net.shibboleth.idp.saml.saml1.profile.config

Class BrowserSSOProfileConfiguration

java.lang.Object

net.shibboleth.idp.profile.config.AbstractProfileConfiguration

net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

net.shibboleth.idp.saml.saml1.profile.config.AbstractSAML1ArtifactAwareProfileConfiguration

net.shibboleth.idp.saml.saml1.profile.config.BrowserSSOProfileConfiguration

All Implemented Interfaces:

AuthenticationProfileConfiguration, ConditionalProfileConfiguration, ProfileConfiguration, SAMLArtifactAwareProfileConfiguration, SAMLProfileConfiguration, SAML1ProfileConfiguration, Component, IdentifiedComponent

public class BrowserSSOProfileConfiguration
extends AbstractSAML1ArtifactAwareProfileConfiguration
implements AuthenticationProfileConfiguration

Configuration for SAML 1 Browser SSO profile requests.

Field Summary

Fields

Modifier and Type	Field and Description
private Set<String>	authenticationFlows Filters the usable authentication flows.
private com.google.common.base.Function<ProfileRequestContext,Set<String>>	authenticationFlowsLookupStrategy Lookup function to supply authenticationFlows property.
private List<AuthenticationMethodPrincipal>	defaultAuthenticationMethods Selects, and limits, the authentication methods to use for requests.
private com.google.common.base.Function<ProfileRequestContext,Collection<AuthenticationMethodPrincipal>>	defaultAuthenticationMethodsLookupStrategy Lookup function to supply defaultAuthenticationMethods property.
private com.google.common.base.Predicate<ProfileRequestContext>	forceAuthnPredicate Whether to mandate forced authentication for the request.
private com.google.common.base.Predicate<ProfileRequestContext>	includeAttributeStatementPredicate Whether responses to the authentication request should include an attribute statement.
private List<String>	nameIDFormatPrecedence Precedence of name identifier formats to use for requests.
private com.google.common.base.Function<ProfileRequestContext,Collection<String>>	nameIDFormatPrecedenceLookupStrategy Lookup function to supply nameIDFormatPrecedence property.
private List<String>	postAuthenticationFlows Enables post-authentication interceptor flows.
private com.google.common.base.Function<ProfileRequestContext,Collection<String>>	postAuthenticationFlowsLookupStrategy Lookup function to supply postAuthenticationFlows property.
static String	PROFILE_ID ID for this profile configuration.
private com.google.common.base.Predicate<ProfileRequestContext>	resolveAttributesPredicate Whether attributes should be resolved in the course of the profile.

Constructor Summary

Constructors

Modifier	Constructor and Description
	BrowserSSOProfileConfiguration() Constructor.
protected	BrowserSSOProfileConfiguration(String profileId) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
Set<String>	getAuthenticationFlows()
List<Principal>	getDefaultAuthenticationMethods()
com.google.common.base.Predicate<ProfileRequestContext>	getForceAuthnPredicate() Get a condition to determine whether a fresh user presence proof should be required for this request.
com.google.common.base.Predicate<ProfileRequestContext>	getIncludeAttributeStatementPredicate() Get a condition to determine whether responses to the authentication request should include an attribute statement.
List<String>	getNameIDFormatPrecedence()
List<String>	getPostAuthenticationFlows()
com.google.common.base.Predicate<ProfileRequestContext>	getResolveAttributesPredicate() Get a condition to determine whether attributes should be resolved during the profile.
boolean	includeAttributeStatement() Deprecated. Use getIncludeAttributeStatementPredicate() instead.
boolean	resolveAttributes() Deprecated. Use getResolveAttributesPredicate() instead.
void	setAuthenticationFlows(Collection<String> flows) Set the authentication flows to use.
void	setAuthenticationFlowsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Set<String>> strategy) Set a lookup strategy for the authenticationFlows property.
void	setDefaultAuthenticationMethods(Collection<AuthenticationMethodPrincipal> methods) Set the default authentication methods to use, expressed as custom principals.
void	setDefaultAuthenticationMethodsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<AuthenticationMethodPrincipal>> strategy) Set a lookup strategy for the defaultAuthenticationMethods property.
void	setForceAuthn(boolean flag) Set whether a fresh user presence proof should be required for this request.
void	setForceAuthnPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether a fresh user presence proof should be required for this request.
void	setIncludeAttributeStatement(boolean include) Set whether responses to the authentication request should include an attribute statement.
void	setIncludeAttributeStatementPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether responses to the authentication request should include an attribute statement.
void	setNameIDFormatPrecedence(Collection<String> formats) Set the name identifier formats to use.
void	setNameIDFormatPrecedenceLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy) Set a lookup strategy for the nameIDFormatPrecedence property.
void	setPostAuthenticationFlows(Collection<String> flows) Set the ordered collection of post-authentication interceptor flows to enable.
void	setPostAuthenticationFlowsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy) Set a lookup strategy for the postAuthenticationFlows property.
void	setResolveAttributes(boolean flag) Set whether attributes should be resolved during the profile.
void	setResolveAttributesPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether attributes should be resolved during the profile.

Methods inherited from class net.shibboleth.idp.saml.saml1.profile.config.AbstractSAML1ArtifactAwareProfileConfiguration

getArtifactConfiguration, setArtifactConfiguration, setArtifactConfigurationLookupStrategy

Methods inherited from class net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

getAdditionalAudiencesForAssertion, getAssertionLifetime, getInboundInterceptorFlows, getIncludeConditionsNotBeforePredicate, getSignAssertions, getSignRequests, getSignResponses, includeConditionsNotBefore, setAdditionalAudienceForAssertion, setAdditionalAudiencesForAssertion, setAssertionAudiencesLookupStrategy, setAssertionLifetime, setAssertionLifetimeLookupStrategy, setIncludeConditionsNotBefore, setIncludeConditionsNotBeforePredicate, setSignAssertions, setSignRequests, setSignResponses

Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

getActivationCondition, setActivationCondition

Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

equals, getDisallowedFeatures, getId, getIndirectProperty, getOutboundInterceptorFlows, getProfileRequestContext, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setSecurityConfiguration, setSecurityConfigurationLookupStrategy, setServletRequest

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration

getAdditionalAudiencesForAssertion, getAssertionLifetime, getSignAssertions, getSignRequests, getSignResponses, includeConditionsNotBefore

Field Detail

PROFILE_ID

public static final String PROFILE_ID

ID for this profile configuration.

See Also:

Constant Field Values

resolveAttributesPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> resolveAttributesPredicate

Whether attributes should be resolved in the course of the profile.

includeAttributeStatementPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> includeAttributeStatementPredicate

Whether responses to the authentication request should include an attribute statement.

forceAuthnPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> forceAuthnPredicate

Whether to mandate forced authentication for the request.

defaultAuthenticationMethodsLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<AuthenticationMethodPrincipal>> defaultAuthenticationMethodsLookupStrategy

Lookup function to supply defaultAuthenticationMethods property.

defaultAuthenticationMethods

@Nonnull
@NonnullElements
private List<AuthenticationMethodPrincipal> defaultAuthenticationMethods

Selects, and limits, the authentication methods to use for requests.

authenticationFlowsLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Set<String>> authenticationFlowsLookupStrategy

Lookup function to supply authenticationFlows property.

authenticationFlows

@Nonnull
@NonnullElements
private Set<String> authenticationFlows

Filters the usable authentication flows.

postAuthenticationFlowsLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<String>> postAuthenticationFlowsLookupStrategy

Lookup function to supply postAuthenticationFlows property.

postAuthenticationFlows

@Nonnull
@NonnullElements
private List<String> postAuthenticationFlows

Enables post-authentication interceptor flows.

nameIDFormatPrecedenceLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<String>> nameIDFormatPrecedenceLookupStrategy

Lookup function to supply nameIDFormatPrecedence property.

nameIDFormatPrecedence

@Nonnull
@NonnullElements
private List<String> nameIDFormatPrecedence

Precedence of name identifier formats to use for requests.

Constructor Detail

BrowserSSOProfileConfiguration

public BrowserSSOProfileConfiguration()

Constructor.

BrowserSSOProfileConfiguration

protected BrowserSSOProfileConfiguration(@Nonnull@NotEmpty
                              String profileId)

Constructor.

Parameters:

profileId - unique ID for this profile

Method Detail

resolveAttributes

public boolean resolveAttributes()

Deprecated. Use getResolveAttributesPredicate() instead.

Get whether attributes should be resolved during the profile.

Default is true

Returns:

true iff attributes should be resolved

setResolveAttributes

public void setResolveAttributes(boolean flag)

Set whether attributes should be resolved during the profile.

Parameters:

flag - flag to set

getResolveAttributesPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getResolveAttributesPredicate()

Get a condition to determine whether attributes should be resolved during the profile.

Returns:

condition

Since:

3.3.0

setResolveAttributesPredicate

public void setResolveAttributesPredicate(@Nonnull
                                 com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether attributes should be resolved during the profile.

Parameters:

condition - condition to set

Since:

3.3.0

includeAttributeStatement

public boolean includeAttributeStatement()

Deprecated. Use getIncludeAttributeStatementPredicate() instead.

Get whether responses to the authentication request should include an attribute statement.

Default is true

Returns:

whether responses to the authentication request should include an attribute statement

setIncludeAttributeStatement

public void setIncludeAttributeStatement(boolean include)

Set whether responses to the authentication request should include an attribute statement.

Parameters:

include - flag to set

getIncludeAttributeStatementPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getIncludeAttributeStatementPredicate()

Get a condition to determine whether responses to the authentication request should include an attribute statement.

Returns:

condition

Since:

3.3.0

setIncludeAttributeStatementPredicate

public void setIncludeAttributeStatementPredicate(@Nonnull
                                         com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether responses to the authentication request should include an attribute statement.

Parameters:

condition - condition to set

Since:

3.3.0

getForceAuthnPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getForceAuthnPredicate()

Get a condition to determine whether a fresh user presence proof should be required for this request.

Returns:

condition

Since:

3.4.0

setForceAuthnPredicate

public void setForceAuthnPredicate(@Nonnull
                          com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether a fresh user presence proof should be required for this request.

Parameters:

condition - condition to set

Since:

3.4.0

setForceAuthn

public void setForceAuthn(boolean flag)

Set whether a fresh user presence proof should be required for this request.

Parameters:

flag - flag to set

Since:

3.4.0

getDefaultAuthenticationMethods

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<Principal> getDefaultAuthenticationMethods()

Specified by:

getDefaultAuthenticationMethods in interface AuthenticationProfileConfiguration

setDefaultAuthenticationMethods

public void setDefaultAuthenticationMethods(@Nullable@NonnullElements
                                   Collection<AuthenticationMethodPrincipal> methods)

Set the default authentication methods to use, expressed as custom principals.

Parameters:

methods - default authentication methods to use

setDefaultAuthenticationMethodsLookupStrategy

public void setDefaultAuthenticationMethodsLookupStrategy(@Nullable
                                                 com.google.common.base.Function<ProfileRequestContext,Collection<AuthenticationMethodPrincipal>> strategy)

Set a lookup strategy for the defaultAuthenticationMethods property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getAuthenticationFlows

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public Set<String> getAuthenticationFlows()

Specified by:

getAuthenticationFlows in interface AuthenticationProfileConfiguration

setAuthenticationFlows

public void setAuthenticationFlows(@Nullable@NonnullElements
                          Collection<String> flows)

Set the authentication flows to use.

Parameters:

flows - flow identifiers to use

setAuthenticationFlowsLookupStrategy

public void setAuthenticationFlowsLookupStrategy(@Nullable
                                        com.google.common.base.Function<ProfileRequestContext,Set<String>> strategy)

Set a lookup strategy for the authenticationFlows property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getPostAuthenticationFlows

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<String> getPostAuthenticationFlows()

Specified by:

getPostAuthenticationFlows in interface AuthenticationProfileConfiguration

setPostAuthenticationFlows

public void setPostAuthenticationFlows(@Nullable@NonnullElements
                              Collection<String> flows)

Set the ordered collection of post-authentication interceptor flows to enable.

Parameters:

flows - flow identifiers to enable

setPostAuthenticationFlowsLookupStrategy

public void setPostAuthenticationFlowsLookupStrategy(@Nullable
                                            com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy)

Set a lookup strategy for the postAuthenticationFlows property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getNameIDFormatPrecedence

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<String> getNameIDFormatPrecedence()

Specified by:

getNameIDFormatPrecedence in interface AuthenticationProfileConfiguration

setNameIDFormatPrecedence

public void setNameIDFormatPrecedence(@Nonnull@NonnullElements
                             Collection<String> formats)

Set the name identifier formats to use.

Parameters:

formats - name identifier formats to use

setNameIDFormatPrecedenceLookupStrategy

public void setNameIDFormatPrecedenceLookupStrategy(@Nullable
                                           com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy)

Set a lookup strategy for the nameIDFormatPrecedence property.

Parameters:

strategy - lookup strategy

Since:

3.3.0