Package se.swedenconnect.opensaml.saml2.metadata

Class HolderOfKeyMetadataSupport

java.lang.Object
se.swedenconnect.opensaml.saml2.metadata.HolderOfKeyMetadataSupport
public class HolderOfKeyMetadataSupport extends Object
Support methods for holder-of-key specific metadata elements.
Author:
Martin Lindström (martin@idsec.se)

  • Field Details

    • HOK_WEBSSO_PROFILE_URI

      public static final String HOK_WEBSSO_PROFILE_URI
      URI identifier for the Holder-of-key profile URI.
      See Also:

    • HOK_PROTOCOL_BINDING_ATTRIBUTE

      public static final QName HOK_PROTOCOL_BINDING_ATTRIBUTE
      The QName for the HoK ProtocolBinding attribute.

  • Method Details

    • getHokSingleSignOnServices

      public static List<org.opensaml.saml.saml2.metadata.SingleSignOnService> getHokSingleSignOnServices(org.opensaml.saml.saml2.metadata.IDPSSODescriptor ssoDescriptor)
      Given an IDPSSODescriptor element the method locates all SingleSignOnService elements that have a Binding attribute set to "urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser", i.e., a service element for Holder-of-key.
      Parameters:
      ssoDescriptor - the IDPSSODescriptor
      Returns:
      a (possible empty) list of matching SingleSignOnService objects

    • getHoKSingleSignOnService

      public static org.opensaml.saml.saml2.metadata.SingleSignOnService getHoKSingleSignOnService(org.opensaml.saml.saml2.metadata.IDPSSODescriptor ssoDescriptor, String binding)
      Given an IDPSSODescriptor element and a binding (redirect/post), the method locates a matching SingleSignOnService Holder-of-key element.
      Parameters:
      ssoDescriptor - the IDPSSODescriptor
      binding - the actual binding URI
      Returns:
      a SingleSignOnService or null if no matching element is found

    • isHoKSingleSignOnService

      public static boolean isHoKSingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService sso)
      Predicate that tells if the supplied SingleSignOnService is a HoK endpoint.
      Parameters:
      sso - the SingleSignOnService to test
      Returns:
      true if the supplied object is a HoK endpoint and false otherwise

    • getHokAssertionConsumerServices

      public static List<org.opensaml.saml.saml2.metadata.AssertionConsumerService> getHokAssertionConsumerServices(org.opensaml.saml.saml2.metadata.SPSSODescriptor ssoDescriptor)
      Given an SPSSODescriptor element the method locates all AssertionConsumerService elements that have a Binding attribute set to "urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser", i.e., an endpoint for Holder-of-key.
      Parameters:
      ssoDescriptor - the SPSSODescriptor
      Returns:
      a (possible empty) list of matching AssertionConsumerService objects

    • getHokAssertionConsumerService

      public static org.opensaml.saml.saml2.metadata.AssertionConsumerService getHokAssertionConsumerService(org.opensaml.saml.saml2.metadata.SPSSODescriptor ssoDescriptor, String binding)
      Given an SPSSODescriptor element and a binding URI, the method locates a matching AssertionConsumerService Holder-of-key element.
      Parameters:
      ssoDescriptor - the SPSSODescriptor
      binding - the actual binding URI
      Returns:
      a AssertionConsumerService or null if no matching element is found

    • isHoKAssertionConsumerService

      public static boolean isHoKAssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService acs)
      Predicate that tells if the supplied AssertionConsumerService is a HoK endpoint.
      Parameters:
      acs - the AssertionConsumerService to test
      Returns:
      true if the supplied object is a HoK endpoint and false otherwise