Package se.swedenconnect.spring.saml.idp.response

Class Saml2ResponseBuilder

java.lang.Object
se.swedenconnect.spring.saml.idp.response.Saml2ResponseBuilder
public class Saml2ResponseBuilder extends Object
Builds a SAML Response message.
Author:
Martin Lindström

  • Constructor Details

    • Saml2ResponseBuilder

      public Saml2ResponseBuilder(String idpEntityId, PkiCredential signingCredential, Saml2IdpEventPublisher eventPublisher)
      Constructor.
      Parameters:
      idpEntityId - the entityID for the IdP
      signingCredential - the IdP signing credential (for signing of Response objects)
      eventPublisher - the event publisher

  • Method Details

    • buildErrorResponse

      public org.opensaml.saml.saml2.core.Response buildErrorResponse(Saml2ResponseAttributes responseAttributes, org.opensaml.saml.saml2.core.Status errorStatus)
      Given an error Status object, the method builds a Response object indicating the error and signs it.
      Parameters:
      responseAttributes - the response attributes needed for building the Response object
      errorStatus - the SAML status object
      Returns:
      a Response object
      Throws:
      UnrecoverableSaml2IdpException - for errors

    • buildErrorResponse

      public org.opensaml.saml.saml2.core.Response buildErrorResponse(Saml2ResponseAttributes responseAttributes, Saml2ErrorStatusException error) throws UnrecoverableSaml2IdpException
      Given a Saml2ErrorStatusException exception, the method builds a Response object indicating the error Status given by the exception and signs it.
      Parameters:
      responseAttributes - the response attributes needed for building the Response object
      error - the SAML error
      Returns:
      a Response object
      Throws:
      UnrecoverableSaml2IdpException - for errors

    • buildResponse

      public org.opensaml.saml.saml2.core.Response buildResponse(Saml2ResponseAttributes responseAttributes, org.opensaml.saml.saml2.core.Assertion assertion) throws UnrecoverableSaml2IdpException
      Given an Assertion, the method builds a Response object including the supplied Assertion. If the Identity Provider is configured to encrypt assertions, the method encrypts the supplied Assertion for the recipient given by Saml2ResponseAttributes.getPeerMetadata().
      Parameters:
      responseAttributes - the response attributes needed for building the Response object
      assertion - the SAML Assertion
      Returns:
      a Response object
      Throws:
      UnrecoverableSaml2IdpException - for errors

    • createResponse

      protected org.opensaml.saml.saml2.core.Response createResponse(Saml2ResponseAttributes responseAttributes, org.opensaml.saml.saml2.core.Status status) throws UnrecoverableSaml2IdpException
      Creates a Response object with the basic attributes ID, Destination and InResponseTo as well as the Issuer element and the supplied Status element.
      Parameters:
      responseAttributes - the response attributes needed for building the Response object
      status - the SAML Status object
      Returns:
      a Response object
      Throws:
      UnrecoverableSaml2IdpException - for errors

    • signResponse

      protected void signResponse(org.opensaml.saml.saml2.core.Response samlResponse, org.opensaml.saml.saml2.metadata.EntityDescriptor peerMetadata) throws UnrecoverableSaml2IdpException
      Signs the Response message.
      Parameters:
      samlResponse - the object to sign
      peerMetadata - the peer metadata (may be used to select signing algorithm)
      Throws:
      UnrecoverableSaml2IdpException - for signing errors

    • encryptAssertion

      protected org.opensaml.saml.saml2.core.EncryptedAssertion encryptAssertion(org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.saml.saml2.metadata.EntityDescriptor peerMetadata) throws UnrecoverableSaml2IdpException
      Encrypts the supplied Assertion.
      Parameters:
      assertion - the assertion to encrypt
      peerMetadata - the metadata for the peer to whom we encrypt for
      Returns:
      an EncryptedAssertion
      Throws:
      UnrecoverableSaml2IdpException - for unrecoverable errors

    • isEncryptAssertions

      public boolean isEncryptAssertions()
      Tells whether assertions are encrypted.
      Returns:
      true if assertions are encrypted, and false otherwise

    • setEncryptAssertions

      public void setEncryptAssertions(boolean encryptAssertions)
      Assigns whether assertions should be encrypted.
      Parameters:
      encryptAssertions - whether assertions should be encrypted

    • setIdGenerator

      public void setIdGenerator(Saml2MessageIDGenerator idGenerator)
      Assigns a custom ID generator. The default is DefaultSaml2MessageIDGenerator.
      Parameters:
      idGenerator - the ID generator

    • setResponseCustomizer

      public void setResponseCustomizer(org.springframework.security.config.Customizer<org.opensaml.saml.saml2.core.Response> responseCustomizer)
      By assigning a Customizer the Response object that is built can be modified. The customizer is invoked when the Response object has been completely built, but before it is signed.
      Parameters:
      responseCustomizer - a Customizer

    • setMessageSource

      public void setMessageSource(MessageSource messageSource)
      Assigns a message source for resolving error messages.
      Parameters:
      messageSource - the MessageSource