Package se.swedenconnect.spring.saml.idp.response

Class Saml2ResponseBuilder

java.lang.Object

se.swedenconnect.spring.saml.idp.response.Saml2ResponseBuilder

public class Saml2ResponseBuilder
extends Object

Builds a SAML Response message.

Author:

Martin Lindström

Constructor Summary

Constructors

Constructor	Description
Saml2ResponseBuilder(String idpEntityId, PkiCredential signingCredential, Saml2IdpEventPublisher eventPublisher)	Constructor.

Method Summary

Modifier and Type	Method	Description
Response	buildErrorResponse(Saml2ResponseAttributes responseAttributes, Status errorStatus)	Given an error Status object, the method builds a Response object indicating the error and signs it.
Response	buildErrorResponse(Saml2ResponseAttributes responseAttributes, Saml2ErrorStatusException error)	Given a Saml2ErrorStatusException exception, the method builds a Response object indicating the error Status given by the exception and signs it.
Response	buildResponse(Saml2ResponseAttributes responseAttributes, Assertion assertion)	Given an Assertion, the method builds a Response object including the supplied Assertion.
protected Response	createResponse(Saml2ResponseAttributes responseAttributes, Status status)	Creates a Response object with the basic attributes ID, Destination and InResponseTo as well as the Issuer element and the supplied Status element.
protected EncryptedAssertion	encryptAssertion(Assertion assertion, EntityDescriptor peerMetadata)	Encrypts the supplied Assertion.
boolean	isEncryptAssertions()	Tells whether assertions are encrypted.
void	setEncryptAssertions(boolean encryptAssertions)	Assigns whether assertions should be encrypted.
void	setIdGenerator(Saml2MessageIDGenerator idGenerator)	Assigns a custom ID generator.
void	setMessageSource(MessageSource messageSource)	Assigns a message source for resolving error messages.
void	setResponseCustomizer(org.springframework.security.config.Customizer<Response> responseCustomizer)	By assigning a Customizer the Response object that is built can be modified.
protected void	signResponse(Response samlResponse, EntityDescriptor peerMetadata)	Signs the Response message.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Saml2ResponseBuilder

public Saml2ResponseBuilder(@Nonnull
 String idpEntityId,
 @Nonnull
 PkiCredential signingCredential,
 @Nonnull
 Saml2IdpEventPublisher eventPublisher)

Constructor.

Parameters:

idpEntityId - the entityID for the IdP

signingCredential - the IdP signing credential (for signing of Response objects)

eventPublisher - the event publisher

Method Details

buildErrorResponse

@Nonnull
public Response buildErrorResponse(@Nonnull
 Saml2ResponseAttributes responseAttributes,
 @Nonnull
 Status errorStatus)

Given an error Status object, the method builds a Response object indicating the error and signs it.

Parameters:

responseAttributes - the response attributes needed for building the Response object

errorStatus - the SAML status object

Returns:

a Response object

Throws:

UnrecoverableSaml2IdpException - for errors

buildErrorResponse

@Nonnull
public Response buildErrorResponse(@Nonnull
 Saml2ResponseAttributes responseAttributes,
 @Nonnull
 Saml2ErrorStatusException error)
                            throws UnrecoverableSaml2IdpException

Given a Saml2ErrorStatusException exception, the method builds a Response object indicating the error Status given by the exception and signs it.

Parameters:

responseAttributes - the response attributes needed for building the Response object

error - the SAML error

Returns:

a Response object

Throws:

UnrecoverableSaml2IdpException - for errors

buildResponse

@Nonnull
public Response buildResponse(@Nonnull
 Saml2ResponseAttributes responseAttributes,
 @Nonnull
 Assertion assertion)
                       throws UnrecoverableSaml2IdpException

Given an Assertion, the method builds a Response object including the supplied Assertion. If the Identity Provider is configured to encrypt assertions, the method encrypts the supplied Assertion for the recipient given by Saml2ResponseAttributes.getPeerMetadata().

Parameters:

responseAttributes - the response attributes needed for building the Response object

assertion - the SAML Assertion

Returns:

a Response object

Throws:

UnrecoverableSaml2IdpException - for errors

createResponse

@Nonnull
protected Response createResponse(@Nonnull
 Saml2ResponseAttributes responseAttributes,
 @Nonnull
 Status status)
                           throws UnrecoverableSaml2IdpException

Creates a Response object with the basic attributes ID, Destination and InResponseTo as well as the Issuer element and the supplied Status element.

Parameters:

responseAttributes - the response attributes needed for building the Response object

status - the SAML Status object

Returns:

a Response object

Throws:

UnrecoverableSaml2IdpException - for errors

signResponse

protected void signResponse(@Nonnull
 Response samlResponse,
 @Nonnull
 EntityDescriptor peerMetadata)
                     throws UnrecoverableSaml2IdpException

Signs the Response message.

Parameters:

samlResponse - the object to sign

peerMetadata - the peer metadata (may be used to select signing algorithm)

Throws:

UnrecoverableSaml2IdpException - for signing errors

encryptAssertion

@Nonnull
protected EncryptedAssertion encryptAssertion(@Nonnull
 Assertion assertion,
 @Nonnull
 EntityDescriptor peerMetadata)
                                       throws UnrecoverableSaml2IdpException

Encrypts the supplied Assertion.

Parameters:

assertion - the assertion to encrypt

peerMetadata - the metadata for the peer to whom we encrypt for

Returns:

an EncryptedAssertion

Throws:

UnrecoverableSaml2IdpException - for unrecoverable errors

isEncryptAssertions

public boolean isEncryptAssertions()

Tells whether assertions are encrypted.

Returns:

true if assertions are encrypted, and false otherwise

setEncryptAssertions

public void setEncryptAssertions(boolean encryptAssertions)

Assigns whether assertions should be encrypted.

Parameters:

encryptAssertions - whether assertions should be encrypted

setIdGenerator

public void setIdGenerator(@Nonnull
 Saml2MessageIDGenerator idGenerator)

Assigns a custom ID generator. The default is DefaultSaml2MessageIDGenerator.

Parameters:

idGenerator - the ID generator

setResponseCustomizer

public void setResponseCustomizer(@Nonnull
 org.springframework.security.config.Customizer<Response> responseCustomizer)

By assigning a Customizer the Response object that is built can be modified. The customizer is invoked when the Response object has been completely built, but before it is signed.

Parameters:

responseCustomizer - a Customizer

setMessageSource

public void setMessageSource(@Nullable
 MessageSource messageSource)

Assigns a message source for resolving error messages.

Parameters:

messageSource - the MessageSource