Interface SecurityConfiguration

All Known Implementing Classes:
AbstractSecurityConfiguration, DefaultSecurityConfiguration, SAML2IntSecurityConfiguration

public interface SecurityConfiguration
An interface that enables us to work with security configurations and defaults in a simple fashion.

The OpenSAML ConfigurationService singleton may be queried for the configuration to use for a certain security operation. For example, to get the EncryptionConfiguration to use, the following code gives us the config for an encryption operation:


 EncryptionConfiguration encryptionConfiguration = ConfigurationService.get(EncryptionConfiguration.class);
 

This is simple and straightforward, and you should probably stick with that way of getting the system defaults for security configuration. However, in some cases, for example when a SAML SP or IdP should support several different profiles regarding security configuration the above doesn't work that well. In these cases you may instantiate different SecurityConfiguration objects with different defaults, and use those objects to query for the security configuration.

SecurityConfiguration saml2intConfig = setupSaml2intConfig();
 ...
 EncryptionConfig config = saml2intConfig.getEncryptionConfiguration();

When OpenSAML is initialized (using InitializationService.initialize()) the ConfigurationService will be assigned the default values from the DefaultSecurityConfigurationBootstrap class. After OpenSAML has been initialized it is possible to modify these defaults by replacing the stored default objects.

EncryptionConfiguration myEncryptionConfiguration = ...;
 ... a lot of code setting algorithms ...
 ConfigurationService.register(EncryptionConfiguration.class, myEncryptionConfiguration);

By using a SecurityConfiguration object this step may be simplified. For example, to configure the system to use the SAML2Int algorithm requirements you simply do:

SecurityConfiguration saml2intConfig = new SAML2IntSecurityConfiguration();
 saml2intConfig.initOpenSAML();

If you use the OpenSAMLInitializer you can do the following instead:

OpenSAMLInitializer.getInstance().initialize(
   new OpenSAMLSecurityExtensionConfig(),
   new OpenSAMLSecurityDefaultsConfig(new SAML2IntSecurityConfiguration()));
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Method Summary

    Modifier and Type
    Method
    Description
    org.opensaml.xmlsec.DecryptionConfiguration
    Returns the decryption configuration that has been configured.
    org.opensaml.xmlsec.EncryptionConfiguration
    Returns the encryption configuration that has been configured.
    Gets the profile name of this configuration setup.
    org.opensaml.xmlsec.SignatureSigningConfiguration
    Returns the signing configuration that has been configued.
    org.opensaml.xmlsec.SignatureValidationConfiguration
    Returns the signature validation configuration that has been configured.
    void
    Initializes OpenSAML with the defaults that has been installed for this instance.
  • Method Details

    • getProfileName

      String getProfileName()
      Gets the profile name of this configuration setup.
      Returns:
      the profile name
    • getEncryptionConfiguration

      org.opensaml.xmlsec.EncryptionConfiguration getEncryptionConfiguration()
      Returns the encryption configuration that has been configured.
      Returns:
      encryption configuration
    • getDecryptionConfiguration

      org.opensaml.xmlsec.DecryptionConfiguration getDecryptionConfiguration()
      Returns the decryption configuration that has been configured.
      Returns:
      decryption configuration
    • getSignatureSigningConfiguration

      org.opensaml.xmlsec.SignatureSigningConfiguration getSignatureSigningConfiguration()
      Returns the signing configuration that has been configued.
      Returns:
      signing configuration
    • getSignatureValidationConfiguration

      org.opensaml.xmlsec.SignatureValidationConfiguration getSignatureValidationConfiguration()
      Returns the signature validation configuration that has been configured.
      Returns:
      signature validation configuration
    • initOpenSAML

      void initOpenSAML() throws org.opensaml.core.config.InitializationException
      Initializes OpenSAML with the defaults that has been installed for this instance.

      ConfigurationService.register(XXXConfiguration.class, xxxConfiguration);

      Throws:
      org.opensaml.core.config.InitializationException - for initialization errors