All Classes and Interfaces
Class
Description
A helper class that
Controllers that implement "external user authentication" may inherit from.Abstract base class for
MessageReplayChecker.Abstract base class for the
NameIDGenerator interface.Abstract base class for all events published by the SAML IdP.
Abstract base class for an
ApplicationListener for SAML2 events.Base implementation for configuration settings.
A builder for subclasses of
AbstractSettings.Abstract base class for
UserAuthenticationProvider.Abstract base class implementing the
UserRedirectAuthenticationProvider interface.Asserts that the AssertionConsumerService information given in the
AuthnRequest is registered in the SAML
metadata.Settings that controls how SAML Assertions are issued.
A builder for
AssertionSettings.An interface that is used to decide which attributes that should be released in an
Assertion.The
AttributeReleaseManager is an AttributeProducer configured with a list of
AttributeProducers and a list of AttributeReleaseVoters.An enumeration acting as the result for a
AttributeReleaseVoter.AttributeReleaseVoters are used by the AttributeReleaseManager to check if attributes returned from
AttributeProducers should be released or not.An interface that defines how an
AuditEvent is written to a string, and read from a string.An interface representing the authentication requirements that we deduce from an
AuthnRequest message and the
sending service provider's EntityDescriptor.A builder for
AuthenticationRequirements.An
AuthnRequestValidator that asserts that the SP has capabilities to receive an encrypted assertion.A
AuthnRequestValidator for protecting against message replay attacks.Implementation of a
AuthnRequestValidator using OpenSAML mechanisms to verify the signature of the
AuthnRequest.A genric interface for performing validation of an
AuthnRequest.A
SsoVoter that checks basic conditions.Supports the eIDAS attributes Nationality, CountryOfResidence and CountryOfBirth.
Audit event for creating event objects concerning credentials monitoring.
Constants for all audit event types produced for credentials monitoring.
Settings for Identity Provider credentials.
A builder for
CredentialSettings.Date of birth.
The default
AttributeProducer that returns all attributes that are among the "requested list" (see
Saml2UserAuthentication.getAuthnRequirements()).Default implementation of the
AttributeReleaseManager interface.A
NameIDGeneratorFactory that implements the requirements regarding NameID's put by the
Technical Specifications for the Swedish eID
Framework.Default implementation of the
PrincipalSelectionProcessor interface.A helper for creating the HTML page that posts the response back to the Service Provider.
An implementation of the
Saml2MessageIDGenerator based on Shibboleth's
RandomIdentifierGenerationStrategy that ensures that XML-safe identifiers are generated.Default implementation of the
SignatureMessageExtensionExtractor interface.A delegating
AuditEventRepository that can be used to support multiple AuditEventRepository
instances.A delegating
PostAuthenticationProcessor that invokes
PostAuthenticationProcessor.process(Saml2UserAuthentication) on all configured processors (in order).Interface representing an eIDAS attribute value.
Helper class for convering eIDAS attribute values to and from
UserAttributes.A
RequestedAttributeProcessor that supports the eIDAS RequestedAttributes extension.Settings for the IdP endpoints.
A builder for
EndpointSettings.Support class for handling entity categories.
A
RequestedAttributeProcessor that extracts the requested attributes from declared entity categories.A repository used by subclasses of
AbstractUserRedirectAuthenticationProvider that needs to pick up the
tranferred RedirectForAuthenticationToken to serve as input for the user authentication.A write-only
AuditEventRepository that writes audit events to a file.Strategy for persisting a
RedirectForAuthenticationToken and ResumedAuthenticationToken between
requests.Abstract
AuditEventRepository that supports filtering of events.Representation of the eIDAS
GenderType attribute value.Identity Provider configuration settings.
A builder for
IdentityProviderSettings.An
ImplicitRequestedAttribute is used to represent a requested attribute when the requirement is "implicit",
meaning that it is not explicitly stated in an AuthnRequest or EntityDescriptor.A voter that always votes
AttributeReleaseVote.INCLUDE.An in-memory implementation of the
ReplayCache interface.A JSON
AuditEventMapper.A
AuditEventRepository that logs to a named
logger.An in-memory
AuditEventRepository that adds filtering support (compared to
InMemoryAuditEventRepository).Settings for configuring SAML metadata providers (resolvers).
A builder for
MetadataProviderSettings.Settings for representing HTTP proxy configuration.
A builder for
MetadataProviderSettings.HttpProxySettings.Utility methods for handling metadata providers.
A
RequestedAttributeProcessor that will check if the SAML SP metadata entry contains any requested attributes
by locating them in the AttributeConsumingService element.Settings for the IdP metadata.
A builder for
MetadataSettings.Configuration for ContactPerson metadata element.
A builder for
MetadataSettings.OrganizationSettings.ContactPerson types.
Configuration for EncryptionMethod metadata elements.
A builder for
MetadataSettings.EncryptionMethodSettings.Configuration for Organization metadata element.
A builder for
MetadataSettings.OrganizationSettings.Configuration for SigningMethod metadata elements.
A builder for
MetadataSettings.SigningMethodSettings.Configuration for UIInfo metadata element.
A builder for
MetadataSettings.UIInfoSettings.Configuration settings for
UIInfo.Logo elements.A builder for
MetadataSettings.UIInfoSettings.LogoSettings.Interface for a
NameID generator.A
NameIDGenerator is assigned each Saml2AuthnRequestAuthenticationToken when an AuthnRequest
is being processed.A
RequestedAttributeProcessor that finds requested attributes from the RequestedAttributes extension.Utility methods for OpenSAML.
A
NameIDGenerator for generaring persistent NameIDs.eIDAS person identifier.
Place of birth.
After the user authentication a
Saml2UserAuthentication token is received.Extracts the
PrincipalSelection extension values.An
SsoVoter that checks that existing PrincipalSelection values corresponds with the previous
authentication.A
Converter that gets the property value (e.g., classpath:metadata.xml) and instantiates an
EntityDescriptor object.A
RedirectForAuthenticationToken is used in the cases where a SAML AuthenticationProvider wants to
inform the filter Saml2UserAuthenticationProcessingFilter that the user agent should be re-directed to a
given path to perform the user authentication.An implementation of the
AuditEventRepository that uses Redis lists to store the events.A generic Redis
ReplayCache implementation.An
AuditEventRepository implementation that uses Redis time series to store events.An
AttributeProducer that releases all attributes found in the supplied
Saml2UserAuthentication token.A representation of a "requested attribute".
A processor for locating information about which user attributes that are requested.
A response page for posting back SAML responses.
A special purpose
Authentication token that is used when the user returns to the authentication flow after
"external" authentication.A representation of the
SADRequest extension as defined in
Signature
Activation Protocol for Federated Signing.Audit data for a SAML
Assertion.Representation of a SAML attribute.
The
Saml2AssertionBuilder is responsible for building SAML Assertions given
Saml2UserAuthentication objects.Base class for a SAML Audit data element.
Audit event for creating event objects for the SAML IdP.
Constants for all audit event types produced by the SAML IdP.
An audit data element for an
AuthnRequest.An
AuthenticationConverter responsible for decoding a SAML authentication request and checking that it is
correct.An
AuthenticationProvider that processes a Saml2AuthnRequestAuthenticationToken and if the processing
is succesful returns a Saml2UserAuthenticationInputToken.A configurer for configuring the
Saml2AuthnRequestAuthenticationProvider.An
Authentication object for a SAML authentication request.A
Filter that processes SAML AuthnRequest messages.A configurer for the processing of SAML2
AuthnRequest messages.Event that signals that a SAML2
AuthnRequest has been received.An event that signals that a SAML error response is being sent.
A
Filter responsible of sending SAML error response messages.An enum representing the different SAML error response messages that are handled in the system.
Exception class that when thrown will lead to a SAML error status message being sent.
Internal class used for serialization across SAML Identity Provider classes.
An event listener that handles the events publishes by the SAML IdP, translates them to audit events and publishes
them.
Configuration for SAML Identity Provider support.An
AbstractHttpConfigurer for SAML2 Identity Provider support.Since Spring have deprecated the use of
WebSecurityConfigurerAdapter and thinks that the setup of a
SecurityFilterChain should be component based, we have lost the easy way of modifying a Spring Security
configuration without having to dig really deep into how a particular feature is configured.A context that holds information of the Identity Provider runtime environment.
A holder of the
Saml2IdpContext that associates it with the current thread using a
ThreadLocal.A publisher for SAML IdP events.
Configurer for the metadata publishing endpoint.
A
Filter that processes requests to download the Identity Provider's metadata.An interface for generating ID attributes for SAML objects.
A
HttpMessageConverter that reads and writes EntityDescriptor objects.An event that is fired after the user has been authenticated by a
UserAuthenticationProvider but before we
filter release attributes and compile the SAML assertion.An event that is signalled before the user is handed over to the
UserAuthenticationProvider to be
authenticated.Attributes needed when creating a SAML
Response message.Audit data representing a SAML response.
Represents a SAML
Status.Builds a SAML
Response message.A class for posting back a SAML
Response to the client (Service Provider).A
Predicate that tells whether a SAML Service Provider sending an authentication request is accepted.A utility class that holds information about a SAML Service Provider that the IdP may want to use in its UI.
Representation of a logotype.
An event that signals that a successful SAML response is being sent.
Audit data for unrecoverable errors that are reported in the UI.
An event that is signalled if an
UnrecoverableSaml2IdpException is thrown.An
Authentication token that represents the authentication of a user.Remembers all (SAML) occurences where the user authentication has been used.
Record recording the usage time and requesting SP for an authentication.
A configurer for handling user authentication and issuance of SAML
Assertions.Audit data including information about the user authentication.
If the current authentication object is being re-used, i.e., if SSO was applied, this object holds information
about the instance when the user was authenticated.
An
Authentication class that represents the input to a user authentication process for a SAML IdP.A
Filter that intercept an SAML authentication request that has been verified and translated into a
Saml2UserAuthenticationInputToken.Representation of a user authenticated using SAML2.
An implementation of the
FilterAuthenticationTokenRepository and ExternalAuthenticatorTokenRepository
interfaces that is session based.A representation of the
SignMessage extension as specified in section 3.1.2 of DSS
Extension for Federated Central Signing Services.The contract for extracting, and possibly decrypting, a
SignMessage extension.An interface that defines pre-processing of signature messages before they are displayed.
An
SsoVoter that ensures that SAML service providers that are registered as "signature services" never get
SSO.An interface used by
AbstractUserAuthenticationProvider to check if an Authentication object from a
previous authentication may be used for SSO.An
AttributeProducer that releases attributes according to the
Technical Specifications for the Swedish eID
Framework.A voter functioning according to the rules specified in
Technical Specifications for the Swedish eID
Framework.
A
PostAuthenticationProcessor that applies the rules of Sweden Connect, see
Technical Specifications for the Swedish eID
Framework.A
ResponsePage implementation that uses a Thymeleaf template engine.A
NameIDGenerator for generaring transient NameIDs.Base class for
TransliterationStringType values.An enum representing unrecoverable SAML errors, i.e., such errors that can not be signalled back to the SAML SP.
Base class for unrecoverable SAML errors, i.e., such errors that can not be signalled back to the SAML SP.
Dummy
Authentication class that can be used if no Authentication object is available but the
AuthnRequest ID and SP entityID are known.A representation of a user (identity) attribute.
Class used to store attribute value types that we don't know how to parse.
Interface for an
AuthenticationProvider that implements SAML2 Identity Provider user authentication.Representation of a
UserMessage, see User
Message Extension in SAML Authentication Requests.An interface that defines pre-processing of user messages before they are displayed.
If the user authentication is performed outside the SAML IdP Spring Security flow an
UserRedirectAuthenticationProvider should be provided.