net.shibboleth.idp.saml.saml2.profile.config

Class BrowserSSOProfileConfiguration

java.lang.Object

net.shibboleth.idp.profile.config.AbstractProfileConfiguration

net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ProfileConfiguration

net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ArtifactAwareProfileConfiguration

net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration

All Implemented Interfaces:

AuthenticationProfileConfiguration, ConditionalProfileConfiguration, ProfileConfiguration, SAMLArtifactAwareProfileConfiguration, SAMLArtifactConsumerProfileConfiguration, SAMLProfileConfiguration, SAML2ProfileConfiguration, Component, IdentifiedComponent

Direct Known Subclasses:

ECPProfileConfiguration, SSOSProfileConfiguration

public class BrowserSSOProfileConfiguration
extends AbstractSAML2ArtifactAwareProfileConfiguration
implements AuthenticationProfileConfiguration

Configuration support for SAML 2 Browser SSO.

Field Summary

Fields

Modifier and Type	Field and Description
private com.google.common.base.Predicate<ProfileRequestContext>	allowDelegationPredicate The predicate used to determine if produced assertions may be delegated.
private Set<String>	authenticationFlows Filters the usable authentication flows.
private com.google.common.base.Function<ProfileRequestContext,Set<String>>	authenticationFlowsLookupStrategy Lookup function to supply authenticationFlows property.
private List<AuthnContextClassRefPrincipal>	defaultAuthenticationContexts Selects, and limits, the authentication contexts to use for requests.
private com.google.common.base.Function<ProfileRequestContext,Collection<AuthnContextClassRefPrincipal>>	defaultAuthenticationContextsLookupStrategy Lookup function to supply defaultAuthenticationContexts property.
static int	FEATURE_AUTHNCONTEXT Bit constant for RequestedAuthnContext feature.
private com.google.common.base.Predicate<ProfileRequestContext>	forceAuthnPredicate Whether to mandate forced authentication for the request.
private com.google.common.base.Predicate<ProfileRequestContext>	includeAttributeStatementPredicate Whether responses to the authentication request should include an attribute statement.
private long	maximumSPSessionLifetime The maximum amount of time, in milliseconds, the service provider should maintain a session for the user.
private com.google.common.base.Function<ProfileRequestContext,Long>	maximumSPSessionLifetimeLookupStrategy Lookup function to supply maximumSPSessionLifetime property.
private long	maximumTokenDelegationChainLength Limits the total number of delegates that may be derived from the initial SAML token.
private com.google.common.base.Function<ProfileRequestContext,Long>	maximumTokenDelegationChainLengthLookupStrategy Lookup function to supply maximumTokenDelegationChainLength property.
private List<String>	nameIDFormatPrecedence Precedence of name identifier formats to use for requests.
private com.google.common.base.Function<ProfileRequestContext,Collection<String>>	nameIDFormatPrecedenceLookupStrategy Lookup function to supply nameIDFormatPrecedence property.
private List<String>	postAuthenticationFlows Enables post-authentication interceptor flows.
private com.google.common.base.Function<ProfileRequestContext,Collection<String>>	postAuthenticationFlowsLookupStrategy Lookup function to supply postAuthenticationFlows property.
static String	PROFILE_ID ID for this profile configuration.
private com.google.common.base.Predicate<ProfileRequestContext>	resolveAttributesPredicate Whether attributes should be resolved in the course of the profile.
private com.google.common.base.Predicate<ProfileRequestContext>	skipEndpointValidationWhenSignedPredicate Whether the response endpoint should be validated if the request is signed.

Constructor Summary

Constructors

Modifier	Constructor and Description
	BrowserSSOProfileConfiguration() Constructor.
protected	BrowserSSOProfileConfiguration(String profileId) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
com.google.common.base.Predicate<ProfileRequestContext>	getAllowDelegation() Get the predicate used to determine if produced assertions may be delegated.
Boolean	getAllowingDelegation() Deprecated. use instead getAllowDelegation() predicate
Set<String>	getAuthenticationFlows()
List<Principal>	getDefaultAuthenticationMethods()
com.google.common.base.Predicate<ProfileRequestContext>	getForceAuthnPredicate() Get a condition to determine whether a fresh user presence proof should be required for this request.
com.google.common.base.Predicate<ProfileRequestContext>	getIncludeAttributeStatementPredicate() Get a condition to determine whether responses to the authentication request should include an attribute statement.
long	getMaximumSPSessionLifetime() Get the maximum amount of time, in milliseconds, the service provider should maintain a session for the user based on the authentication assertion.
long	getMaximumTokenDelegationChainLength() Get the limits on the total number of delegates that may be derived from the initial SAML token.
List<String>	getNameIDFormatPrecedence()
List<String>	getPostAuthenticationFlows()
com.google.common.base.Predicate<ProfileRequestContext>	getResolveAttributesPredicate() Get a condition to determine whether attributes should be resolved during the profile.
com.google.common.base.Predicate<ProfileRequestContext>	getSkipEndpointValidationWhenSignedPredicate() Get condition to determine whether the response endpoint should be validated if the request is signed.
boolean	includeAttributeStatement() Deprecated. Use getIncludeAttributeStatementPredicate() instead.
boolean	isAllowingDelegation() Get whether produced assertions may be delegated.
boolean	resolveAttributes() Deprecated. Use getResolveAttributesPredicate() instead.
void	setAllowDelegation(com.google.common.base.Predicate<ProfileRequestContext> predicate) Set the predicate used to determine if produced assertions may be delegated.
void	setAllowingDelegation(Boolean isAllowed) Deprecated.
void	setAuthenticationFlows(Collection<String> flows) Set the authentication flows to use.
void	setAuthenticationFlowsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Set<String>> strategy) Set a lookup strategy for the authenticationFlows property.
void	setDefaultAuthenticationMethods(Collection<AuthnContextClassRefPrincipal> contexts) Set the default authentication contexts to use, expressed as custom principals.
void	setDefaultAuthenticationMethodsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<AuthnContextClassRefPrincipal>> strategy) Set a lookup strategy for the defaultAuthenticationMethods property.
void	setForceAuthn(boolean flag) Set whether a fresh user presence proof should be required for this request.
void	setForceAuthnPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether a fresh user presence proof should be required for this request.
void	setIncludeAttributeStatement(boolean include) Set whether responses to the authentication request should include an attribute statement.
void	setIncludeAttributeStatementPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether responses to the authentication request should include an attribute statement.
void	setMaximumSPSessionLifetime(long lifetime) Set the maximum amount of time, in milliseconds, the service provider should maintain a session for the user based on the authentication assertion.
void	setMaximumSPSessionLifetimeLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Long> strategy) Set a lookup strategy for the maximumSPSessionLifetime property.
void	setMaximumTokenDelegationChainLength(long length) Set the limits on the total number of delegates that may be derived from the initial SAML token.
void	setMaximumTokenDelegationChainLengthLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Long> strategy) Set a lookup strategy for the maximumTokenDelegationChainLength property.
void	setNameIDFormatPrecedence(Collection<String> formats) Set the name identifier formats to use.
void	setNameIDFormatPrecedenceLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy) Set a lookup strategy for the nameIDFormatPrecedence property.
void	setPostAuthenticationFlows(Collection<String> flows) Set the ordered collection of post-authentication interceptor flows to enable.
void	setPostAuthenticationFlowsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy) Set a lookup strategy for the postAuthenticationFlows property.
void	setResolveAttributes(boolean flag) Set whether attributes should be resolved during the profile.
void	setResolveAttributesPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set a condition to determine whether attributes should be resolved during the profile.
void	setSkipEndpointValidationWhenSigned(boolean skip) Set whether the response endpoint should be validated if the request is signed.
void	setSkipEndpointValidationWhenSignedPredicate(com.google.common.base.Predicate<ProfileRequestContext> condition) Set condition to determine whether the response endpoint should be validated if the request is signed.
boolean	skipEndpointValidationWhenSigned() Deprecated. Use getSkipEndpointValidationWhenSignedPredicate() instead.

Methods inherited from class net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ArtifactAwareProfileConfiguration

getArtifactConfiguration, getClientTLSArtifactRequests, getSignArtifactRequests, setArtifactConfiguration, setArtifactConfigurationLookupStrategy, setClientTLSArtifactRequests, setSignArtifactRequests

Methods inherited from class net.shibboleth.idp.saml.saml2.profile.config.AbstractSAML2ProfileConfiguration

getEncryptAssertions, getEncryptAttributes, getEncryptionOptionalPredicate, getEncryptNameIDs, getProxyAudiences, getProxyCount, isEncryptionOptional, setEncryptAssertions, setEncryptAttributes, setEncryptionOptional, setEncryptionOptionalPredicate, setEncryptNameIDs, setProxyAudiences, setProxyAudiencesLookupStrategy, setProxyCount, setProxyCountLookupStrategy

Methods inherited from class net.shibboleth.idp.saml.profile.config.AbstractSAMLProfileConfiguration

getAdditionalAudiencesForAssertion, getAssertionLifetime, getInboundInterceptorFlows, getIncludeConditionsNotBeforePredicate, getSignAssertions, getSignRequests, getSignResponses, includeConditionsNotBefore, setAdditionalAudienceForAssertion, setAdditionalAudiencesForAssertion, setAssertionAudiencesLookupStrategy, setAssertionLifetime, setAssertionLifetimeLookupStrategy, setIncludeConditionsNotBefore, setIncludeConditionsNotBeforePredicate, setSignAssertions, setSignRequests, setSignResponses

Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

getActivationCondition, setActivationCondition

Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

equals, getDisallowedFeatures, getId, getIndirectProperty, getOutboundInterceptorFlows, getProfileRequestContext, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setSecurityConfiguration, setSecurityConfigurationLookupStrategy, setServletRequest

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.idp.saml.profile.config.SAMLProfileConfiguration

getAdditionalAudiencesForAssertion, getAssertionLifetime, getSignAssertions, getSignRequests, getSignResponses, includeConditionsNotBefore

Field Detail

PROFILE_ID

public static final String PROFILE_ID

ID for this profile configuration.

See Also:

Constant Field Values

FEATURE_AUTHNCONTEXT

public static final int FEATURE_AUTHNCONTEXT

Bit constant for RequestedAuthnContext feature.

See Also:

Constant Field Values

resolveAttributesPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> resolveAttributesPredicate

Whether attributes should be resolved in the course of the profile.

includeAttributeStatementPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> includeAttributeStatementPredicate

Whether responses to the authentication request should include an attribute statement.

forceAuthnPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> forceAuthnPredicate

Whether to mandate forced authentication for the request.

skipEndpointValidationWhenSignedPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> skipEndpointValidationWhenSignedPredicate

Whether the response endpoint should be validated if the request is signed.

maximumSPSessionLifetimeLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Long> maximumSPSessionLifetimeLookupStrategy

Lookup function to supply maximumSPSessionLifetime property.

maximumSPSessionLifetime

@Duration
@NonNegative
private long maximumSPSessionLifetime

The maximum amount of time, in milliseconds, the service provider should maintain a session for the user. A value of 0 (the default) indicates no cap is put on the SP's session lifetime.

allowDelegationPredicate

@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> allowDelegationPredicate

The predicate used to determine if produced assertions may be delegated.

maximumTokenDelegationChainLengthLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Long> maximumTokenDelegationChainLengthLookupStrategy

Lookup function to supply maximumTokenDelegationChainLength property.

maximumTokenDelegationChainLength

@NonNegative
private long maximumTokenDelegationChainLength

Limits the total number of delegates that may be derived from the initial SAML token. Default value: 1.

defaultAuthenticationContextsLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<AuthnContextClassRefPrincipal>> defaultAuthenticationContextsLookupStrategy

Lookup function to supply defaultAuthenticationContexts property.

defaultAuthenticationContexts

@Nonnull
@NonnullElements
private List<AuthnContextClassRefPrincipal> defaultAuthenticationContexts

Selects, and limits, the authentication contexts to use for requests.

authenticationFlowsLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Set<String>> authenticationFlowsLookupStrategy

Lookup function to supply authenticationFlows property.

authenticationFlows

@Nonnull
@NonnullElements
private Set<String> authenticationFlows

Filters the usable authentication flows.

postAuthenticationFlowsLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<String>> postAuthenticationFlowsLookupStrategy

Lookup function to supply postAuthenticationFlows property.

postAuthenticationFlows

@Nonnull
@NonnullElements
private List<String> postAuthenticationFlows

Enables post-authentication interceptor flows.

nameIDFormatPrecedenceLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<String>> nameIDFormatPrecedenceLookupStrategy

Lookup function to supply nameIDFormatPrecedence property.

nameIDFormatPrecedence

@Nonnull
@NonnullElements
private List<String> nameIDFormatPrecedence

Precedence of name identifier formats to use for requests.

Constructor Detail

BrowserSSOProfileConfiguration

public BrowserSSOProfileConfiguration()

Constructor.

BrowserSSOProfileConfiguration

protected BrowserSSOProfileConfiguration(@Nonnull@NotEmpty
                              String profileId)

Constructor.

Parameters:

profileId - unique ID for this profile

Method Detail

resolveAttributes

@Deprecated
public boolean resolveAttributes()

Deprecated. Use getResolveAttributesPredicate() instead.

Get whether attributes should be resolved during the profile.

Default is true

Returns:

true iff attributes should be resolved

setResolveAttributes

public void setResolveAttributes(boolean flag)

Set whether attributes should be resolved during the profile.

Parameters:

flag - flag to set

getResolveAttributesPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getResolveAttributesPredicate()

Get a condition to determine whether attributes should be resolved during the profile.

Returns:

condition

Since:

3.3.0

setResolveAttributesPredicate

public void setResolveAttributesPredicate(@Nonnull
                                 com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether attributes should be resolved during the profile.

Parameters:

condition - condition to set

Since:

3.3.0

includeAttributeStatement

@Deprecated
public boolean includeAttributeStatement()

Deprecated. Use getIncludeAttributeStatementPredicate() instead.

Get whether responses to the authentication request should include an attribute statement.

Default is true

Returns:

whether responses to the authentication request should include an attribute statement

setIncludeAttributeStatement

public void setIncludeAttributeStatement(boolean include)

Set whether responses to the authentication request should include an attribute statement.

Parameters:

include - flag to set

getIncludeAttributeStatementPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getIncludeAttributeStatementPredicate()

Get a condition to determine whether responses to the authentication request should include an attribute statement.

Returns:

condition

Since:

3.3.0

setIncludeAttributeStatementPredicate

public void setIncludeAttributeStatementPredicate(@Nonnull
                                         com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether responses to the authentication request should include an attribute statement.

Parameters:

condition - condition to set

Since:

3.3.0

getForceAuthnPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getForceAuthnPredicate()

Get a condition to determine whether a fresh user presence proof should be required for this request.

Returns:

condition

Since:

3.4.0

setForceAuthnPredicate

public void setForceAuthnPredicate(@Nonnull
                          com.google.common.base.Predicate<ProfileRequestContext> condition)

Set a condition to determine whether a fresh user presence proof should be required for this request.

Parameters:

condition - condition to set

Since:

3.4.0

setForceAuthn

public void setForceAuthn(boolean flag)

Set whether a fresh user presence proof should be required for this request.

Parameters:

flag - flag to set

Since:

3.4.0

skipEndpointValidationWhenSigned

@Deprecated
public boolean skipEndpointValidationWhenSigned()

Deprecated. Use getSkipEndpointValidationWhenSignedPredicate() instead.

Get whether the response endpoint should be validated if the request is signed.

Returns:

whether the response endpoint should be validated if the request is signed

setSkipEndpointValidationWhenSigned

public void setSkipEndpointValidationWhenSigned(boolean skip)

Set whether the response endpoint should be validated if the request is signed.

Parameters:

skip - whether the response endpoint should be validated if the request is signed

getSkipEndpointValidationWhenSignedPredicate

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getSkipEndpointValidationWhenSignedPredicate()

Get condition to determine whether the response endpoint should be validated if the request is signed.

Returns:

condition

Since:

3.3.0

setSkipEndpointValidationWhenSignedPredicate

public void setSkipEndpointValidationWhenSignedPredicate(@Nonnull
                                                com.google.common.base.Predicate<ProfileRequestContext> condition)

Set condition to determine whether the response endpoint should be validated if the request is signed.

Parameters:

condition - condition to set

Since:

3.3.0

getMaximumSPSessionLifetime

@NonNegative
@Duration
public long getMaximumSPSessionLifetime()

Get the maximum amount of time, in milliseconds, the service provider should maintain a session for the user based on the authentication assertion. A value of 0 is interpreted as an unlimited lifetime.

Returns:

max lifetime of service provider should maintain a session

setMaximumSPSessionLifetime

@Duration
public void setMaximumSPSessionLifetime(@Duration@NonNegative
                                        long lifetime)

Set the maximum amount of time, in milliseconds, the service provider should maintain a session for the user based on the authentication assertion. A value of 0 is interpreted as an unlimited lifetime.

Parameters:

lifetime - max lifetime of service provider should maintain a session

setMaximumSPSessionLifetimeLookupStrategy

public void setMaximumSPSessionLifetimeLookupStrategy(@Nullable
                                             com.google.common.base.Function<ProfileRequestContext,Long> strategy)

Set a lookup strategy for the maximumSPSessionLifetime property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getAllowingDelegation

@Deprecated
public Boolean getAllowingDelegation()

Deprecated. use instead getAllowDelegation() predicate

Get whether produced assertions may be delegated.

Returns:

whether produced assertions may be delegated, as a Boolean. May be null.

setAllowingDelegation

@Deprecated
public void setAllowingDelegation(Boolean isAllowed)

Deprecated.

Set whether produced assertions may be delegated.

Parameters:

isAllowed - whether produced assertions may be delegated

isAllowingDelegation

public boolean isAllowingDelegation()

Get whether produced assertions may be delegated.

Returns:

whether produced assertions may be delegated

getAllowDelegation

@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getAllowDelegation()

Get the predicate used to determine if produced assertions may be delegated.

Returns:

predicate used to determine if produced assertions may be delegated

setAllowDelegation

public void setAllowDelegation(@Nonnull
                      com.google.common.base.Predicate<ProfileRequestContext> predicate)

Set the predicate used to determine if produced assertions may be delegated.

Parameters:

predicate - used to determine if produced assertions may be delegated

getMaximumTokenDelegationChainLength

@NonNegative
public long getMaximumTokenDelegationChainLength()

Get the limits on the total number of delegates that may be derived from the initial SAML token.

Returns:

the limit on the total number of delegates that may be derived from the initial SAML token

setMaximumTokenDelegationChainLength

public void setMaximumTokenDelegationChainLength(@NonNegative
                                        long length)

Set the limits on the total number of delegates that may be derived from the initial SAML token.

Parameters:

length - the limit on the total number of delegates that may be derived from the initial SAML token

setMaximumTokenDelegationChainLengthLookupStrategy

public void setMaximumTokenDelegationChainLengthLookupStrategy(@Nullable
                                                      com.google.common.base.Function<ProfileRequestContext,Long> strategy)

Set a lookup strategy for the maximumTokenDelegationChainLength property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getDefaultAuthenticationMethods

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<Principal> getDefaultAuthenticationMethods()

Specified by:

getDefaultAuthenticationMethods in interface AuthenticationProfileConfiguration

setDefaultAuthenticationMethods

public void setDefaultAuthenticationMethods(@Nullable@NonnullElements
                                   Collection<AuthnContextClassRefPrincipal> contexts)

Set the default authentication contexts to use, expressed as custom principals.

Parameters:

contexts - default authentication contexts to use

setDefaultAuthenticationMethodsLookupStrategy

public void setDefaultAuthenticationMethodsLookupStrategy(@Nullable
                                                 com.google.common.base.Function<ProfileRequestContext,Collection<AuthnContextClassRefPrincipal>> strategy)

Set a lookup strategy for the defaultAuthenticationMethods property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getAuthenticationFlows

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public Set<String> getAuthenticationFlows()

Specified by:

getAuthenticationFlows in interface AuthenticationProfileConfiguration

setAuthenticationFlows

public void setAuthenticationFlows(@Nullable@NonnullElements
                          Collection<String> flows)

Set the authentication flows to use.

Parameters:

flows - flow identifiers to use

setAuthenticationFlowsLookupStrategy

public void setAuthenticationFlowsLookupStrategy(@Nullable
                                        com.google.common.base.Function<ProfileRequestContext,Set<String>> strategy)

Set a lookup strategy for the authenticationFlows property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getPostAuthenticationFlows

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<String> getPostAuthenticationFlows()

Specified by:

getPostAuthenticationFlows in interface AuthenticationProfileConfiguration

setPostAuthenticationFlows

public void setPostAuthenticationFlows(@Nullable@NonnullElements
                              Collection<String> flows)

Set the ordered collection of post-authentication interceptor flows to enable.

Parameters:

flows - flow identifiers to enable

setPostAuthenticationFlowsLookupStrategy

public void setPostAuthenticationFlowsLookupStrategy(@Nullable
                                            com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy)

Set a lookup strategy for the postAuthenticationFlows property.

Parameters:

strategy - lookup strategy

Since:

3.3.0

getNameIDFormatPrecedence

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public List<String> getNameIDFormatPrecedence()

Specified by:

getNameIDFormatPrecedence in interface AuthenticationProfileConfiguration

setNameIDFormatPrecedence

public void setNameIDFormatPrecedence(@Nonnull@NonnullElements
                             Collection<String> formats)

Set the name identifier formats to use.

Parameters:

formats - name identifier formats to use

setNameIDFormatPrecedenceLookupStrategy

public void setNameIDFormatPrecedenceLookupStrategy(@Nullable
                                           com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy)

Set a lookup strategy for the nameIDFormatPrecedence property.

Parameters:

strategy - lookup strategy

Since:

3.3.0