Class BasicAdministrativeFlowDescriptor

All Implemented Interfaces:
AdministrativeFlowDescriptor, AuthenticationProfileConfiguration, ProfileConfiguration, FlowDescriptor, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
OneTimeAdministrativeFlowDescriptor

public class BasicAdministrativeFlowDescriptor
extends AbstractProfileConfiguration
implements AdministrativeFlowDescriptor
A descriptor for an administrative flow.

Administrative flows are essentially any feature intrinsic to the IdP itself and generally not exposed to external systems using security mechanisms that would involve the more traditional "relying party" machinery and security models. Examples include status reporting and service management features, or user self-service features.

Since:
3.3.0
  • Field Details

    • loggingId

      @Nullable private String loggingId
      Logging ID.
    • supportsNonBrowserPredicate

      @Nonnull private Predicate<ProfileRequestContext> supportsNonBrowserPredicate
      Whether this flow supports non-browser clients.
    • authenticatedPredicate

      @Nonnull private Predicate<ProfileRequestContext> authenticatedPredicate
      Whether user authentication is required.
    • uiInfo

      @Nonnull private final UIInfo uiInfo
      Expose user interface details.
    • policyNameLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​String> policyNameLookupStrategy
      Lookup strategy for access control policy to apply.
    • resolveAttributesPredicate

      @Nonnull private Predicate<ProfileRequestContext> resolveAttributesPredicate
      Whether attributes should be resolved in the course of the flow.
    • defaultAuthenticationMethodsLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Collection<Principal>> defaultAuthenticationMethodsLookupStrategy
      Selects, and limits, the authentication flows to use for requests by supported principals.
    • authenticationFlowsLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Set<String>> authenticationFlowsLookupStrategy
      Filters the usable authentication flows.
    • postAuthenticationFlowsLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Collection<String>> postAuthenticationFlowsLookupStrategy
      Enables post-authentication interceptor flows.
    • forceAuthnPredicate

      @Nonnull private Predicate<ProfileRequestContext> forceAuthnPredicate
      Whether to mandate forced authentication for the request.
    • proxyCountLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Integer> proxyCountLookupStrategy
      Lookup function to supply proxyCount property.
    • builderFactory

      @Nonnull private final XMLObjectBuilderFactory builderFactory
      Builder factory for XMLObjects needed in UIInfo emulation.
  • Constructor Details

    • BasicAdministrativeFlowDescriptor

      public BasicAdministrativeFlowDescriptor​(@Nonnull @NotEmpty @ParameterName(name="id") String id)
      Constructor.
      Parameters:
      id - profile Id
  • Method Details

    • getLoggingId

      @Nullable public String getLoggingId()
      Get a logging ID to use when auditing this profile.
      Specified by:
      getLoggingId in interface AdministrativeFlowDescriptor
      Returns:
      logging ID
    • setLoggingId

      public void setLoggingId​(@Nullable String id)
      Set a logging ID to use when auditing this profile.
      Parameters:
      id - logging ID
    • isNonBrowserSupported

      public boolean isNonBrowserSupported​(@Nullable ProfileRequestContext profileRequestContext)
      Get whether this flow supports non-browser clients (default is true).
      Specified by:
      isNonBrowserSupported in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether this flow supports non-browser clients
    • setNonBrowserSupported

      public void setNonBrowserSupported​(boolean flag)
      Set whether this flow supports non-browser clients.
      Parameters:
      flag - flag to set
    • setNonBrowserSupportedPredicate

      public void setNonBrowserSupportedPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set condition to determine whether this flow supports non-browser clients.
      Parameters:
      condition - condition to apply
    • isAuthenticated

      public boolean isAuthenticated​(@Nullable ProfileRequestContext profileRequestContext)
      Get whether user authentication is required (default is false).
      Specified by:
      isAuthenticated in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether user authentication is required
    • setAuthenticated

      public void setAuthenticated​(boolean flag)
      Set whether user authentication is required (default is false).
      Parameters:
      flag - flag to set
    • setAuthenticatedPredicate

      public void setAuthenticatedPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set condition to determine whether user authentication is required (default is false).
      Parameters:
      condition - condition to apply
    • getUIInfo

      @Nonnull public UIInfo getUIInfo()
      Get the user interface details for this profile.
      Specified by:
      getUIInfo in interface AdministrativeFlowDescriptor
      Returns:
      user interface details
    • setDisplayNames

      public void setDisplayNames​(@Nonnull @NonnullElements Collection<LangBearingString> displayNames)
      Set the DisplayName objects to expose via getUIInfo() via a utility class.
      Parameters:
      displayNames - utility class collection of language-annotated strings
    • setDescriptions

      public void setDescriptions​(@Nonnull @NonnullElements Collection<LangBearingString> descriptions)
      Set the Description objects to expose via getUIInfo() via a utility class.
      Parameters:
      descriptions - utility class collection of language-annotated strings
    • setLogos

      public void setLogos​(@Nonnull @NonnullElements Collection<BasicAdministrativeFlowDescriptor.Logo> logos)
      Set the Logo objects to expose via getUIInfo() via a utility class.
      Parameters:
      logos - utility class collection of logo metadata
    • setInformationURLs

      public void setInformationURLs​(@Nonnull @NonnullElements Collection<LangBearingString> urls)
      Set the InformationURL objects to expose via getUIInfo() via a utility class.
      Parameters:
      urls - utility class collection of language-annotated strings
    • setPrivacyStatementURLs

      public void setPrivacyStatementURLs​(@Nonnull @NonnullElements Collection<LangBearingString> urls)
      Set the PrivacyStatementURL objects to expose via getUIInfo() via a utility class.
      Parameters:
      urls - utility class collection of language-annotated strings
    • getPolicyName

      @Nullable public String getPolicyName​(@Nullable ProfileRequestContext profileRequestContext)
      Get the access control policy for this flow.
      Specified by:
      getPolicyName in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      name of access control policy
    • setPolicyName

      public void setPolicyName​(@Nullable String name)
      Set an explicit access control policy name to apply.
      Parameters:
      name - policy name
    • setPolicyNameLookupStrategy

      public void setPolicyNameLookupStrategy​(@Nonnull Function<ProfileRequestContext,​String> strategy)
      Set a lookup strategy to use to obtain the access control policy for this flow.
      Parameters:
      strategy - lookup strategy
    • isResolveAttributes

      public boolean isResolveAttributes​(@Nullable ProfileRequestContext profileRequestContext)
      Get whether to resolve attributes during the profile (default is false).
      Specified by:
      isResolveAttributes in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether to resolve attributes during the profile
    • setResolveAttributes

      public void setResolveAttributes​(boolean flag)
      Set whether attributes should be resolved during the profile.
      Parameters:
      flag - flag to set
    • setResolveAttributesPredicate

      public void setResolveAttributesPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether attributes should be resolved during the profile.
      Parameters:
      condition - condition to set
    • getInboundInterceptorFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getInboundInterceptorFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of interceptor flows to run for this profile after an inbound message is decoded.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getInboundInterceptorFlows in interface ProfileConfiguration
      Overrides:
      getInboundInterceptorFlows in class AbstractProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable
    • getOutboundInterceptorFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getOutboundInterceptorFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of interceptor flows to run for this profile before a final outbound message is generated.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getOutboundInterceptorFlows in interface ProfileConfiguration
      Overrides:
      getOutboundInterceptorFlows in class AbstractProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable
    • getSecurityConfiguration

      @Nullable public SecurityConfiguration getSecurityConfiguration​(@Nullable ProfileRequestContext profileRequestContext)
      Get the SecurityConfiguration to use with this profile.
      Specified by:
      getSecurityConfiguration in interface ProfileConfiguration
      Overrides:
      getSecurityConfiguration in class AbstractProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      security configuration to use with this profile
    • getDefaultAuthenticationMethods

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<Principal> getDefaultAuthenticationMethods​(@Nullable ProfileRequestContext profileRequestContext)
      Get the default authentication methods to use, expressed as custom principals.
      Specified by:
      getDefaultAuthenticationMethods in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      default authentication methods to use
    • setDefaultAuthenticationMethods

      public void setDefaultAuthenticationMethods​(@Nullable @NonnullElements Collection<Principal> methods)
      Set the default authentication methods to use, expressed as custom principals.
      Parameters:
      methods - default authentication methods to use
    • setDefaultAuthenticationMethodsLookupStrategy

      public void setDefaultAuthenticationMethodsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Collection<Principal>> strategy)
      Set a lookup strategy for the authentication methods to use, expressed as custom principals.
      Parameters:
      strategy - lookup strategy
    • getAuthenticationFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public Set<String> getAuthenticationFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get the allowable authentication flows for this profile.

      The flow IDs returned MUST NOT contain the AuthenticationFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of authentication flow IDs to allow
    • setAuthenticationFlows

      public void setAuthenticationFlows​(@Nullable @NonnullElements Collection<String> flows)
      Set the authentication flows to use.
      Parameters:
      flows - flow identifiers to use
    • setAuthenticationFlowsLookupStrategy

      public void setAuthenticationFlowsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Set<String>> strategy)
      Set a lookup strategy for the authentication flows to use.
      Parameters:
      strategy - lookup strategy
    • getPostAuthenticationFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getPostAuthenticationFlows​(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of post-authentication interceptor flows to run for this profile.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getPostAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable
    • setPostAuthenticationFlows

      public void setPostAuthenticationFlows​(@Nullable @NonnullElements Collection<String> flows)
      Set the ordered collection of post-authentication interceptor flows to enable.
      Parameters:
      flows - flow identifiers to enable
    • setPostAuthenticationFlowsLookupStrategy

      public void setPostAuthenticationFlowsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Collection<String>> strategy)
      Set a lookup strategy for the post-authentication interceptor flows to enable.
      Parameters:
      strategy - lookup strategy
    • isForceAuthn

      public boolean isForceAuthn​(@Nullable ProfileRequestContext profileRequestContext)
      Get whether the authentication process should include a proof of user presence.
      Specified by:
      isForceAuthn in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff authentication should require user presence
    • setForceAuthn

      public void setForceAuthn​(boolean flag)
      Set whether a fresh user presence proof should be required for this request.
      Parameters:
      flag - flag to set
    • setForceAuthnPredicate

      public void setForceAuthnPredicate​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether a fresh user presence proof should be required for this request.
      Parameters:
      condition - condition to set
    • getProxyCount

      @Nullable public Integer getProxyCount​(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Specified by:
      getProxyCount in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion or authentication may be proxied
    • setProxyCount

      public void setProxyCount​(@Nullable @NonNegative Integer count)
      Sets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      count - proxy count
      Since:
      4.0.0
    • setProxyCountLookupStrategy

      public void setProxyCountLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Integer> strategy)
      Set a lookup strategy for the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      strategy - lookup strategy
      Since:
      4.0.0
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class AbstractProfileConfiguration
    • equals

      public boolean equals​(Object obj)
      Overrides:
      equals in class AbstractProfileConfiguration
    • toString

      public String toString()
      Overrides:
      toString in class Object