Package net.shibboleth.idp.saml.saml2.profile.config

Interface SAML2ProfileConfiguration

All Known Implementing Classes:
AbstractSAML2ArtifactAwareProfileConfiguration, AbstractSAML2ProfileConfiguration, ArtifactResolutionProfileConfiguration, AttributeQueryProfileConfiguration, BrowserSSOProfileConfiguration, ECPProfileConfiguration, SingleLogoutProfileConfiguration, SSOSProfileConfiguration
public interface SAML2ProfileConfiguration
Base interface for SAML 2 profile configurations.

  • Method Details

    • getProxyCount

      @NonNegative @Nullable Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion may be proxied

    • getProxyAudiences

      @Nonnull @NonnullElements @NotLive @Unmodifiable Set<String> getProxyAudiences(@Nullable ProfileRequestContext profileRequestContext)
      Gets the unmodifiable collection of audiences for a proxied assertion.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      audiences for a proxied assertion

    • isIgnoreRequestSignatures

      boolean isIgnoreRequestSignatures(@Nonnull ProfileRequestContext profileRequestContext)
      Gets whether to bypass verification of request signatures.

      This is typically of use to deal with broken services or to allow a signer's key to be bypassed in the event that it is managed improperly.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff request signatures should be ignored
      Since:
      4.0.0

    • isEncryptionOptional

      boolean isEncryptionOptional(@Nullable ProfileRequestContext profileRequestContext)
      Gets whether to ignore an inability to encrypt due to external factors.

      This allows a deployer to signal that encryption is "best effort" and can be omitted if a relying party doesn't possess a key, support a compatible algorithm, etc.

      Defaults to false.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff encryption should be treated as optional

    • isEncryptAssertions

      boolean isEncryptAssertions(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if assertions should be encrypted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if assertions should be encrypted

    • isEncryptNameIDs

      boolean isEncryptNameIDs(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if name identifiers should be encrypted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if name identifiers should be encrypted

    • isEncryptAttributes

      boolean isEncryptAttributes(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if attributes should be encrypted.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if attributes should be encrypted