Class Saml2ResponseBuilder
java.lang.Object
se.swedenconnect.spring.saml.idp.response.Saml2ResponseBuilder
Builds a SAML
Response message.- Author:
- Martin Lindström
-
Constructor Summary
ConstructorsConstructorDescriptionSaml2ResponseBuilder(String idpEntityId, PkiCredential signingCredential, Saml2IdpEventPublisher eventPublisher) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionbuildErrorResponse(Saml2ResponseAttributes responseAttributes, Status errorStatus) buildErrorResponse(Saml2ResponseAttributes responseAttributes, Saml2ErrorStatusException error) Given aSaml2ErrorStatusExceptionexception, the method builds aResponseobject indicating the errorStatusgiven by the exception and signs it.buildResponse(Saml2ResponseAttributes responseAttributes, Assertion assertion) protected ResponsecreateResponse(Saml2ResponseAttributes responseAttributes, Status status) Creates aResponseobject with the basic attributesID,DestinationandInResponseToas well as theIssuerelement and the suppliedStatuselement.protected EncryptedAssertionencryptAssertion(Assertion assertion, EntityDescriptor peerMetadata) Encrypts the suppliedAssertion.booleanTells whether assertions are encrypted.voidsetEncryptAssertions(boolean encryptAssertions) Assigns whether assertions should be encrypted.voidsetIdGenerator(Saml2MessageIDGenerator idGenerator) Assigns a custom ID generator.voidsetMessageSource(MessageSource messageSource) Assigns a message source for resolving error messages.voidsetResponseCustomizer(org.springframework.security.config.Customizer<Response> responseCustomizer) By assigning aCustomizertheResponseobject that is built can be modified.protected voidsignResponse(Response samlResponse, EntityDescriptor peerMetadata) Signs theResponsemessage.
-
Constructor Details
-
Saml2ResponseBuilder
public Saml2ResponseBuilder(String idpEntityId, PkiCredential signingCredential, Saml2IdpEventPublisher eventPublisher) Constructor.- Parameters:
idpEntityId- the entityID for the IdPsigningCredential- the IdP signing credential (for signing ofResponseobjects)eventPublisher- the event publisher
-
-
Method Details
-
buildErrorResponse
Given an errorStatusobject, the method builds aResponseobject indicating the error and signs it.- Parameters:
responseAttributes- the response attributes needed for building theResponseobjecterrorStatus- the SAML status object- Returns:
- a
Responseobject - Throws:
UnrecoverableSaml2IdpException- for errors
-
buildErrorResponse
public Response buildErrorResponse(Saml2ResponseAttributes responseAttributes, Saml2ErrorStatusException error) throws UnrecoverableSaml2IdpException Given aSaml2ErrorStatusExceptionexception, the method builds aResponseobject indicating the errorStatusgiven by the exception and signs it.- Parameters:
responseAttributes- the response attributes needed for building theResponseobjecterror- the SAML error- Returns:
- a
Responseobject - Throws:
UnrecoverableSaml2IdpException- for errors
-
buildResponse
public Response buildResponse(Saml2ResponseAttributes responseAttributes, Assertion assertion) throws UnrecoverableSaml2IdpException Given anAssertion, the method builds aResponseobject including the suppliedAssertion. If the Identity Provider is configured to encrypt assertions, the method encrypts the suppliedAssertionfor the recipient given bySaml2ResponseAttributes.getPeerMetadata().- Parameters:
responseAttributes- the response attributes needed for building theResponseobjectassertion- the SAMLAssertion- Returns:
- a
Responseobject - Throws:
UnrecoverableSaml2IdpException- for errors
-
createResponse
protected Response createResponse(Saml2ResponseAttributes responseAttributes, Status status) throws UnrecoverableSaml2IdpException Creates aResponseobject with the basic attributesID,DestinationandInResponseToas well as theIssuerelement and the suppliedStatuselement.- Parameters:
responseAttributes- the response attributes needed for building theResponseobjectstatus- the SAMLStatusobject- Returns:
- a
Responseobject - Throws:
UnrecoverableSaml2IdpException- for errors
-
signResponse
protected void signResponse(Response samlResponse, EntityDescriptor peerMetadata) throws UnrecoverableSaml2IdpException Signs theResponsemessage.- Parameters:
samlResponse- the object to signpeerMetadata- the peer metadata (may be used to select signing algorithm)- Throws:
UnrecoverableSaml2IdpException- for signing errors
-
encryptAssertion
protected EncryptedAssertion encryptAssertion(Assertion assertion, EntityDescriptor peerMetadata) throws UnrecoverableSaml2IdpException Encrypts the suppliedAssertion.- Parameters:
assertion- the assertion to encryptpeerMetadata- the metadata for the peer to whom we encrypt for- Returns:
- an
EncryptedAssertion - Throws:
UnrecoverableSaml2IdpException- for unrecoverable errors
-
isEncryptAssertions
public boolean isEncryptAssertions()Tells whether assertions are encrypted.- Returns:
trueif assertions are encrypted, andfalseotherwise
-
setEncryptAssertions
public void setEncryptAssertions(boolean encryptAssertions) Assigns whether assertions should be encrypted.- Parameters:
encryptAssertions- whether assertions should be encrypted
-
setIdGenerator
Assigns a custom ID generator. The default isDefaultSaml2MessageIDGenerator.- Parameters:
idGenerator- the ID generator
-
setResponseCustomizer
public void setResponseCustomizer(org.springframework.security.config.Customizer<Response> responseCustomizer) By assigning aCustomizertheResponseobject that is built can be modified. The customizer is invoked when theResponseobject has been completely built, but before it is signed.- Parameters:
responseCustomizer- aCustomizer
-
setMessageSource
Assigns a message source for resolving error messages.- Parameters:
messageSource- theMessageSource
-