Package se.swedenconnect.spring.saml.idp.authentication

Class Saml2AssertionBuilder

java.lang.Object

se.swedenconnect.spring.saml.idp.authentication.Saml2AssertionBuilder

public class Saml2AssertionBuilder
extends Object

The Saml2AssertionBuilder is responsible for building SAML Assertions given Saml2UserAuthentication objects.

Author:

Martin Lindström

Constructor Summary

Constructors

Constructor	Description
Saml2AssertionBuilder(String idpEntityId, PkiCredential signatureCredential, AttributeReleaseManager attributeReleaseManager)	Constructor.

Method Summary

Modifier and Type	Method	Description
org.opensaml.saml.saml2.core.Assertion	buildAssertion(Saml2UserAuthentication userAuthentication)	Given a Saml2UserAuthentication object a SAML Assertion is built.
void	setAssertionCustomizer(org.springframework.security.config.Customizer<org.opensaml.saml.saml2.core.Assertion> assertionCustomizer)	By assigning a Customizer the Assertion object that is built can be modified.
void	setIdGenerator(Saml2MessageIDGenerator idGenerator)	Assigns a custom ID generator.
void	setNotBeforeDuration(Duration notBeforeDuration)	Assigns the setting that tells the time restrictions the IdP puts on an Assertion concerning "not before".
void	setNotOnOrAfterDuration(Duration notOnOrAfterDuration)	Assigns the setting that tells the time restrictions the IdP puts on an Assertion concerning "not on or after".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Saml2AssertionBuilder

public Saml2AssertionBuilder(String idpEntityId,
 PkiCredential signatureCredential,
 AttributeReleaseManager attributeReleaseManager)

Constructor.

Parameters:

idpEntityId - the IdP entity ID

signatureCredential - the signature credential (for signing the assertion)

attributeReleaseManager - decides which attributes from the user token that should be released in the assertion

Method Details

buildAssertion

public org.opensaml.saml.saml2.core.Assertion buildAssertion(Saml2UserAuthentication userAuthentication)
                                                      throws Saml2ErrorStatusException,
UnrecoverableSaml2IdpException

Given a Saml2UserAuthentication object a SAML Assertion is built.

Parameters:

userAuthentication - the information about the user authentication

Returns:

an Assertion

Throws:

Saml2ErrorStatusException - for errors that should be reported back to the Service Provider

UnrecoverableSaml2IdpException - for unrecoverable errors

setAssertionCustomizer

public void setAssertionCustomizer(org.springframework.security.config.Customizer<org.opensaml.saml.saml2.core.Assertion> assertionCustomizer)

By assigning a Customizer the Assertion object that is built can be modified. The customizer is invoked when the Assertion object has been completely built, but before it is signed.

Parameters:

assertionCustomizer - a Customizer

setNotOnOrAfterDuration

public void setNotOnOrAfterDuration(Duration notOnOrAfterDuration)

Assigns the setting that tells the time restrictions the IdP puts on an Assertion concerning "not on or after". Defaults to AssertionSettings.NOT_ON_OR_AFTER_DURATION_DEFAULT.

Parameters:

notOnOrAfterDuration - duration

setNotBeforeDuration

public void setNotBeforeDuration(Duration notBeforeDuration)

Assigns the setting that tells the time restrictions the IdP puts on an Assertion concerning "not before". Defaults to AssertionSettings.NOT_BEFORE_DURATION_DEFAULT.

Parameters:

notBeforeDuration - duration

setIdGenerator

public void setIdGenerator(Saml2MessageIDGenerator idGenerator)

Assigns a custom ID generator. The default is DefaultSaml2MessageIDGenerator.

Parameters:

idGenerator - the ID generator