Package net.shibboleth.idp.saml.saml2.profile.config

Class SingleLogoutProfileConfiguration

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

net.shibboleth.idp.profile.config.AbstractProfileConfiguration

net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ProfileConfiguration

net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ArtifactAwareProfileConfiguration

net.shibboleth.idp.saml.saml2.profile.config.SingleLogoutProfileConfiguration

All Implemented Interfaces:

ConditionalProfileConfiguration, ProfileConfiguration, SAMLArtifactAwareProfileConfiguration, SAMLArtifactConsumerProfileConfiguration, SAMLProfileConfiguration, SAML2ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

public class SingleLogoutProfileConfiguration
extends AbstractSAML2ArtifactAwareProfileConfiguration

Configuration support for SAML 2 Single Logout.

Field Summary

Fields

Modifier and Type	Field	Description
private Predicate<MessageContext>	clientTLSSOAPRequestsPredicate	Predicate used to determine if SOAP-based requests should use client TLS.
static final String	PROFILE_ID	ID for this profile configuration.
private Function<ProfileRequestContext,Collection<String>>	qualifiedNameIDFormatsLookupStrategy	Lookup function to supply qualifiedNameIDFormats property.
private Predicate<MessageContext>	signSOAPRequestsPredicate	Predicate used to determine if SOAP-based requests should be signed.

Fields inherited from class net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

DEFAULT_ASSERTION_LIFETIME

Fields inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

DEFAULT_DISALLOWED_FEATURES

Constructor Summary

Constructors

Modifier	Constructor	Description
	SingleLogoutProfileConfiguration()	Constructor.
protected	SingleLogoutProfileConfiguration(String profileId)	Constructor.

Method Summary

Modifier and Type	Method	Description
Collection<String>	getQualifiedNameIDFormats(ProfileRequestContext profileRequestContext)	Get a collection of NameID Format values for which the use of the NameQualifier and SPNameQualifier attributes is defined to allow default/implicit values derived from the asserting and relying parties.
boolean	isClientTLSSOAPRequests(MessageContext messageContext)	Get whether SOAP-based requests should use client TLS.
boolean	isSignSOAPRequests(MessageContext messageContext)	Get whether SOAP-based requests should be signed.
void	setClientTLSSOAPRequests(boolean flag)	Set whether SOAP-based requests should use client TLS.
void	setClientTLSSOAPRequestsPredicate(Predicate<MessageContext> predicate)	Set the predicate used to determine if SOAP-based requests should use client TLS.
void	setQualifiedNameIDFormats(Collection<String> formats)	Set a collection of NameID Format values for which the use of the NameQualifier and SPNameQualifier attributes is defined to allow default/implicit values derived from the asserting and relying parties.
void	setQualifiedNameIDFormatsLookupStrategy(Function<ProfileRequestContext,Collection<String>> strategy)	Set a lookup strategy for the Format values for which the use of the NameQualifier and SPNameQualifier attributes is defined to allow default/implicit values derived from the asserting and relying parties.
void	setSignSOAPRequests(boolean flag)	Set whether SOAP-based requests should be signed.
void	setSignSOAPRequestsPredicate(Predicate<MessageContext> predicate)	Set the predicate used to determine if SOAP-based requests should be signed.

Methods inherited from class net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ArtifactAwareProfileConfiguration

getArtifactConfiguration, isClientTLSArtifactRequests, isSignArtifactRequests, setArtifactConfiguration, setArtifactConfigurationLookupStrategy, setClientTLSArtifactRequests, setClientTLSArtifactRequestsPredicate, setSignArtifactRequests, setSignArtifactRequestsPredicate

Methods inherited from class net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ProfileConfiguration

getProxyAudiences, getProxyCount, isEncryptAssertions, isEncryptAttributes, isEncryptionOptional, isEncryptNameIDs, isIgnoreRequestSignatures, setEncryptAssertions, setEncryptAssertionsPredicate, setEncryptAttributes, setEncryptAttributesPredicate, setEncryptionOptional, setEncryptionOptionalPredicate, setEncryptNameIDs, setEncryptNameIDsPredicate, setIgnoreRequestSignatures, setIgnoreRequestSignaturesPredicate, setProxyAudiences, setProxyAudiencesLookupStrategy, setProxyCount, setProxyCountLookupStrategy

Methods inherited from class net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

getAdditionalAudiencesForAssertion, getAssertionLifetime, isIncludeConditionsNotBefore, isSignAssertions, isSignRequests, isSignResponses, setAdditionalAudiencesForAssertion, setAdditionalAudiencesForAssertionLookupStrategy, setAssertionLifetime, setAssertionLifetimeLookupStrategy, setIncludeConditionsNotBefore, setIncludeConditionsNotBeforePredicate, setSignAssertions, setSignAssertionsPredicate, setSignRequests, setSignRequestsPredicate, setSignResponses, setSignResponsesPredicate

Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

getActivationCondition, setActivationCondition

Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

equals, getDisallowedFeatures, getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setInboundInterceptorFlowsLookupStrategy, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setOutboundInterceptorFlowsLookupStrategy, setSecurityConfiguration, setSecurityConfigurationLookupStrategy

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

doInitialize, getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Methods inherited from interface net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration

getAdditionalAudiencesForAssertion, getAssertionLifetime, isIncludeConditionsNotBefore, isSignAssertions, isSignRequests, isSignResponses

Field Details

PROFILE_ID

@Nonnull
@NotEmpty
public static final String PROFILE_ID

ID for this profile configuration.

See Also:

• Constant Field Values

signSOAPRequestsPredicate

@Nonnull
private Predicate<MessageContext> signSOAPRequestsPredicate

Predicate used to determine if SOAP-based requests should be signed.

clientTLSSOAPRequestsPredicate

@Nonnull
private Predicate<MessageContext> clientTLSSOAPRequestsPredicate

Predicate used to determine if SOAP-based requests should use client TLS.

qualifiedNameIDFormatsLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Collection<String>> qualifiedNameIDFormatsLookupStrategy

Lookup function to supply qualifiedNameIDFormats property.

Constructor Details

SingleLogoutProfileConfiguration

public SingleLogoutProfileConfiguration()

Constructor.

SingleLogoutProfileConfiguration

protected SingleLogoutProfileConfiguration(@Nonnull @NotEmpty
 String profileId)

Constructor.

Parameters:

profileId - unique ID for this profile

Method Details

isSignSOAPRequests

public boolean isSignSOAPRequests(@Nullable
 MessageContext messageContext)

Get whether SOAP-based requests should be signed.

Parameters:

messageContext - current message context

Returns:

whether SOAP-based requests should be signed

Since:

4.0.0

setSignSOAPRequests

public void setSignSOAPRequests(boolean flag)

Set whether SOAP-based requests should be signed.

Parameters:

flag - flag to set

Since:

4.0.0

setSignSOAPRequestsPredicate

public void setSignSOAPRequestsPredicate(@Nonnull
 Predicate<MessageContext> predicate)

Set the predicate used to determine if SOAP-based requests should be signed.

Parameters:

predicate - the predicate

Since:

4.0.0

isClientTLSSOAPRequests

public boolean isClientTLSSOAPRequests(@Nullable
 MessageContext messageContext)

Get whether SOAP-based requests should use client TLS.

Parameters:

messageContext - current message context

Returns:

whether SOAP-based requests should use client TLS

Since:

4.0.0

setClientTLSSOAPRequests

public void setClientTLSSOAPRequests(boolean flag)

Set whether SOAP-based requests should use client TLS.

Parameters:

flag - flag to set

Since:

4.0.0

setClientTLSSOAPRequestsPredicate

public void setClientTLSSOAPRequestsPredicate(@Nonnull
 Predicate<MessageContext> predicate)

Set the predicate used to determine if SOAP-based requests should use client TLS.

Parameters:

predicate - the predicate

Since:

4.0.0

getQualifiedNameIDFormats

@Nonnull
@NonnullElements
@NotLive
public Collection<String> getQualifiedNameIDFormats(@Nullable
 ProfileRequestContext profileRequestContext)

Get a collection of NameID Format values for which the use of the NameQualifier and SPNameQualifier attributes is defined to allow default/implicit values derived from the asserting and relying parties.

In the core standard, only the NameIDType.PERSISTENT and NameIDType.TRANSIENT Formats are defined in this manner. This setting identifies additional Formats that should be handled in this way.

Parameters:

profileRequestContext - current profile request context

Returns:

additional Formats for which defaulting of qualifiers is permissable

Since:

3.4.0

setQualifiedNameIDFormats

public void setQualifiedNameIDFormats(@Nullable @NonnullElements
 Collection<String> formats)

Set a collection of NameID Format values for which the use of the NameQualifier and SPNameQualifier attributes is defined to allow default/implicit values derived from the asserting and relying parties.

In the core standard, only the NameIDType.PERSISTENT and NameIDType.TRANSIENT Formats are defined in this manner. This setting identifies additional Formats that should be handled in this way.

Parameters:

formats - additional Formats for which defaulting of qualifiers is permissable

Since:

3.4.0

setQualifiedNameIDFormatsLookupStrategy

public void setQualifiedNameIDFormatsLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Collection<String>> strategy)

Set a lookup strategy for the Format values for which the use of the NameQualifier and SPNameQualifier attributes is defined to allow default/implicit values derived from the asserting and relying parties.

Parameters:

strategy - lookup strategy

Since:

3.4.0