Package net.shibboleth.idp.saml.saml1.profile.config

Class BrowserSSOProfileConfiguration

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
net.shibboleth.idp.profile.config.AbstractProfileConfiguration
net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration
net.shibboleth.idp.saml.saml1.profile.config.AbstractSAML1ArtifactAwareProfileConfiguration
net.shibboleth.idp.saml.saml1.profile.config.BrowserSSOProfileConfiguration
All Implemented Interfaces:
AuthenticationProfileConfiguration, AttributeResolvingProfileConfiguration, ConditionalProfileConfiguration, ProfileConfiguration, SAMLArtifactAwareProfileConfiguration, SAMLProfileConfiguration, SAML1ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
public class BrowserSSOProfileConfiguration extends AbstractSAML1ArtifactAwareProfileConfiguration implements AuthenticationProfileConfiguration, AttributeResolvingProfileConfiguration
Configuration for SAML 1 Browser SSO profile requests.

  • Field Details

  • Constructor Details

    • BrowserSSOProfileConfiguration

      public BrowserSSOProfileConfiguration()
      Constructor.

    • BrowserSSOProfileConfiguration

      protected BrowserSSOProfileConfiguration(@Nonnull @NotEmpty String profileId)
      Constructor.
      Parameters:
      profileId - unique ID for this profile

  • Method Details

    • isResolveAttributes

      public boolean isResolveAttributes(@Nullable ProfileRequestContext profileRequestContext)
      Get whether to resolve attributes.
      Specified by:
      isResolveAttributes in interface AttributeResolvingProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff resolution should be done

    • setResolveAttributes

      public void setResolveAttributes(boolean flag)
      Set whether attributes should be resolved during the profile.
      Parameters:
      flag - flag to set

    • setResolveAttributesPredicate

      public void setResolveAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether attributes should be resolved during the profile.
      Parameters:
      condition - condition to set

    • isIncludeAttributeStatement

      public boolean isIncludeAttributeStatement(@Nullable ProfileRequestContext profileRequestContext)
      Get whether responses to the authentication request should include an attribute statement.

      Default is true

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether responses to the authentication request should include an attribute statement

    • setIncludeAttributeStatement

      public void setIncludeAttributeStatement(boolean flag)
      Set whether responses to the authentication request should include an attribute statement.
      Parameters:
      flag - flag to set

    • setIncludeAttributeStatementPredicate

      public void setIncludeAttributeStatementPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether responses to the authentication request should include an attribute statement.
      Parameters:
      condition - condition to set

    • isForceAuthn

      public boolean isForceAuthn(@Nullable ProfileRequestContext profileRequestContext)
      Get whether the authentication process should include a proof of user presence.
      Specified by:
      isForceAuthn in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff authentication should require user presence

    • setForceAuthn

      public void setForceAuthn(boolean flag)
      Set whether a fresh user presence proof should be required for this request.
      Parameters:
      flag - flag to set

    • setForceAuthnPredicate

      public void setForceAuthnPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether a fresh user presence proof should be required for this request.
      Parameters:
      condition - condition to set

    • getDefaultAuthenticationMethods

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<Principal> getDefaultAuthenticationMethods(@Nullable ProfileRequestContext profileRequestContext)
      Get the default authentication methods to use, expressed as custom principals.
      Specified by:
      getDefaultAuthenticationMethods in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      default authentication methods to use

    • setDefaultAuthenticationMethods

      public void setDefaultAuthenticationMethods(@Nullable @NonnullElements Collection<AuthenticationMethodPrincipal> methods)
      Set the default authentication methods to use, expressed as custom principals.
      Parameters:
      methods - default authentication methods to use

    • setDefaultAuthenticationMethodsLookupStrategy

      public void setDefaultAuthenticationMethodsLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<AuthenticationMethodPrincipal>> strategy)
      Set a lookup strategy for the getDefaultAuthenticationMethods(ProfileRequestContext) method.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0

    • getAuthenticationFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public Set<String> getAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get the allowable authentication flows for this profile.

      The flow IDs returned MUST NOT contain the AuthenticationFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of authentication flow IDs to allow

    • setAuthenticationFlows

      public void setAuthenticationFlows(@Nullable @NonnullElements Collection<String> flows)
      Set the authentication flows to use.
      Parameters:
      flows - flow identifiers to use

    • setAuthenticationFlowsLookupStrategy

      public void setAuthenticationFlowsLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)
      Set a lookup strategy for the authentication flows to use.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0

    • getPostAuthenticationFlows

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getPostAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of post-authentication interceptor flows to run for this profile.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getPostAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable

    • setPostAuthenticationFlows

      public void setPostAuthenticationFlows(@Nullable @NonnullElements Collection<String> flows)
      Set the ordered collection of post-authentication interceptor flows to enable.
      Parameters:
      flows - flow identifiers to enable

    • setPostAuthenticationFlowsLookupStrategy

      public void setPostAuthenticationFlowsLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<String>> strategy)
      Set a lookup strategy for the post-authentication interceptor flows to enable.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0

    • getNameIDFormatPrecedence

      @Nonnull @NonnullElements @NotLive @Unmodifiable public List<String> getNameIDFormatPrecedence(@Nullable ProfileRequestContext profileRequestContext)
      Get the name identifier formats to use.
      Parameters:
      profileRequestContext - profile request context
      Returns:
      the formats to use

    • setNameIDFormatPrecedence

      public void setNameIDFormatPrecedence(@Nonnull @NonnullElements Collection<String> formats)
      Set the name identifier formats to use.
      Parameters:
      formats - name identifier formats to use

    • setNameIDFormatPrecedenceLookupStrategy

      public void setNameIDFormatPrecedenceLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<String>> strategy)
      Set a lookup strategy for the name identifier formats to use.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0

    • getProxyCount

      @Nullable public Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Specified by:
      getProxyCount in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion or authentication may be proxied

    • setProxyCount

      public void setProxyCount(@Nullable @NonNegative Integer count)
      Sets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      count - proxy count
      Since:
      4.0.0

    • setProxyCountLookupStrategy

      public void setProxyCountLookupStrategy(@Nonnull Function<ProfileRequestContext,Integer> strategy)
      Set a lookup strategy for the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      strategy - lookup strategy
      Since:
      4.0.0