Interface AuthnRequestGeneratorContext


public interface AuthnRequestGeneratorContext
Defines a context which can be used to control how AuthnRequestGenerator.generateAuthnRequest(String, String, AuthnRequestGeneratorContext) creates an authentication request.
Author:
Martin Lindström (martin@idsec.se)
  • Method Details

    • getPreferredBinding

      default String getPreferredBinding()
      Gets the binding to use when generating a request (redirect/POST).

      This binding will be used in all cases except when the IdP does not support the binding.

      The default implementation returns "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".

      Returns:
      the preferred binding
    • getHokRequirement

      default AuthnRequestGeneratorContext.HokRequirement getHokRequirement()
      Gets the SP requirement for using the Holder-of-key profile. The default is that the SP does not support HoK.
      Returns:
      a HoK requirement
    • getForceAuthnAttribute

      default Boolean getForceAuthnAttribute()
      Gets the ForceAuthn attribute value.

      The default implementation returns true.

      If null is returned, the ForceAuthn attribute will not be included.

      Returns:
      the ForceAuthn attribute
    • getIsPassiveAttribute

      default Boolean getIsPassiveAttribute()
      Gets the IsPassive attribute value.

      The default implementation returns null.

      If null is returned, the IsPassive attribute will not be included.

      Returns:
      the IsPassive attribute
    • getSignatureSigningConfiguration

      default org.opensaml.xmlsec.SignatureSigningConfiguration getSignatureSigningConfiguration()
      If a signature configuration, other than the default (SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration()) should be used to sign the request this method should return this configuration.

      The default implementation returns null.

      Returns:
      the signature configuration, or null
    • getAssertionConsumerServiceResolver

      default AuthnRequestGeneratorContext.AssertionConsumerServiceResolver getAssertionConsumerServiceResolver()
      Gets the AuthnRequestGeneratorContext.AssertionConsumerServiceResolver to use for resolving which AssertionConsumerService to use and whether to produce an AssertionConsumerServiceURL or AssertionConsumerServiceIndex attribute.

      The default implementation will return a AssertionConsumerServiceURL based on (1) isDefault attribute and (2) the lowest Index.

      Returns:
      a function for resolving AssertionConsumerService elements
    • getAttributeConsumingServiceIndexResolver

      default AuthnRequestGeneratorContext.AttributeConsumingServiceIndexResolver getAttributeConsumingServiceIndexResolver()
      Gets the resolver function for determining how to create the AttributeConsumingServiceIndex attribute.

      The default implementation returns null, meaning that no attribute is added.

      Returns:
      a resolver function
    • getNameIDPolicyBuilderFunction

      default AuthnRequestGeneratorContext.NameIDPolicyBuilderFunction getNameIDPolicyBuilderFunction()
      Gets the builder for creating a NameIDPolicy element.

      The default implementation will use the first NameIDFormat in the list and create a NameIDPolicy element with this value as the Format attribute and the AllowCreate set to true. If the supplied list is empty, the format will be set to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

      Returns:
      a builder function
    • getRequestedAuthnContextBuilderFunction

      default AuthnRequestGeneratorContext.RequestedAuthnContextBuilderFunction getRequestedAuthnContextBuilderFunction()
      Gets the builder function for creating the RequestedAuthnContext element to add to the AuthnRequest.

      The default implementation will create a RequestedAuthnContext object with exact matching and all assurance certification URI:s included in the supplied list.

      Returns:
      a function that returns a RequestedAuthnContext (or null).
    • getAuthnRequestCustomizer

      default AuthnRequestGeneratorContext.AuthnRequestCustomizer getAuthnRequestCustomizer()
      Gets the AuthnRequestGeneratorContext.AuthnRequestCustomizer.

      The default implementation returns a NO-OP consumer, meaning no customizations are done.

      Returns:
      a consumer working on the AuthnRequest object being built
    • getOverrideSignCredential

      default org.opensaml.security.x509.X509Credential getOverrideSignCredential()
      The AuthnRequestGenerator is normally configured with a signing credential AuthnRequestGenerator.getSignCredential(). This method exist so that we may override the default credential. Mainly for testing purposes.

      The default implementation returns null.

      Returns:
      the signing credential to use, or null if no override should be done