Package net.shibboleth.idp.saml.saml2.profile.config

Class AbstractSAML2ProfileConfiguration

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
net.shibboleth.idp.profile.config.AbstractProfileConfiguration
net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration
net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ProfileConfiguration
All Implemented Interfaces:
ConditionalProfileConfiguration, ProfileConfiguration, SAMLProfileConfiguration, SAML2ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
AbstractSAML2ArtifactAwareProfileConfiguration, ArtifactResolutionProfileConfiguration
public abstract class AbstractSAML2ProfileConfiguration extends AbstractSAMLProfileConfiguration implements SAML2ProfileConfiguration
Base class for SAML 2 profile configurations.

  • Field Details

    • ignoreRequestSignaturesPredicate

      @Nonnull private Predicate<ProfileRequestContext> ignoreRequestSignaturesPredicate
      Whether to ignore signatures in requests.

    • encryptionOptionalPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptionOptionalPredicate
      Whether encryption is optional in the face of no key, etc.

    • encryptAssertionsPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptAssertionsPredicate
      Predicate used to determine if assertions should be encrypted.

    • encryptNameIDsPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptNameIDsPredicate
      Predicate used to determine if name identifiers should be encrypted.

    • encryptAttributesPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptAttributesPredicate
      Predicate used to determine if attributes should be encrypted.

    • proxyCountLookupStrategy

      @Nonnull private Function<ProfileRequestContext,Integer> proxyCountLookupStrategy
      Lookup function to supply proxyCount property.

    • proxyAudiencesLookupStrategy

      @Nonnull private Function<ProfileRequestContext,Collection<String>> proxyAudiencesLookupStrategy
      Lookup function to supply proxy audiences.

  • Constructor Details

    • AbstractSAML2ProfileConfiguration

      public AbstractSAML2ProfileConfiguration(@Nonnull @NotEmpty String profileId)
      Constructor.
      Parameters:
      profileId - ID of the communication profile, never null or empty

  • Method Details

    • getProxyCount

      @Nullable public Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied.
      Specified by:
      getProxyCount in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion may be proxied

    • setProxyCount

      public void setProxyCount(@Nullable @NonNegative Integer count)
      Set the maximum number of times an assertion may be proxied.
      Parameters:
      count - maximum number of times an assertion may be proxied

    • setProxyCountLookupStrategy

      public void setProxyCountLookupStrategy(@Nonnull Function<ProfileRequestContext,Integer> strategy)
      Set a lookup strategy for the maximum number of times an assertion may be proxied.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0

    • getProxyAudiences

      @Nonnull @NonnullElements @NotLive @Unmodifiable public Set<String> getProxyAudiences(@Nullable ProfileRequestContext profileRequestContext)
      Gets the unmodifiable collection of audiences for a proxied assertion.
      Specified by:
      getProxyAudiences in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      audiences for a proxied assertion

    • setProxyAudiences

      public void setProxyAudiences(@Nullable @NonnullElements Collection<String> audiences)
      Set the proxy audiences to be added to responses.
      Parameters:
      audiences - proxy audiences to be added to responses

    • setProxyAudiencesLookupStrategy

      public void setProxyAudiencesLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<String>> strategy)
      Set a lookup strategy for the proxy audiences to be added to responses.
      Parameters:
      strategy - lookup strategy
      Since:
      3.3.0

    • isIgnoreRequestSignatures

      public boolean isIgnoreRequestSignatures(@Nonnull ProfileRequestContext profileRequestContext)
      Gets whether to bypass verification of request signatures.

      This is typically of use to deal with broken services or to allow a signer's key to be bypassed in the event that it is managed improperly.

      Specified by:
      isIgnoreRequestSignatures in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff request signatures should be ignored

    • setIgnoreRequestSignatures

      public void setIgnoreRequestSignatures(boolean flag)
      Sets whether to bypass verification of request signatures.
      Parameters:
      flag - flag to set
      Since:
      4.0.0

    • setIgnoreRequestSignaturesPredicate

      public void setIgnoreRequestSignaturesPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Sets a condition to determine whether to bypass verification of request signatures.
      Parameters:
      condition - condition to set
      Since:
      4.0.0

    • isEncryptionOptional

      public boolean isEncryptionOptional(@Nullable ProfileRequestContext profileRequestContext)
      Gets whether to ignore an inability to encrypt due to external factors.

      This allows a deployer to signal that encryption is "best effort" and can be omitted if a relying party doesn't possess a key, support a compatible algorithm, etc.

      Defaults to false.

      Specified by:
      isEncryptionOptional in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff encryption should be treated as optional

    • setEncryptionOptional

      public void setEncryptionOptional(boolean flag)
      Set whether encryption is optional in the face of a missing key, etc.
      Parameters:
      flag - flag to set

    • setEncryptionOptionalPredicate

      public void setEncryptionOptionalPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether encryption is optional in the face of a missing key, etc.
      Parameters:
      condition - condition to set
      Since:
      3.3.0

    • isEncryptAssertions

      public boolean isEncryptAssertions(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if assertions should be encrypted.
      Specified by:
      isEncryptAssertions in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if assertions should be encrypted

    • setEncryptAssertions

      public void setEncryptAssertions(boolean flag)
      Set whether assertions should be encrypted.
      Parameters:
      flag - flag to set

    • setEncryptAssertionsPredicate

      public void setEncryptAssertionsPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if assertions should be encrypted.
      Parameters:
      predicate - predicate used to determine if assertions should be encrypted
      Since:
      4.0.0

    • isEncryptNameIDs

      public boolean isEncryptNameIDs(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if name identifiers should be encrypted.
      Specified by:
      isEncryptNameIDs in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if name identifiers should be encrypted

    • setEncryptNameIDs

      public void setEncryptNameIDs(boolean flag)
      Set whether name identifiers should be encrypted.
      Parameters:
      flag - flag to set

    • setEncryptNameIDsPredicate

      public void setEncryptNameIDsPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if name identifiers should be encrypted.
      Parameters:
      predicate - predicate used to determine if name identifiers should be encrypted
      Since:
      4.0.0

    • isEncryptAttributes

      public boolean isEncryptAttributes(@Nullable ProfileRequestContext profileRequestContext)
      Gets the predicate used to determine if attributes should be encrypted.
      Specified by:
      isEncryptAttributes in interface SAML2ProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      predicate used to determine if attributes should be encrypted

    • setEncryptAttributes

      public void setEncryptAttributes(boolean flag)
      Set whether attributes should be encrypted.
      Parameters:
      flag - flag to set

    • setEncryptAttributesPredicate

      public void setEncryptAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if attributes should be encrypted.
      Parameters:
      predicate - predicate used to determine if attributes should be encrypted
      Since:
      4.0.0