Class ResponseValidationSettings
java.lang.Object
se.swedenconnect.opensaml.saml2.response.validation.ResponseValidationSettings
Configuration settings for response and assertion validation.
- Author:
- Martin Lindström (martin@idsec.se)
-
Field Summary
Modifier and TypeFieldDescriptionstatic final Duration
The default allowed clock skew (in milliseconds) - 30 seconds.static final Duration
The default age for a response message that we allow (in milliseconds) - 3 minutes.static final Duration
Default max session age (in milliseconds) - 1 hour. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionReturns the allowed clock skew.Returns the maximum allowed "age" of a response message.Returns the maximum session age allowed for SSO.boolean
Do we require signed assertions?boolean
Predicate telling whether strict validation should be performed.void
setAllowedClockSkew
(Duration allowedClockSkew) Assigns the allowed clock skew.void
setMaxAgeResponse
(Duration maxAgeResponse) Assigns the maximum allowed "age" of a response messagevoid
setMaxSessionAge
(Duration maxSessionAge) Assigns the maximum session age allowed for SSO.void
setRequireSignedAssertions
(boolean requireSignedAssertions) Assigns whether we require signed assertions.void
setStrictValidation
(boolean strictValidation) Assigns telling whether strict validation should be performed.toString()
-
Field Details
-
DEFAULT_ALLOWED_CLOCK_SKEW
The default allowed clock skew (in milliseconds) - 30 seconds. -
DEFAULT_MAX_AGE_RESPONSE
The default age for a response message that we allow (in milliseconds) - 3 minutes. -
DEFAULT_MAX_SESSION_AGE
Default max session age (in milliseconds) - 1 hour.
-
-
Constructor Details
-
ResponseValidationSettings
public ResponseValidationSettings()
-
-
Method Details
-
getAllowedClockSkew
Returns the allowed clock skew.The default is
DEFAULT_ALLOWED_CLOCK_SKEW
.- Returns:
- the allowed clock skew
-
setAllowedClockSkew
Assigns the allowed clock skew.The default is
DEFAULT_ALLOWED_CLOCK_SKEW
.- Parameters:
allowedClockSkew
- the allowed clock skew
-
getMaxAgeResponse
Returns the maximum allowed "age" of a response message.The default is
DEFAULT_MAX_AGE_RESPONSE
.- Returns:
- the maximum allowed "age" of a response message
-
setMaxAgeResponse
Assigns the maximum allowed "age" of a response messageThe default is
DEFAULT_MAX_AGE_RESPONSE
.- Parameters:
maxAgeResponse
- the maximum allowed "age" of a response message
-
getMaxSessionAge
Returns the maximum session age allowed for SSO.The default is
DEFAULT_MAX_SESSION_AGE
.- Returns:
- the maximum session age allowed for SSO
-
setMaxSessionAge
Assigns the maximum session age allowed for SSO.The default is
DEFAULT_MAX_SESSION_AGE
.- Parameters:
maxSessionAge
- the maximum session age allowed for SSO
-
isStrictValidation
public boolean isStrictValidation()Predicate telling whether strict validation should be performed.The default is
false
.- Returns:
- whether strict validation should be performed
-
setStrictValidation
public void setStrictValidation(boolean strictValidation) Assigns telling whether strict validation should be performed.The default is
false
.- Parameters:
strictValidation
- whether strict validation should be performed
-
isRequireSignedAssertions
public boolean isRequireSignedAssertions()Do we require signed assertions?Should correspond the
WantAssertionsSigned
of the SP metadata.- Returns:
- do we require signed assertions?
-
setRequireSignedAssertions
public void setRequireSignedAssertions(boolean requireSignedAssertions) Assigns whether we require signed assertions.Should correspond the
WantAssertionsSigned
of the SP metadata.- Parameters:
requireSignedAssertions
- whether we require signed assertions?
-
toString
-