All Classes and Interfaces
Class
Description
A helper class that
Controllers that implement "external user authentication" may inherit from.Abstract base class for
MessageReplayChecker.Abstract base class for the
NameIDGenerator interface.Abstract base class for all events published by the SAML IdP.
Abstract base class for an
ApplicationListener for SAML2 events.Base implementation for configuration settings.
A builder for subclasses of
AbstractSettings.Abstract base class for
UserAuthenticationProvider.Abstract base class implementing the
UserRedirectAuthenticationProvider interface.Asserts that the AssertionConsumerService information given in the
AuthnRequest is registered in the SAML
metadata.Settings that controls how SAML Assertions are issued.
A builder for
AssertionSettings.An interface that is used to decide which attributes that should be released in an
Assertion.The
AttributeReleaseManager is an AttributeProducer configured with a list of
AttributeProducers and a list of AttributeReleaseVoters.An enumeration acting as the result for a
AttributeReleaseVoter.AttributeReleaseVoters are used by the AttributeReleaseManager to check if attributes returned from
AttributeProducers should be released or not.An interface that defines how an
AuditEvent is written to a string, and read from a string.For creating Redis
AuditEventRepository beans.Autoconfiguration for auditing support where an
AuditEventRepository is created.Configuration properties for auditing.
For audit logging to a file.
For in-memory audit logging.
For using the underlying log system to handle audit events.
For Redis storage of audit entries.
An interface representing the authentication requirements that we deduce from an
AuthnRequest message and the
sending service provider's EntityDescriptor.A builder for
AuthenticationRequirements.An
AuthnRequestValidator that asserts that the SP has capabilities to receive an encrypted assertion.A
AuthnRequestValidator for protecting against message replay attacks.Implementation of a
AuthnRequestValidator using OpenSAML mechanisms to verify the signature of the
AuthnRequest.A genric interface for performing validation of an
AuthnRequest.Base controller.
A
SsoVoter that checks basic conditions.Configuration class that registers converters for Spring converters needed to apply properties to configuration
properties classes.
Supports the eIDAS attributes Nationality, CountryOfResidence and CountryOfBirth.
Audit event for creating event objects concerning credentials monitoring.
Constants for all audit event types produced for credentials monitoring.
Configuration class for IdP credentials.
Settings for Identity Provider credentials.
A builder for
CredentialSettings.Date of birth.
The default
AttributeProducer that returns all attributes that are among the "requested list" (see
Saml2UserAuthentication.getAuthnRequirements()).Default implementation of the
AttributeReleaseManager interface.A
NameIDGeneratorFactory that implements the requirements regarding NameID's put by the
Technical Specifications for the Swedish eID
Framework.Default implementation of the
PrincipalSelectionProcessor interface.A helper for creating the HTML page that posts the response back to the Service Provider.
An implementation of the
Saml2MessageIDGenerator based on Shibboleth's
RandomIdentifierGenerationStrategy that ensures that XML-safe identifiers are generated.Default implementation of the
SignatureMessageExtensionExtractor interface.A delegating
AuditEventRepository that can be used to support multiple AuditEventRepository
instances.A delegating
PostAuthenticationProcessor that invokes
PostAuthenticationProcessor.process(Saml2UserAuthentication) on all configured processors (in order).Extends
Saml2Authentication with information about the issued assertion.Interface representing an eIDAS attribute value.
Helper class for convering eIDAS attribute values to and from
UserAttributes.A
RequestedAttributeProcessor that supports the eIDAS RequestedAttributes extension.Settings for the IdP endpoints.
A builder for
EndpointSettings.Support class for handling entity categories.
A
RequestedAttributeProcessor that extracts the requested attributes from declared entity categories.A repository used by subclasses of
AbstractUserRedirectAuthenticationProvider that needs to pick up the
tranferred RedirectForAuthenticationToken to serve as input for the user authentication.A write-only
AuditEventRepository that writes audit events to a file.Strategy for persisting a
RedirectForAuthenticationToken and ResumedAuthenticationToken between
requests.Abstract
AuditEventRepository that supports filtering of events.Representation of the eIDAS
GenderType attribute value.Configuration class for Identity Provider general settings.
Main configuration properties class for the SAML Identity Provider.
Configuration properties for assertion settings.
Configuration properties for the IdP credentials.
Configuration properties for endpoint configuration.
Configuration properties for IdP metadata.
Settings for the
ContactPerson metadata element.Settings for
md:EncryptionMethod elements.Settings for the
Organization metadata element.Settings for
alg:SigningMethod elements.Settings for the metadata
UIInfo element.Representation of a
Logo element.Configuration properties for metadata provider configuration.
Configuration properties for an HTTP proxy.
For configuring the message replay checker.
Session handling configuration.
Autoconfiguration class for setting up the
SecurityFilterChain for the SAML IdP.Identity Provider configuration settings.
A builder for
IdentityProviderSettings.Application main.
Configuration for the IdP.
An
ImplicitRequestedAttribute is used to represent a requested attribute when the requirement is "implicit",
meaning that it is not explicitly stated in an AuthnRequest or EntityDescriptor.A voter that always votes
AttributeReleaseVote.INCLUDE.An in-memory implementation of the
ReplayCache interface.A JSON
AuditEventMapper.A
AuditEventRepository that logs to a named
logger.An in-memory
AuditEventRepository that adds filtering support (compared to
InMemoryAuditEventRepository).Configuration class for setting up Spring Session to use an in-memory map for storing sessions.
Autoconfiguration for setting up a
MessageReplayChecker bean.For configuration of a
RedisReplayCache bean.Settings for configuring SAML metadata providers (resolvers).
A builder for
MetadataProviderSettings.Settings for representing HTTP proxy configuration.
A builder for
MetadataProviderSettings.HttpProxySettings.Utility methods for handling metadata providers.
A
RequestedAttributeProcessor that will check if the SAML SP metadata entry contains any requested attributes
by locating them in the AttributeConsumingService element.Configuration class that ensures that we have a
MetadataResolver bean.Settings for the IdP metadata.
A builder for
MetadataSettings.Configuration for ContactPerson metadata element.
A builder for
MetadataSettings.OrganizationSettings.ContactPerson types.
Configuration for EncryptionMethod metadata elements.
A builder for
MetadataSettings.EncryptionMethodSettings.Configuration for Organization metadata element.
A builder for
MetadataSettings.OrganizationSettings.Configuration for SigningMethod metadata elements.
A builder for
MetadataSettings.SigningMethodSettings.Configuration for UIInfo metadata element.
A builder for
MetadataSettings.UIInfoSettings.Configuration settings for
UIInfo.Logo elements.A builder for
MetadataSettings.UIInfoSettings.LogoSettings.Interface for a
NameID generator.A
NameIDGenerator is assigned each Saml2AuthnRequestAuthenticationToken when an AuthnRequest
is being processed.A
RequestedAttributeProcessor that finds requested attributes from the RequestedAttributes extension.Configuration class for initializing OpenSAML.
Utility methods for OpenSAML.
A
NameIDGenerator for generaring persistent NameIDs.eIDAS person identifier.
Place of birth.
After the user authentication a
Saml2UserAuthentication token is received.Extracts the
PrincipalSelection extension values.An
SsoVoter that checks that existing PrincipalSelection values corresponds with the previous
authentication.A
Converter that gets the property value (e.g., classpath:metadata.xml) and instantiates an
EntityDescriptor object.A
RedirectForAuthenticationToken is used in the cases where a SAML AuthenticationProvider wants to
inform the filter Saml2UserAuthenticationProcessingFilter that the user agent should be re-directed to a
given path to perform the user authentication.Autoconfiguration for auditing support where a Redis
AuditEventRepository is created.Autoconfiguration for Redis extensions.
An implementation of the
AuditEventRepository that uses Redis lists to store the events.A generic Redis
ReplayCache implementation.For setting up Spring Session using Redis.
Activates Redisson if Redis is configured and Redisson is in classpath.
Autoconfiguration for auditing support where a Redis
AuditEventRepository is created.Class for containing additional Redis cluster properties.
An entry for NAT translation.
Read mode from Redis cluster.
Condition class for checking whether to enable Redisson.
For configuring Redisson extensions.
Disables Redisson autoconfiguration.
An
AuditEventRepository implementation that uses Redis time series to store events.Configuration class that transforms the deprecated
RedisTlsProperties to a SslBundle.For registering a SslBunde based on TLS extension properties.
Spring Boot's Redis support does not enable us to configure SSL/TLS against the Redis server in a good way.
Configuration for a
KeyStore.An
AttributeProducer that releases all attributes found in the supplied
Saml2UserAuthentication token.A representation of a "requested attribute".
A processor for locating information about which user attributes that are requested.
A response page for posting back SAML responses.
A special purpose
Authentication token that is used when the user returns to the authentication flow after
"external" authentication.A representation of the
SADRequest extension as defined in
Signature
Activation Protocol for Federated Signing.Audit data for a SAML
Assertion.Representation of a SAML attribute.
The
Saml2AssertionBuilder is responsible for building SAML Assertions given
Saml2UserAuthentication objects.Base class for a SAML Audit data element.
Audit event for creating event objects for the SAML IdP.
Constants for all audit event types produced by the SAML IdP.
An audit data element for an
AuthnRequest.An
AuthenticationConverter responsible for decoding a SAML authentication request and checking that it is
correct.An
AuthenticationProvider that processes a Saml2AuthnRequestAuthenticationToken and if the processing
is succesful returns a Saml2UserAuthenticationInputToken.A configurer for configuring the
Saml2AuthnRequestAuthenticationProvider.An
Authentication object for a SAML authentication request.A
Filter that processes SAML AuthnRequest messages.A configurer for the processing of SAML2
AuthnRequest messages.Event that signals that a SAML2
AuthnRequest has been received.An event that signals that a SAML error response is being sent.
A
Filter responsible of sending SAML error response messages.An enum representing the different SAML error response messages that are handled in the system.
Exception class that when thrown will lead to a SAML error status message being sent.
Internal class used for serialization across SAML Identity Provider classes.
An event listener that handles the events publishes by the SAML IdP, translates them to audit events and publishes
them.
Configuration for SAML Identity Provider support.An
AbstractHttpConfigurer for SAML2 Identity Provider support.Since Spring have deprecated the use of
WebSecurityConfigurerAdapter and thinks that the setup of a
SecurityFilterChain should be component based, we have lost the easy way of modifying a Spring Security
configuration without having to dig really deep into how a particular feature is configured.A context that holds information of the Identity Provider runtime environment.
A holder of the
Saml2IdpContext that associates it with the current thread using a
ThreadLocal.An
ErrorAttributes implementation that intercepts UnrecoverableSaml2IdpException and adds the
following items to the result of Saml2IdpErrorAttributes.getErrorAttributes(WebRequest, ErrorAttributeOptions):
"idpErrorCode" - The enum name of the UnrecoverableSaml2IdpError.
"idpErrorMessageCode" - The message code describing the error
(UnrecoverableSaml2IdpError.getMessageCode()).
"idpErrorDescription" - The textual description (UnrecoverableSaml2IdpError.getDescription()).IdP specific
Auto-configuration to render errors via an MVC error controller.A SAML error view resolver for handling
UnrecoverableSaml2IdpException.A publisher for SAML IdP events.
Configurer for the metadata publishing endpoint.
A
Filter that processes requests to download the Identity Provider's metadata.An interface for generating ID attributes for SAML objects.
A
HttpMessageConverter that reads and writes EntityDescriptor objects.An event that is fired after the user has been authenticated by a
UserAuthenticationProvider but before we
filter release attributes and compile the SAML assertion.An event that is signalled before the user is handed over to the
UserAuthenticationProvider to be
authenticated.Attributes needed when creating a SAML
Response message.Audit data representing a SAML response.
Represents a SAML
Status.Builds a SAML
Response message.A class for posting back a SAML
Response to the client (Service Provider).A
Predicate that tells whether a SAML Service Provider sending an authentication request is accepted.A utility class that holds information about a SAML Service Provider that the IdP may want to use in its UI.
Representation of a logotype.
An event that signals that a successful SAML response is being sent.
Audit data for unrecoverable errors that are reported in the UI.
An event that is signalled if an
UnrecoverableSaml2IdpException is thrown.An
Authentication token that represents the authentication of a user.Remembers all (SAML) occurences where the user authentication has been used.
Record recording the usage time and requesting SP for an authentication.
A configurer for handling user authentication and issuance of SAML
Assertions.Audit data including information about the user authentication.
If the current authentication object is being re-used, i.e., if SSO was applied, this object holds information
about the instance when the user was authenticated.
An
Authentication class that represents the input to a user authentication process for a SAML IdP.A
Filter that intercept an SAML authentication request that has been verified and translated into a
Saml2UserAuthenticationInputToken.Representation of a user authenticated using SAML2.
Application main.
Main configuration class for the Demo SP application.
Configuration class for the Spring Security SAML SP.
Configuration properies for the SAML SP.
Main controller.
Utility class for storing OpenSAML objects in a serializable manner.
An implementation of the
FilterAuthenticationTokenRepository and ExternalAuthenticatorTokenRepository
interfaces that is session based.A representation of the
SignMessage extension as specified in section 3.1.2 of DSS
Extension for Federated Central Signing Services.The contract for extracting, and possibly decrypting, a
SignMessage extension.An interface that defines pre-processing of signature messages before they are displayed.
An
SsoVoter that ensures that SAML service providers that are registered as "signature services" never get
SSO.The controller handling user authentication.
Simulated authentication provider.
An
Authentication token for our simulated authentication process.A simulated user.
An
UserDetailsManager implementation for simulated users.An interface used by
AbstractUserAuthenticationProvider to check if an Authentication object from a
previous authentication may be used for SSO.An
AttributeProducer that releases attributes according to the
Technical Specifications for the Swedish eID
Framework.A voter functioning according to the rules specified in
Technical Specifications for the Swedish eID
Framework.
A
PostAuthenticationProcessor that applies the rules of Sweden Connect, see
Technical Specifications for the Swedish eID
Framework.A
ResponsePage implementation that uses a Thymeleaf template engine.A
NameIDGenerator for generaring transient NameIDs.Base class for
TransliterationStringType values.Model class for representing a selectable language in the UI.
An enum representing unrecoverable SAML errors, i.e., such errors that can not be signalled back to the SAML SP.
Base class for unrecoverable SAML errors, i.e., such errors that can not be signalled back to the SAML SP.
Dummy
Authentication class that can be used if no Authentication object is available but the
AuthnRequest ID and SP entityID are known.A representation of a user (identity) attribute.
Class used to store attribute value types that we don't know how to parse.
Interface for an
AuthenticationProvider that implements SAML2 Identity Provider user authentication.Representation of a
UserMessage, see User
Message Extension in SAML Authentication Requests.An interface that defines pre-processing of user messages before they are displayed.
If the user authentication is performed outside the SAML IdP Spring Security flow an
UserRedirectAuthenticationProvider should be provided.Configuration for simulated users.