net.shibboleth.idp.saml.profile.config

Class AbstractSAMLProfileConfiguration

java.lang.Object

net.shibboleth.idp.profile.config.AbstractProfileConfiguration

net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

All Implemented Interfaces:

ConditionalProfileConfiguration, ProfileConfiguration, SAMLProfileConfiguration, Component, IdentifiedComponent

Direct Known Subclasses:

AbstractSAML1ArtifactAwareProfileConfiguration, AbstractSAML2ProfileConfiguration, ArtifactResolutionProfileConfiguration

public abstract class AbstractSAMLProfileConfiguration
extends AbstractConditionalProfileConfiguration
implements SAMLProfileConfiguration

Base class for SAML profile configurations.

Field Summary

Fields

Modifier and Type	Field and Description
private Set<String>	assertionAudiences Additional audiences to which an assertion may be released.
private com.google.common.base.Function<ProfileRequestContext,Collection<String>>	assertionAudiencesLookupStrategy Lookup function to supply assertionAudiences property.
private long	assertionLifetime Lifetime of an assertion in milliseconds.
private com.google.common.base.Function<ProfileRequestContext,Long>	assertionLifetimeLookupStrategy Lookup function to supply assertionLifetime property.
private com.google.common.base.Predicate<ProfileRequestContext>	includeNotBeforePredicate Controls whether to include a NotBefore attribute in the Conditions of generated assertions.
private org.slf4j.Logger	log Class logger.
private com.google.common.base.Predicate<ProfileRequestContext>	signAssertionsPredicate Predicate used to determine if the generated assertion should be signed.
private com.google.common.base.Predicate<ProfileRequestContext>	signRequestsPredicate Predicate used to determine if the generated request should be signed.
private com.google.common.base.Predicate<ProfileRequestContext>	signResponsesPredicate Predicate used to determine if the generated response should be signed.

Constructor Summary

Constructors

Constructor and Description
AbstractSAMLProfileConfiguration(String profileId) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
Set<String>	getAdditionalAudiencesForAssertion() Get an unmodifiable set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
long	getAssertionLifetime() Get the lifetime of generated assertions in milliseconds.
List<String>	getInboundInterceptorFlows()
com.google.common.base.Predicate<ProfileRequestContext>	getIncludeConditionsNotBeforePredicate() Get a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.
com.google.common.base.Predicate<ProfileRequestContext>	getSignAssertions() Get the predicate used to determine if generated assertions should be signed.
com.google.common.base.Predicate<ProfileRequestContext>	getSignRequests() Get the predicate used to determine if generated requests should be signed.
com.google.common.base.Predicate<ProfileRequestContext>	getSignResponses() Get the predicate used to determine if generated responses should be signed.
boolean	includeConditionsNotBefore() Get whether to include a NotBefore attribute in the Conditions of generated assertions.
void	setAdditionalAudienceForAssertion(Collection<String> audiences) Deprecated.
void	setAdditionalAudiencesForAssertion(Collection<String> audiences) Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
void	setAssertionAudiencesLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy) Set a lookup strategy for the assertionAudiences property.
void	setAssertionLifetime(long lifetime) Set the lifetime of an assertion.
void	setAssertionLifetimeLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Long> strategy) Set a lookup strategy for the assertionLifetime property.
void	setIncludeConditionsNotBefore(boolean include) Set whether to include a NotBefore attribute in the Conditions of generated assertions.
void	setIncludeConditionsNotBeforePredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.
void	setSignAssertions(com.google.common.base.Predicate<ProfileRequestContext> predicate) Set the predicate used to determine if generated assertions should be signed.
void	setSignRequests(com.google.common.base.Predicate<ProfileRequestContext> predicate) Set the predicate used to determine if generated requests should be signed.
void	setSignResponses(com.google.common.base.Predicate<ProfileRequestContext> predicate) Set the predicate used to determine if generated responses should be signed.

Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

getActivationCondition, setActivationCondition

Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

equals, getDisallowedFeatures, getId, getIndirectProperty, getOutboundInterceptorFlows, getProfileRequestContext, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setSecurityConfiguration, setSecurityConfigurationLookupStrategy, setServletRequest

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getOutboundInterceptorFlows, getSecurityConfiguration

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

signRequestsPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> signRequestsPredicate

Predicate used to determine if the generated request should be signed. Default returns false.

signResponsesPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> signResponsesPredicate

Predicate used to determine if the generated response should be signed. Default returns true.

signAssertionsPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> signAssertionsPredicate

Predicate used to determine if the generated assertion should be signed. Default returns false.

includeNotBeforePredicate

@Nullable
private com.google.common.base.Predicate<ProfileRequestContext> includeNotBeforePredicate

Controls whether to include a NotBefore attribute in the Conditions of generated assertions.

assertionLifetimeLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Long> assertionLifetimeLookupStrategy

Lookup function to supply assertionLifetime property.

assertionLifetime

@Positive
@Duration
private long assertionLifetime

Lifetime of an assertion in milliseconds. Default value: 5 minutes

assertionAudiencesLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<String>> assertionAudiencesLookupStrategy

Lookup function to supply assertionAudiences property.

assertionAudiences

@Nonnull
@NonnullElements
private Set<String> assertionAudiences

Additional audiences to which an assertion may be released. Default value: empty

Constructor Detail

AbstractSAMLProfileConfiguration

public AbstractSAMLProfileConfiguration(@Nonnull@NotEmpty
                                String profileId)

Constructor.

Parameters:

profileId - ID of the communication profile

Method Detail

getInboundInterceptorFlows

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<String> getInboundInterceptorFlows()

Specified by:

getInboundInterceptorFlows in interface ProfileConfiguration

Overrides:

getInboundInterceptorFlows in class AbstractProfileConfiguration

getSignAssertions

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getSignAssertions()

Get the predicate used to determine if generated assertions should be signed.

Specified by:

getSignAssertions in interface SAMLProfileConfiguration

Returns:

predicate used to determine if generated assertions should be signed

setSignAssertions

public void setSignAssertions(@Nonnull
                     com.google.common.base.Predicate<ProfileRequestContext> predicate)

Set the predicate used to determine if generated assertions should be signed.

Parameters:

predicate - predicate used to determine if generated assertions should be signed

getSignRequests

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getSignRequests()

Get the predicate used to determine if generated requests should be signed.

Specified by:

getSignRequests in interface SAMLProfileConfiguration

Returns:

predicate used to determine if generated requests should be signed

setSignRequests

public void setSignRequests(@Nonnull
                   com.google.common.base.Predicate<ProfileRequestContext> predicate)

Set the predicate used to determine if generated requests should be signed.

Parameters:

predicate - predicate used to determine if generated requests should be signed

getSignResponses

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getSignResponses()

Get the predicate used to determine if generated responses should be signed.

Specified by:

getSignResponses in interface SAMLProfileConfiguration

Returns:

predicate used to determine if generated responses should be signed

setSignResponses

public void setSignResponses(@Nonnull
                    com.google.common.base.Predicate<ProfileRequestContext> predicate)

Set the predicate used to determine if generated responses should be signed.

Parameters:

predicate - predicate used to determine if generated responses should be signed

getAssertionLifetime

@Positive
@Duration
public long getAssertionLifetime()

Get the lifetime of generated assertions in milliseconds.

Specified by:

getAssertionLifetime in interface SAMLProfileConfiguration

Returns:

lifetime of generated assertions in milliseconds

setAssertionLifetime

@Duration
public void setAssertionLifetime(@Positive@Duration
                                 long lifetime)

Set the lifetime of an assertion.

Parameters:

lifetime - lifetime of an assertion in milliseconds

setAssertionLifetimeLookupStrategy

public void setAssertionLifetimeLookupStrategy(@Nullable
                                      com.google.common.base.Function<ProfileRequestContext,Long> strategy)

Set a lookup strategy for the assertionLifetime property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

includeConditionsNotBefore

public boolean includeConditionsNotBefore()

Get whether to include a NotBefore attribute in the Conditions of generated assertions.

Specified by:

includeConditionsNotBefore in interface SAMLProfileConfiguration

Returns:

whether to include a NotBefore attribute in the Conditions of generated assertions

setIncludeConditionsNotBefore

public void setIncludeConditionsNotBefore(boolean include)

Set whether to include a NotBefore attribute in the Conditions of generated assertions.

Parameters:

include - whether to include a NotBefore attribute in the Conditions of generated assertions

getIncludeConditionsNotBeforePredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getIncludeConditionsNotBeforePredicate()

Get a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.

Returns:

a condition to evaluate

Since:

3.3.0

setIncludeConditionsNotBeforePredicate

public void setIncludeConditionsNotBeforePredicate(@Nonnull
                                          com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.

Parameters:

condition - lookup strategy

Since:

3.3.0

getAdditionalAudiencesForAssertion

@Nonnull
@NonnullElements
@NotLive
public Set<String> getAdditionalAudiencesForAssertion()

Get an unmodifiable set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.

Specified by:

getAdditionalAudiencesForAssertion in interface SAMLProfileConfiguration

Returns:

additional audiences to which an assertion may be shared

setAdditionalAudienceForAssertion

@Deprecated
public void setAdditionalAudienceForAssertion(@Nonnull@NonnullElements
                                                Collection<String> audiences)

Deprecated.

Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.

Parameters:

audiences - the additional audiences

setAdditionalAudiencesForAssertion

public void setAdditionalAudiencesForAssertion(@Nullable@NonnullElements
                                      Collection<String> audiences)

Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.

Parameters:

audiences - the additional audiences

setAssertionAudiencesLookupStrategy

public void setAssertionAudiencesLookupStrategy(@Nullable
                                       com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy)

Set a lookup strategy for the assertionAudiences property.

Parameters:

strategy - lookup strategy

Since:

3.3.0