Package se.swedenconnect.opensaml.saml2.request

Interface AuthnRequestGeneratorContext

public interface AuthnRequestGeneratorContext

Defines a context which can be used to control how AuthnRequestGenerator.generateAuthnRequest(String, String, AuthnRequestGeneratorContext) creates an authentication request.

Author:

Martin Lindström (martin@idsec.se)

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	AuthnRequestGeneratorContext.AssertionConsumerServiceResolver	When the generator is about to add the AssertionConsumerServiceURL or AssertionConsumerServiceIndex attribute it will invoke the getAssertionConsumerServiceResolver() method in order to get a function that given all possible AssertionConsumerService elements (found in the SP metadata) will either return a String (holding the AssertionConsumerServiceURL to use) or an Integer (holding the AssertionConsumerServiceIndex to use).
static interface	AuthnRequestGeneratorContext.AttributeConsumingServiceIndexResolver	If the SP metadata contains one or more AttributeConsumingService elements, the generator needs to know whether to include the AttributeConsumingServiceIndex attribute, and if so, which index to use.
static interface	AuthnRequestGeneratorContext.AuthnRequestCustomizer	When the generator is done building the AuthnRequest, but before it is signed, it will ask the getAuthnRequestCustomizer() method for the customizer that may operate and add customizations to the request object.
static enum	AuthnRequestGeneratorContext.HokRequirement	Enumeration that tells whether the Holder-of-key WebSSO profile is required, optional or not active.
static interface	AuthnRequestGeneratorContext.NameIDPolicyBuilderFunction	A NameIDPolicyBuilderFunction is used by the generator to create the NameIDPolicy element.
static interface	AuthnRequestGeneratorContext.RequestedAuthnContextBuilderFunction	The generator will need to know how to build the RequestedAuthnContext element that is to be included in the AuthnRequest.

Method Summary

Modifier and Type	Method	Description
default AuthnRequestGeneratorContext.AssertionConsumerServiceResolver	getAssertionConsumerServiceResolver()	Gets the AuthnRequestGeneratorContext.AssertionConsumerServiceResolver to use for resolving which AssertionConsumerService to use and whether to produce an AssertionConsumerServiceURL or AssertionConsumerServiceIndex attribute.
default AuthnRequestGeneratorContext.AttributeConsumingServiceIndexResolver	getAttributeConsumingServiceIndexResolver()	Gets the resolver function for determining how to create the AttributeConsumingServiceIndex attribute.
default AuthnRequestGeneratorContext.AuthnRequestCustomizer	getAuthnRequestCustomizer()	Gets the AuthnRequestGeneratorContext.AuthnRequestCustomizer.
default Boolean	getForceAuthnAttribute()	Gets the ForceAuthn attribute value.
default AuthnRequestGeneratorContext.HokRequirement	getHokRequirement()	Gets the SP requirement for using the Holder-of-key profile.
default Boolean	getIsPassiveAttribute()	Gets the IsPassive attribute value.
default AuthnRequestGeneratorContext.NameIDPolicyBuilderFunction	getNameIDPolicyBuilderFunction()	Gets the builder for creating a NameIDPolicy element.
default org.opensaml.security.x509.X509Credential	getOverrideSignCredential()	The AuthnRequestGenerator is normally configured with a signing credential (AuthnRequestGenerator#getSignCredential()}.
default String	getPreferredBinding()	Gets the binding to use when generating a request (redirect/POST).
default AuthnRequestGeneratorContext.RequestedAuthnContextBuilderFunction	getRequestedAuthnContextBuilderFunction()	Gets the builder function for creating the RequestedAuthnContext element to add to the AuthnRequest.
default org.opensaml.xmlsec.SignatureSigningConfiguration	getSignatureSigningConfiguration()	If a signature configuration, other than the default (SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration()) should be used to sign the request this method should return this configuration.

Method Details

getPreferredBinding

default String getPreferredBinding()

Gets the binding to use when generating a request (redirect/POST).

This binding will be used in all cases except when the IdP does not support the binding.

The default implementation returns "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".

Returns:

the preferred binding

getHokRequirement

default AuthnRequestGeneratorContext.HokRequirement getHokRequirement()

Gets the SP requirement for using the Holder-of-key profile. The default is that the SP does not support HoK.

Returns:

a HoK requirement

getForceAuthnAttribute

default Boolean getForceAuthnAttribute()

Gets the ForceAuthn attribute value.

The default implementation returns true.

If null is returned, the ForceAuthn attribute will not be included.

Returns:

the ForceAuthn attribute

getIsPassiveAttribute

default Boolean getIsPassiveAttribute()

Gets the IsPassive attribute value.

The default implementation returns null.

If null is returned, the IsPassive attribute will not be included.

Returns:

the IsPassive attribute

getSignatureSigningConfiguration

default org.opensaml.xmlsec.SignatureSigningConfiguration getSignatureSigningConfiguration()

If a signature configuration, other than the default (SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration()) should be used to sign the request this method should return this configuration.

The default implementation returns null.

Returns:

the signature configuration, or null

getAssertionConsumerServiceResolver

default AuthnRequestGeneratorContext.AssertionConsumerServiceResolver getAssertionConsumerServiceResolver()

Gets the AuthnRequestGeneratorContext.AssertionConsumerServiceResolver to use for resolving which AssertionConsumerService to use and whether to produce an AssertionConsumerServiceURL or AssertionConsumerServiceIndex attribute.

The default implementation will return a AssertionConsumerServiceURL based on (1) isDefault attribute and (2) the lowest Index.

Returns:

a function for resolving AssertionConsumerService elements

getAttributeConsumingServiceIndexResolver

default AuthnRequestGeneratorContext.AttributeConsumingServiceIndexResolver getAttributeConsumingServiceIndexResolver()

Gets the resolver function for determining how to create the AttributeConsumingServiceIndex attribute.

The default implementation returns null, meaning that no attribute is added.

Returns:

a resolver function

getNameIDPolicyBuilderFunction

default AuthnRequestGeneratorContext.NameIDPolicyBuilderFunction getNameIDPolicyBuilderFunction()

Gets the builder for creating a NameIDPolicy element.

The default implementation will use the first NameIDFormat in the list and create a NameIDPolicy element with this value as the Format attribute and the AllowCreate set to true. If the supplied list is empty, the format will be set to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

Returns:

a builder function

getRequestedAuthnContextBuilderFunction

default AuthnRequestGeneratorContext.RequestedAuthnContextBuilderFunction getRequestedAuthnContextBuilderFunction()

Gets the builder function for creating the RequestedAuthnContext element to add to the AuthnRequest.

The default implementation will create a RequestedAuthnContext object with exact matching and all assurance certification URI:s included in the supplied list.

Returns:

a function that returns a RequestedAuthnContext (or null).

getAuthnRequestCustomizer

default AuthnRequestGeneratorContext.AuthnRequestCustomizer getAuthnRequestCustomizer()

Gets the AuthnRequestGeneratorContext.AuthnRequestCustomizer.

The default implementation returns a NO-OP consumer, meaning no customizations are done.

Returns:

a consumer working on the AuthnRequest object being built

getOverrideSignCredential

default org.opensaml.security.x509.X509Credential getOverrideSignCredential()

The AuthnRequestGenerator is normally configured with a signing credential (AuthnRequestGenerator#getSignCredential()}. This method exist so that we may override the default credential. Mainly for testing purposes.

The default implementation returns null.

Returns:

the signing credential to use, or null if no override should be done