Package se.swedenconnect.spring.saml.idp.authentication.provider

Class SignServiceSsoVoter

java.lang.Object

se.swedenconnect.spring.saml.idp.authentication.provider.SignServiceSsoVoter

All Implemented Interfaces:

SsoVoter

public class SignServiceSsoVoter
extends Object
implements SsoVoter

An SsoVoter that ensures that SAML service providers that are registered as "signature services" never get SSO. This is a function of the Swedish eID Framework.

Author:

Martin Lindström

Nested Class Summary

Nested classes/interfaces inherited from interface se.swedenconnect.spring.saml.idp.authentication.provider.SsoVoter

SsoVoter.Vote

Constructor Summary

Constructors

Constructor	Description
SignServiceSsoVoter()

Method Summary

Modifier and Type	Method	Description
SsoVoter.Vote	mayReuse(Saml2UserAuthentication userAuthn, Saml2UserAuthenticationInputToken token, Collection<String> allowedAuthnContexts)	Predicate that tells whether the supplied Authentication object may be used in SSO (according to the voter's logic).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignServiceSsoVoter

public SignServiceSsoVoter()

Method Details

mayReuse

public SsoVoter.Vote mayReuse(Saml2UserAuthentication userAuthn,
 Saml2UserAuthenticationInputToken token,
 Collection<String> allowedAuthnContexts)

Predicate that tells whether the supplied Authentication object may be used in SSO (according to the voter's logic).

Specified by:

mayReuse in interface SsoVoter

Parameters:

userAuthn - the user authentication object

token - the authentication input token (for the current authentication)

allowedAuthnContexts - a collection of the allowed authentication contexts

Returns:

SsoVoter.Vote.OK if the voter is OK with re-using the authentication, SsoVoter.Vote.DENY if the voter states that the authentication may noy be re-used, and SsoVoter.Vote.DONT_KNOW if the voter doesn't know