Package se.swedenconnect.spring.saml.idp.authnrequest

Interface AuthenticationRequirements

All Superinterfaces:
Serializable
public interface AuthenticationRequirements extends Serializable
An interface representing the authentication requirements that we deduce from an AuthnRequest message and the sending service provider's EntityDescriptor.
Author:
Martin Lindström

  • Method Details

    • isForceAuthn

      boolean isForceAuthn()
      Tells whether "force authentication" has been set, i.e., whether to force user authentication even though a valid user session exists.
      Returns:
      true if authentication should be forced, and false otherwise

    • isPassiveAuthn

      boolean isPassiveAuthn()
      Tells whether we should issue an assertion without requiring the user to authenticate again.
      Returns:
      true if passive authentication is required, and false otherwise

    • getEntityCategories

      @NonNull List<String> getEntityCategories()
      Gets the list of declared SAML entity categories for the relying party.
      Returns:
      a list of URI:s representing declared entity categories

    • getRequestedAttributes

      @NonNull Collection<RequestedAttribute> getRequestedAttributes()
      Gets the attributes requested directly in the authentication request or indirectly from the relying party metadata (AttributeConsumingService or entity category declarations).

      Note: Within the Swedish eID Framework the use of declared entity categories is the preferred way of informing the IdP about which attributes a relying party requests, see getEntityCategories().

      Returns:
      a collection of requested attributes

    • getAuthnContextRequirements

      @NonNull List<String> getAuthnContextRequirements()
      Gets a list of the requested authentication contexts (AuthnContextClassRef).

      The returned list is exhaustive, meaning that all possible URI:s are sent. For example if minimum comparison is declared, the list is filled with all possible URI:s.

      Returns:
      a list of URI:s

    • getPrincipalSelectionAttributes

      @NonNull Collection<UserAttribute> getPrincipalSelectionAttributes()
      The PrincipalSelection extension defined in Sweden Connect technical framework enables a relying party to include one or more attributes in the AuthnRequest to inform the IdP about the user that is being authenticated. This method returns this information.
      Returns:
      a (possibly empty) collection of "principal selection" attributes

    • getSignatureMessageExtension

      @Nullable SignatureMessageExtension getSignatureMessageExtension()
      Gets the SignatureMessageExtension which is the representation of the SignMessage extension as specified in section 3.1.2 of DSS Extension for Federated Central Signing Services.
      Returns:
      the sign message extension, or null if not present

    • getUserMessageExtension

      @Nullable UserMessageExtension getUserMessageExtension()
      Gets the UserMessageExtension which is the representation of the UserMessage extension as specified in User Message Extension in SAML Authentication Requests.
      Returns:
      the UserMessageExtension or null if not set

    • getSadRequestExtension

      @Nullable SadRequestExtension getSadRequestExtension()
      Gets the SadRequestExtension which is the representation of the SADRequest extension as specified in Signature Activation Protocol for Federated Signing.
      Returns:
      the SAD request extension, or null if not present