Parser for SAML2ScopedStringAttributeTranscoder.
SAML2ScopedStringAttributeTranscoder
SAML2SPSession
Extends a BasicSPSession with SAML 2.0 information required for reverse lookup in the case of a logout.
SAML2SPSessionCreationStrategy
A function to create a SAML2SPSession based on profile execution state.
SAML2SPSessionSerializer
A serializer for SAML2SPSession objects.
SAML2StringAttributeEncoderParser
Spring Bean Definition Parser for SAML2StringAttributeTranscoder.
SAML2StringAttributeTranscoder
SAML2XMLObjectAttributeEncoderParser
Spring Bean Definition Parser for SAML2XMLObjectAttributeTranscoder.
SAML2XMLObjectAttributeTranscoder
SAMLArtifactAwareProfileConfiguration
Common interface for SAML profile configurations involving artifact production.
SAMLArtifactConfiguration
Interface for outbound SAML artifact configuration.
SAMLArtifactConsumerProfileConfiguration
Common interface for SAML profile configurations involving artifact consumption, for example artifact resolution requests.
SAMLAuditFields
Constants to use for audit logging fields stored in an AuditContext.
SAMLAuthnContext
Manages state during proxied SAML authentication.
SAMLAuthnController
MVC controller that handles outbound and inbound message I/O for proxied SAML authentication.
SAMLConstants
XML related constants used with SAML.
SAMLContext
Context, usually attached to AuthenticationContext, that carries a SAML Assertion to be validated.
SAMLEncoderSupport
Support class for encoding IdP Attributes and their value.
SAMLMetadataContextLookupFunction
A function to access a SAMLMetadataContext underlying a RelyingPartyContext located via a lookup function.
SAMLMetadataContextLookupFunction
A function to access a SAMLMetadataContext underlying a RelyingPartyContext located via a lookup function, by default a child of the profile request context.
SamlParam
SAML 1.1 protocol params needed to support /samlValidate endpoint.
SAMLProfileConfiguration
Common interface for SAML profile configurations.
SAMLRelyingPartyIdLookupStrategy
A lookup strategy that returns a SAML entityID if the RelyingPartyContext contains a reference to a SAMLPeerEntityContext or SAMLSelfEntityContext.
SAMLSOAPDecoderBodyHandler
Body handler impl for use with SAML SOAP message decoders.
SAMLVerificationLookupStrategy
A lookup strategy that returns true iff the RelyingPartyContext contains a reference to a SAMLPeerEntityContext or SAMLSelfEntityContext that contains a SAMLMetadataContext such that SAMLMetadataContext.getEntityDescriptor() is non-null.
SaveLogoutContext
Stores the LogoutContext in the servlet session to facilitate lookup by logout propagation flows.
SaveProfileRequestContextTree
Saves off specific portions of the context tree in use during logout processing to enable reuse of logout propagation subflows during back channel logout.
SchemaValidationParser
Parser for a <SchemaValidation> filter.
Scope
XMLObject for the Shibboleth Scope metadata extension.
ScopeBuilder
Builder of Scope objects.
ScopedAttributeDefinition
An attribute definition that creates ScopedStringAttributeValues by taking a source attribute value and applying a static scope to each.
ScopedAttributeDefinitionParser
Spring Bean Definition Parser for scoped attribute definitions.
ScopedStringAttributeValue
An attribute value with an associated scope.
ScopedValue
XMLObject that represents a SAML attribute value whose value contains a scope attribute.
ScopedValueBuilder
Builder of ScopedValue objects.
ScopedValueImpl
Concrete implementation of ScopedValue.
ScopedValueMarshaller
Marshaller of ScopedValue objects.
ScopedValueUnmarshaller
Unmarshaller for ScopedValue objects.
ScopeImpl
Implementation of Scope.
ScopeMarshaller
Marshaller for Scope.
ScopeMatchesShibMDScopeParser
Bean definition parser for AttributeScopeMatchesShibMDScope.
ScopesContainer
A container for all the Scope elements (attached to either a EntityDescriptor, IDPSSODescriptor or AttributeAuthorityDescriptor).
ScopesNodeProcessor
An implementation of MetadataNodeProcessor which extracts Scopes from any AttributeConsumingService or EntityDescriptor.
ScopeUnmarshaller
Unmarshaller for Scope.
ScriptDataConnectorParser
Bean definition Parser for a ScriptedDataConnector.
ScriptedAction
An action which calls out to a supplied script.
ScriptedAttributeDefinition
An AttributeDefinition that executes a script in order to populate the values of the generated attribute.
ScriptedAttributeDefinitionParser
Spring bean definition parser for scripted attribute configuration elements.
ScriptedContextLookupFunction<T extends BaseContext>
A Function over a BaseContext which calls out to a supplied script.
ScriptedDataConnector
A Data Connector which populates a series of attributes from a provided ProfileRequestContext.
ScriptedIdPAttribute
This is the API which is available to ECMAScripted attributes.
ScriptedIdPAttributeImpl
An encapsulated Attribute suitable for handing to scripts.
ScriptedMatcher
A Matcher that delegates to a JSR-223 script for its actual processing.
ScriptedMatcherParser
Bean definition parser for ScriptedPolicyRule or ScriptedMatcher objects.
ScriptedPolicyRule
A PolicyRequirementRule that delegates to a JSR-223 script for its actual processing.
ScriptedPredicate
A Predicate which calls out to a supplied script.
ScriptedResponseMappingStrategy
HTTPResponseMappingStrategy that relies on a script to map the response to the attribute set.
ScriptedStorageMappingStrategy
StorageMappingStrategy that relies on a script to map the record to the attribute set.
ScriptTypeBeanParser
Parser for elements derived from ScriptType in the various namespaces.
SealedPrincipalSerializer<T extends Principal>
Principal serializer that encrypts/decrypts the data when serializing.
SearchResultMappingStrategy
Strategy for mapping from a SearchResult to a collection of IdPAttributes.
SecurityConfiguration
Configuration for security behavior of profiles.
SecurityNamespaceHandler
SelectAuthenticationFlow
An authentication action that selects an authentication flow to invoke, or re-uses an existing result for SSO.
SelectLogoutPropagationFlow
A profile action that selects a logout propagation flow to invoke.
SelectProfileConfiguration
Action that selects the ProfileConfiguration for the given request and sets it in the looked-up RelyingPartyContext.
SelectProfileConfiguration
Action that selects the ProfileConfiguration for the given message context and sets it in the looked-up RelyingPartyContext.
SelectProfileInterceptorFlow
A profile interceptor action that selects flows to invoke.
SelectRelyingPartyConfiguration
This action attempts to resolve a RelyingPartyConfiguration and adds it to the RelyingPartyContext that was looked up.
SelectRelyingPartyConfiguration
This message handler attempts to resolve a RelyingPartyConfiguration and adds it to the RelyingPartyContext that was looked up.
SelectSubjectCanonicalizationFlow
A canonicalization action that selects a canonicalization flow to invoke.
SelfEncryptionConfigurationLookupFunction
A function that returns a EncryptionConfiguration list intended for self-encryption cases.
SelfSignedCertificateGeneratorTask
Task to shim around SelfSignedCertificateGenerator.
Service
Container for metadata about a CAS service (i.e.
ServiceContactTag
return the contactInfo for the SP or null.
ServiceContext
IdP context container for CAS service (i.e.
ServiceDefinition
Defines a registered CAS service (i.e.
ServiceDescriptionTag
Display the description from the <mdui:UIInfo>.
ServiceEntityDescriptor
Adapts CAS protocol service metadata onto SAML metadata.
ServiceInformationURLTag
Service InformationURL - directly from the metadata if present.
ServiceLogoTag
Logo for the SP.
ServiceLookupFunction
Looks up the service URL from the CAS protocol request.
ServiceNameTag
Display the serviceName.
ServicePrivacyURLTag
Service PrivacyURL - directly from the metadata if present.
ServiceRegistry
Registry for explicitly verified CAS services (relying parties).
ServiceTagSupport
Display the serviceName.
ServiceTicket
CAS service ticket.
ServiceTicketRequest
Describes a request for a ticket to access a service.
ServiceTicketResponse
CAS protocol response message for a successfully granted service ticket.
ServiceTicketSerializer
Serializes service tickets in simple field-delimited form.
ServletRequestProfileRequestContextLookup
Looks up the profile request context from a servlet request attribute.
SessionContext
A BaseContext that holds an IdPSession.
SessionContextIDLookupFunction
A function that returns the session ID from the session inside a SessionContext.
SessionContextPrincipalLookupFunction
A function that returns the principal name from the session inside a SessionContext.
SessionException
Exception indicating a problem authenticating a user.
SessionIdCriterion
Criterion representing a session ID.
SessionIndexAuditExtractor
Function that returns SessionIndex values from assertions in a response or a logout request.
SessionLifetimeLookupFunction
A function that returns BrowserSSOProfileConfiguration.getMaximumSPSessionLifetime(ProfileRequestContext) if such a profile is available from a RelyingPartyContext obtained via a lookup function, by default a child of the ProfileRequestContext.
SessionManager
Component that manages sessions between the IdP and client devices.
SessionResolver
A resolver that is capable of finding IdPSession objects that meet certain criteria.
SetConfigurationLookupStrategy<T>
A strategy function that examines SAML metadata associated with a relying party and derives Set<String>-valued configuration settings based on EntityAttribute extension tags.
SetRPUIInformation
Action to populate the ProfileRequestContext with a RelyingPartyUIContext.
SignArtifactRequestsPredicate
SignAssertionsPredicate
A predicate implementation that forwards to SAMLProfileConfiguration.isSignAssertions(ProfileRequestContext).
SignatureChainingParser
Parser for trust engines of type SignatureChaining.
SignatureSigningConfigurationLookupFunction
A MessageContext function that returns a SignatureSigningConfiguration list by way of various lookup strategies.
SignatureSigningConfigurationLookupFunction
A function that returns a SignatureSigningConfiguration list by way of various lookup strategies.
SignatureValidationConfigurationLookupFunction
A MessageContext function that returns a SignatureValidationConfiguration list by way of various lookup strategies.
SignatureValidationConfigurationLookupFunction
A function that returns a SignatureValidationConfiguration list by way of various lookup strategies.
SignatureValidationCriteriaSetFactoryBean
Factory bean impl for producing a CriteriaSet instance specialized for signature validation use cases, such as input to the SignatureValidationFilter.
SignatureValidationParser
Parser for xsi:type="SignatureValidation".
SigningCredentialsResolver
Credential resolver whose purpose is to resolve configured IdP signing credentials.
SignRequestsPredicate
A predicate implementation that forwards to SAMLProfileConfiguration.isSignRequests(ProfileRequestContext) or follows IDPSSODescriptor.getWantAuthnRequestsSigned() if so configured.
SignResponsesPredicate
A predicate implementation that forwards to SAMLProfileConfiguration.isSignResponses(ProfileRequestContext).
SignSOAPLogoutRequestsPredicate
A predicate implementation that forwards to SingleLogoutProfileConfiguration.isSignSOAPRequests(MessageContext).
SimpleAttributeDefinition
A AttributeDefinition that creates an attribute whose values are the values the values of all its dependencies.
SimpleAttributeDefinitionParser
Bean definition parser for a SimpleAttributeDefinition.
SimpleAttributePredicate
Predicate that evaluates an AttributeContext and checks for particular attribute/value pairs.
SimpleCSRFToken
A default, immutable, implementation of a CSRFToken.
SimplePrincipalSerializer<T extends Principal>
Principal serializer for string-based principals that serialize to a simple JSON structure.
SimpleStorageMappingStrategy
MappingStrategy for pulling data out of StorageRecord.
SimpleSubjectCanonicalization
An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one UsernamePrincipal custom principal.
SimpleSubjectCanonicalization.ActivationCondition
A predicate that determines if this action can run or not.
SimpleTicketService
Simple CAS ticket management service that delegates storage to StorageService.
SingleLogoutProfileConfiguration
Configuration support for SAML 2 Single Logout.
SLF4JMDCServletFilter
Servlet filter that sets some interesting MDC attributes as the request comes in and clears the MDC as the response is returned.
SOAPErrorPredicate
Predicate that decides whether to handle an error by returning a SOAP fault to a requester or fail locally.
SOAPLogoutRequest
Profile action that propagates a prepared LogoutRequest message to an SP via the SOAP binding, encapsulating SOAP pipeline construction and execution.
SourceValue
Represents incoming attribute values and rules used for matching them.
SourceValueParser
Bean definition parser for a SourceValue.
SPNameQualifierAuditExtractor
Function that returns the SPNameQualifier from a SAML Subject.
SPNEGO
IdPModule implementation.
SPNEGOAuthnController
MVC controller for managing the SPNEGO exchanges implemented as an ExternalAuthentication mechanism.
SPNEGOAutoLoginManager
Component managing the auto-login state via cookie.
SPNEGOContext
Context, usually attached to AuthenticationContext, that carries configuration data and request state for SPNEGO authentication.
SpringAwareMessageDecoderFactory
A function that returns the correct MessageDecoder to use based on a simple map of strings to bean IDs.
SpringAwareMessageEncoderFactory
A function that returns the correct MessageEncoder to use based on an underlying BindingDescriptor.
SpringEventToViewLookupFunction
A function that returns a view name to render based on a Spring Web Flow Event.
SpringExpressionContextLookupFunction<T extends BaseContext,​U>
A Function over a BaseContext which calls out to a Spring Expression.
SpringExpressionPredicate
Predicate whose condition is defined by an Spring EL expression.
SpringRequestContext
A BaseContext which holds the Spring WebFlow RequestContext in which the overall parent context is operating.
SpringStatusMessageLookupFunction
A function that returns a status message to include, if any, in a SAML response based on the current profile request context state, using Spring's MessageSource functionality.
SPSession
Describes a session with a service in turn associated with an IdPSession.
SPSessionCriterion
Criterion representing a service ID and an implementation-specific service session key.
SPSessionEx Deprecated, for removal: This API element is subject to removal in a future version. 
SPSessionSerializerRegistry
A registry of mappings between a SPSession class and a corresponding StorageSerializer for that type.
SPSessionSerializerRegistry.Entry<T extends SPSession>
Wrapper type for auto-wiring serializers.
SSOSProfileConfiguration
Configuration support for the Liberty ID-WSF SSOS profile.
StaticAttributeDefinition
An attribute definition that simply returns a static value.
StaticDataConnector
A DataConnector that just returns a static collection of attributes.
StaticDataConnectorParser
Bean definition Parser for a StaticDataConnector.
StaticExplicitKeyFactoryBean
Factory bean for simple use cases involving the ExplicitKeyTrustEngine and static credentials.
StaticExplicitKeyParser
Parser for trust engines of type StaticExplicitKey TrustEngine.
StaticExplicitKeySignatureParser
Parser for trust engines of type StaticExplicitKeySignature.
StaticPKIXFactoryBean
File system specific bean for PKIXX509CredentialTrustEngine.
StaticPKIXSignatureParser
Parser for trust engines of type StaticPKIXKeySignature.
StaticPKIXX509CredentialParser
Parser for trust engines of type StaticPKIXX509Credential.
StatusArguments
Command line processing for status flow.
StatusCodeAuditExtractor
Function that returns the StatusCode from a response.
StatusCodeLookupFunction
Looks up the protocol message status code from a CAS protocol message response.
StatusDetailLookupFunction
Looks up the protocol message status detail from a CAS protocol message response.
StatusMessageAuditExtractor
Function that returns the StatusMessage from a response.
StorageBackedAccountLockoutManager
Implementation of AccountLockoutManager interface that relies on a StorageService to track lockout state.
StorageBackedAccountLockoutManager.UsernameIPLockoutKeyStrategy
A function to generate a key for lockout storage.
StorageBackedIdPSession
Implementation of IdPSession for use with StorageBackedSessionManager.
StorageBackedIdPSessionSerializer
A serializer for instances of StorageBackedIdPSession designed in conjunction with the StorageService-backed SessionManager implementation.
StorageBackedSessionManager
Implementation of SessionManager and SessionResolver interfaces that relies on a StorageService for persistence and lifecycle management of data.
StorageBackedSessionManager.DefaultConsistentAddressConditionFactory
Simplifies Spring wiring of a true/false condition for the consistentAddress feature.
StorageMappingStrategy
Strategy for mapping from a StorageRecord to a collection of IdPAttribute objects.
StorageServiceDataConnector
This class implements a DataConnector that obtains data from a StorageService.
StorageServiceDataConnectorParser
Bean definition Parser for a StorageServiceDataConnector.
StorageServiceDataConnectorParser.V2Parser
Utility class for parsing v2 schema configuration.
StorageServiceSearch
A search that can be executed against a StorageService to fetch a result.
StoredIdDataConnectorParser
Spring bean definition parser for StoredIDDataConnector.
StoredPersistentIdDecoder
An abstract decoder which contains the logic to decode SAML persistent IDs that are managed with a DurablePairwiseIdStore.
StoredTransientIdGenerationStrategy
Generates transients using a StorageService to manage the reverse mappings.
StringAttributeValue
Base class for IdPAttribute values that are strings.
StringAttributeValueMappingStrategy Deprecated.
Replaced by api class.
StringAttributeValueMappingStrategy
A simple SearchResultMappingStrategy that iterates over all result entries and includes all attribute values as strings.
StringConfigurationLookupStrategy
A strategy function that examines SAML metadata associated with a relying party and derives String-valued configuration settings based on EntityAttribute extension tags.
StringResultMappingStrategy Deprecated.
Replaced by api class.
StringResultMappingStrategy
A simple ResultMappingStrategy that assumes all columns in the result set should be mapped and that all values are strings.
SubflowExpression
This code is copied verbatim from org.springframework.webflow.engine.builder.model.SubflowExpression
SubjectCanonicalizationContext
A context that holds an input Subject to canonicalize into a principal name, and the collection of c14n flows to attempt.
SubjectCanonicalizationContextSubjectLookupFunction
A function that returns the Subject from a SubjectCanonicalizationContext.
SubjectCanonicalizationException
Exception indicating a problem translating a subject between forms.
SubjectCanonicalizationFlowDescriptor
A descriptor for a subject canonicalization flow.
SubjectContext
A context that holds information about the subject of a request.
SubjectContextImpersonatingPrincipalLookupFunction
A function that returns the impersonating principal name from a SubjectContext.
SubjectContextPrincipalLookupFunction
A function that returns the principal name from a SubjectContext.
SubjectDataConnector
A DataConnector that extracts all IdPAttributePrincipal objects from the Subject objects associated with the request.
SubjectDataConnectorParser
Bean definition Parser for a SubjectDataConnector.
SubjectDerivedAttributeDefinitionParser
Spring Bean Definition Parser for attribute definitions derived from the Principal.
SubjectDerivedAttributeValuesFunction
A Function which returns IdPAttributeValues derived from the Principals associated with the request.
SubStatusCodeAuditExtractor
Function that returns the lower-level StatusCode(s) from a response.
TemplateAttributeDefinition
An attribute definition that constructs its values based on the values of its dependencies using the Velocity Template Language.
TemplateAttributeDefinitionParser
Spring bean definition parser for templated attribute definition elements.
TemplatedBodyBuilder
An ExecutableSearchBuilder that generates a request by evaluating Templates against the currently resolved attributes within an AttributeResolutionContext to produce a URL and body, via GET or POST, and a configurable cache key.
TemplatedExecutableSearchFilterBuilder Deprecated.
Replaced by api class.
TemplatedExecutableSearchFilterBuilder
An ExecutableSearchBuilder that generates the search filter to be executed by evaluating a Template against the currently resolved attributes within a AttributeResolutionContext.
TemplatedExecutableSearchFilterBuilder.EscapingReferenceInsertionEventHandler
Escapes LDAP attribute values added to the template context.
TemplatedExecutableStatementBuilder Deprecated.
Replaced by api class.
TemplatedExecutableStatementBuilder
An ExecutableSearchBuilder that generates the SQL statement to be executed by evaluating a Template against the currently resolved attributes within a AttributeResolutionContext.
TemplatedExecutableStatementBuilder.EscapingReferenceInsertionEventHandler
Escapes SQL values added to the template context.
TemplatedSearchBuilder
An ExecutableSearchBuilder that generates the StorageService context and key using Velocity templates.
TemplatedURLBuilder
An ExecutableSearchBuilder that generates the URL to request by evaluating a Template against the currently resolved attributes within an AttributeResolutionContext.
TemplateSearchDnResolver
Template-based search dn resolver.
Ticket
Generic CAS ticket that has a natural identifier and expiration.
TicketContext
IdP context that stores a granted CAS ticket.
TicketIdentifierGenerationStrategy
Generates CAS protocol ticket identifiers of the form:
TicketIdGenerator
Strategy for ticket generation.
TicketLookupFunction
Looks up the service (proxy) ticket provided in a CAS protocol request or produced in a CAS protocol response.
TicketPrincipalLookupFunction
TicketService
CAS ticket management service.
TicketState
Supplemental state data to be stored with a ticket.
TicketValidationRequest
Ticket validation request message.
TicketValidationResponse
Service ticket validation response protocol message.
TLSSocketFactoryFactoryBean
A factory bean for producing instances of LayeredConnectionSocketFactory for use in HttpClient.
TOTPPrincipal
Principal based on a TOTP authentication.
TranscoderSupport
Support functions for working with AttributeTranscoder framework.
TranscodingRule
Wrapper around a Map representing a rule for transcoding, used to detect and load the rules at runtime from a Spring context.
TranscodingRuleLoader
A mechanism for loading a set of TranscodingRule objects from sources such as maps or directories of property files.
TransformingNameIDDecoder
Transform from a NameID.
TransformingNameIdentifierDecoder
Transform from a NameIdentifier.
TransientIdGenerationStrategy
Generates and manages transient identifiers according to specific strategies.
TransientIdParameters
The Parameters we need to store in, and get out of a transient ID, namely the attribute recipient (aka the SP) and the principal.
TransientNameIDDecoder
Decodes XSString.getValue() via the base class (reversing the work done by TransientSAML2NameIDGenerator).
TransientNameIdentifierDecoder
Decodes XSString.getValue() via the base class (reversing the work done by TransientSAML1NameIdentifierGenerator).
TransientSAML1NameIdentifierGenerator
Generator for transient NameIdentifier objects.
TransientSAML2NameIDGenerator
Generator for transient NameID objects.
TransitionMultiFactorAuthentication
An authentication action that acts as the driver regulating execution of transitions between MFA stages.
TrustStore
Code to handle (load, update, check) the trust store for an individual plugin.
TrustStore.Signature
An opaque handle around a PGPSignature.
UIInfoNodeProcessor
An implementation of MetadataNodeProcessor which processes any UIInfos into an IdPUIInfo and processes any AttributeConsumingService into an ACSUIInfo.
UnlockDataSealers
Action that sets keystore and key passwords for one or more DataSealer KeyStrategy objects based on query parameters.
UnlockKeys
IdPModule implementation.
UnlockPrivateKeys
Action that creates private key objects and injects them into existing MutableCredential objects.
UnsupportedAttributeTypeException
Exception thrown when a particular IdPAttributeValue type was expected but a different one was encountered.
UpdateCounter
Consent action which maintains a storage record whose value is the current time in milliseconds.
UpdateIdPSessionWithSPSessionAction<RequestType,​ResponseType>
Conditionally updates the IdPSession with a CASSPSession to support SLO.
UpdateSAMLSelfEntityContext
Action that updates inbound and/or outbound instances of SAMLSelfEntityContext based on the identity of a relying party accessed via a lookup strategy, by default an immediate child of the profile request context.
UpdateSessionWithAuthenticationResult
An authentication action that establishes a record of the AuthenticationResult in an IdPSession for the client, either by updating an existing session or creating a new one.
UpdateSessionWithSPSession
An action that establishes a record of an SPSession in an existing IdPSession for the client.
UserAgentContext
A context containing data about the user agent.
UsernameContext
Context that carries a username (without a password) to be validated.
UsernamePasswordContext
Context that carries a username/password pair to be validated.
UsernamePrincipal
Principal based on a username.
V2CompatibleTemplatedExecutableSearchFilterBuilder
A TemplatedExecutableSearchFilterBuilder which also injects an V2SAMLProfileRequestContext into the spring context.
V2CompatibleTemplatedExecutableStatementBuilder
A TemplatedExecutableStatementBuilder which also injects an V2SAMLProfileRequestContext into the spring context.
V2SAMLProfileRequestContext
Emulation code for Scripted Attributes.
V4Install
Code to do most of the V4 Install.
V4InstallTask
A thin veneer around the V4 installer.
ValidateConfiguration
CAS protocol configuration.
ValidateCredentials
An action that processes a list of CredentialValidator objects to produce an AuthenticationResult.
ValidateCredentials.UsernamePasswordCleanupHook
A default cleanup hook that removes the UsernamePasswordContext from the tree.
ValidateDuoAuthAPI
An action that checks for a DuoAuthenticationContext and directly produces an AuthenticationResult based on that identity by authenticating against the Duo AuthAPI.
ValidateDuoWebResponse
An action that validates a DuoWeb response message and produces an AuthenticationResult or records error state.
ValidateExternalAuthentication
An action that checks for an ExternalAuthenticationContext and directly produces an AuthenticationResult or records error state based on the contents.
ValidateFunctionResult
An action that executes a deployer-supplied function and produces an AuthenticationResult based on the function result.
ValidateProxyCallbackAction
Validates the proxy callback URL provided in the service ticket validation request and creates a PGT when the proxy callback is successfully authenticated.
ValidateRemoteUser
An action that checks for a UsernameContext and directly produces an AuthenticationResult based on that identity.
ValidateRenewAction
Ensures that a service ticket validation request that specifies renew=true matches the renew flag on the ticket that is presented for validation.
ValidateSAMLAuthentication
An action that produces an AuthenticationResult based on an inbound SAML 2.0 SSO response.
ValidateTicketAction
CAS protocol service ticket validation action.
ValidateUserAgentAddress
An action that ensures that a user-agent address found within a UserAgentContext is within a given range and generates an AuthenticationResult.
ValidateX509Certificate
An action that checks for a CertificateContext containing X509Certificate objects, and directly produces an AuthenticationResult based on that identity, after optionally validating the certificate(s) against a TrustEngine.
ValidationException
Exception thrown by Validators when validation fails.
Validator
Used to determine whether a Data Connector initialized properly and continues to be fit for use.
ValueMap
Performs many to one mapping of source values to a return value.
ValueMapParser
Bean definition parser for a ValueMap.
ValueMatchesShibMDScopeParser
Bean definition parser for AttributeValueMatchesShibMDScope.
VerifiedProfilePredicate
Predicate to determine whether a profile request is from a verified source.
Version
Class for getting and printing the version of the IdP.
Warning
IdPModule implementation.
WebFlowCurrentEventLookupFunction
A Function that checks for cases in which the webflow's current event is not reflected by an attached EventContext and compensates, along with returning a suitably populated context.
WebFlowMessageHandlerAdaptor
An AbstractProfileAction subclass that adapts an OpenSAML MessageHandler for execution in a Spring WebFlow environment.
WebFlowMessageHandlerAdaptor.Direction
Used to indicate the target message context for invocation of the adapted message handler.
WebFlowProfileActionAdaptor
Adaptor that wraps a ProfileAction with a Spring Web Flow compatible action implementation so that it can be executed as part of a flow.
WebflowRequestContextProfileRequestContextLookup
A Function that extracts the ProfileRequestContext from the current Webflow conversation.
WriteAuditLog
Action that produces audit log entries based on an AuditContext and one or more formatting strings.
WriteFTICKSLog
Action that produces F-TICKS log entries for successful SAML SSO responses.
WriteProfileInterceptorResultToStorage
A profile interceptor action that writes a ProfileInterceptorResult to a StorageService.
WriteValidateResponseAction
CAS 1.0 protocol response handler.
X500PrincipalSerializer
Principal serializer for X500Principal.
X500SubjectCanonicalization
An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one X509Certificate public credential, or in its absence one and only one X500Principal.
X500SubjectCanonicalization.ActivationCondition
A predicate that determines if this action can run or not.
X509
IdPModule implementation.
X509AuthServlet
Servlet compatible with the ExternalAuthentication interface that extracts and validates an X.509 client certificate for user authentication.
X509InlineCredentialFactoryBean
A factory bean to understand X509Inline credentials.
X509InlineCredentialParser
Parser for X509Inline credentials.
X509ProxyFilter
Servlet filter to translate Apache mod_ssl certificate variables into Java servlet attributes.
X509ResourceCredentialConfig
Implementation of CredentialConfig that loads trust and key material using a Resource.
X509ResourceCredentialParser
Parser for X509Filesystem credentials.
XMLObjectAttributeValue
XMLObjectProviderInitializer
XMLObject provider initializer for providers from OpenLiberty used in delegation.
XMLObjectProviderInitializer
XMLObject provider initializer for module "saml-impl".