Package se.swedenconnect.spring.saml.idp.authnrequest.authncontext

Class AuthnContextResolver

java.lang.Object
se.swedenconnect.spring.saml.idp.authnrequest.authncontext.AuthnContextResolver
public class AuthnContextResolver extends Object
A bean that resolves the received contents of a RequestedAuthnContext element.
Author:
Martin Lindström

  • Constructor Details

    • AuthnContextResolver

      public AuthnContextResolver()
      Default constructor.

  • Method Details

    • resolve

      public List<String> resolve(@Nullable RequestedAuthnContext requestedAuthnContext, @Nonnull String logString) throws Saml2ErrorStatusException
      Resolves the authentication context class references based on the provided RequestedAuthnContext and its comparison type. Different comparison types such as "exact", "minimum", "better", or "maximum" influence the resolution logic. In the event of a misconfiguration or unsupported comparison type, an exception is thrown. If no RequestedAuthnContext is provided, the method returns an empty list.
      Parameters:
      requestedAuthnContext - the requested authentication context, which includes the comparison type and authentication context class references; may be null.
      logString - a string used for logging purposes, providing additional context for debugging; must not be null.
      Returns:
      a list of resolved authentication context class references based on the comparison type, or an empty list if requestedAuthnContext is null.
      Throws:
      Saml2ErrorStatusException - if the comparison type is unsupported, or if mappings required for resolution are not properly configured.

    • setMinimumMapping

      public void setMinimumMapping(@Nullable Map<String,List<String>> minimumMapping)
      Sets the map representing the minimum authentication context class mappings. Each URI key in the map is associated with a list of authentication context classes that correspond to a "minimum" comparison. For example, if a context X is given with a minimum requirement, it may resolve to X, Y, and Z.
      Parameters:
      minimumMapping - a map where the key is a URI string and the value is a list of corresponding authentication context classes, or null if no minimum mapping is configured

    • setBetterMapping

      public void setBetterMapping(@Nullable Map<String,List<String>> betterMapping)
      Sets the map representing the "better" authentication context class mappings. Each URI key in the map is associated with a list of authentication context classes that correspond to a "better" comparison. For example, if a context X is given with a "better" requirement, it may resolve to Y and Z.
      Parameters:
      betterMapping - a map where the key is a URI string and the value is a list of corresponding authentication context classes, or null if no better mapping is configured

    • setMaximumMapping

      public void setMaximumMapping(@Nullable Map<String,List<String>> maximumMapping)
      Sets the map representing the "maximum" authentication context class mappings. Each URI key in the map is associated with a list of authentication context classes that correspond to a "maximum" comparison. For example, if a context Y is given with a maximum requirement, it may resolve to X and Y.
      Parameters:
      maximumMapping - a map where the key is a URI string and the value is a list of corresponding authentication context classes, or null if no maximum mapping is configured