Package se.swedenconnect.spring.saml.idp.settings

Class IdentityProviderSettings

java.lang.Object
se.swedenconnect.spring.saml.idp.settings.AbstractSettings
se.swedenconnect.spring.saml.idp.settings.IdentityProviderSettings
All Implemented Interfaces:
Serializable
public class IdentityProviderSettings extends AbstractSettings
Identity Provider configuration settings.
Author:
Martin Lindström
See Also:

  • Field Details

    • SETTINGS_PREFIX

      public static final String SETTINGS_PREFIX
      Prefix for all configuration settings.
      See Also:

    • ENTITY_ID

      public static final String ENTITY_ID
      The Identity Provider entityID.

    • BASE_URL

      public static final String BASE_URL
      The Identity Provider base URL, i.e., the protocol, domain and context path. Must not end with an '/'.

    • HOK_BASE_URL

      public static final String HOK_BASE_URL
      The Identity Provider base URL for Holder-of-key support, i.e., the protocol, domain and context path. Must not end with an '/'.

      This setting is optional, and if HoK is being used and that requires a different IdP domain or context path this setting represents this base URL.

    • REQUIRES_SIGNED_REQUESTS

      public static final String REQUIRES_SIGNED_REQUESTS
      Whether the IdP requires signed authentication requests. A Boolean.

    • CLOCK_SKEW_ADJUSTMENT_DEFAULT

      public static final Duration CLOCK_SKEW_ADJUSTMENT_DEFAULT
      The default setting for the CLOCK_SKEW_ADJUSTMENT setting.

    • CLOCK_SKEW_ADJUSTMENT

      public static final String CLOCK_SKEW_ADJUSTMENT
      Clock skew adjustment (in both directions) to consider still acceptable messages. A Duration.

    • MAX_MESSAGE_AGE_DEFAULT

      public static final Duration MAX_MESSAGE_AGE_DEFAULT
      The default setting for the MAX_MESSAGE_AGE setting.

    • MAX_MESSAGE_AGE

      public static final String MAX_MESSAGE_AGE
      Maximum allowed age of received messages. A Duration.

    • SSO_DURATION_LIMIT_DEFAULT

      public static final Duration SSO_DURATION_LIMIT_DEFAULT
      The default value for the SSO_DURATION_LIMIT setting.

    • SSO_DURATION_LIMIT

      public static final String SSO_DURATION_LIMIT
      Based on a previous authentication, for how long may this authentication be re-used? A Duration.

    • SUPPORTS_USER_MESSAGE

      public static final String SUPPORTS_USER_MESSAGE
      Does the IdP support the UserMessage authentication request extension? A Boolean.

    • IDP_CREDENTIALS

      public static final String IDP_CREDENTIALS
      The Identity Provider credentials.

    • IDP_ENDPOINTS

      public static final String IDP_ENDPOINTS
      The Identity Provider endpoints.

    • IDP_ASSERTION_SETTINGS

      public static final String IDP_ASSERTION_SETTINGS
      The Identity Provider Assertion settings.

    • IDP_METADATA

      public static final String IDP_METADATA
      The Identity Provider metadata.

    • IDP_METADATA_PROVIDER

      public static final String IDP_METADATA_PROVIDER
      The Identity Provider metadata provider (resolver). May be assigned if the MetadataResolver is created "manually". See also IDP_METADATA_PROVIDER_CONFIGURATION for an alternate way of configuring the metadata provider.
      See Also:

    • IDP_METADATA_PROVIDER_CONFIGURATION

      public static final String IDP_METADATA_PROVIDER_CONFIGURATION
      The Identity Provider metadata provider configuration. An array of MetadataProviderSettings. By using this option instead of IDP_METADATA_PROVIDER the application provides configuration for setting up a MetadataResolver, but the actual creation is done by the configurers.

  • Method Details

    • getEntityId

      public String getEntityId()
      Gets the SAML entityID of the Identity Provider.
      Returns:
      Identity Provider entityID

    • getBaseUrl

      public String getBaseUrl()
      Gets the Identity Provider base URL, i.e., the protocol, domain and context path. Must not end with an '/'.
      Returns:
      the IdP base URL

    • getHokBaseUrl

      public String getHokBaseUrl()
      Gets the Identity Provider base URL for Holder-of-key support, i.e., the protocol, domain and context path. Must not end with an '/'.

      This setting is optional, and if HoK is being used and that requires a different IdP domain or context path this setting represents this base URL.

      Returns:
      the HoK base URL, or null if not assigned

    • getRequiresSignedRequests

      public Boolean getRequiresSignedRequests()
      Tells whether the IdP requires signed authentication requests.
      Returns:
      whether the IdP requires signed authentication requests

    • getClockSkewAdjustment

      public Duration getClockSkewAdjustment()
      Gets the clock skew adjustment (in both directions) to consider still acceptable messages.
      Returns:
      a Duration

    • getMaxMessageAge

      public Duration getMaxMessageAge()
      Gets the maximum allowed age of received messages.
      Returns:
      a Duration

    • getSsoDurationLimit

      public Duration getSsoDurationLimit()
      Based on a previous authentication, for how long may this authentication be re-used?
      Returns:
      a Duration

    • getSupportsUserMessage

      public Boolean getSupportsUserMessage()
      Does the IdP support the UserMessage authentication request extension?
      Returns:
      a Boolean

    • getCredentials

      public CredentialSettings getCredentials()
      Gets the IdP credentials.
      Returns:
      the IdP credentials

    • getEndpoints

      public EndpointSettings getEndpoints()
      Gets the IdP endpoints settings.
      Returns:
      the IdP endpoints settings

    • getAssertionSettings

      public AssertionSettings getAssertionSettings()
      Gets the Identity Provider Assertion settings.
      Returns:
      the Identity Provider Assertion settings

    • getMetadata

      public MetadataSettings getMetadata()
      Gets the IdP metadata settings.
      Returns:
      the IdP metadata settings

    • getMetadataProvider

      public org.opensaml.saml.metadata.resolver.MetadataResolver getMetadataProvider()
      Gets the Identity Provider metadata provider (resolver).

      A metadata provider may also be set up using IDP_METADATA_PROVIDER_CONFIGURATION.

      Returns:
      the metadata resolver to use or null
      See Also:

    • getMetadataProviderConfiguration

      public MetadataProviderSettings[] getMetadataProviderConfiguration()
      Gets the IdP metadata provider configuration settings.

      A metadata provider may also be set up using IDP_METADATA_PROVIDER.

      Returns:
      an array of metadata provider configuration settings
      See Also:

    • builder

      public static IdentityProviderSettings.Builder builder()
      Constructs a new IdentityProviderSettings.Builder.
      Returns:
      the builder

    • withSettings

      public static IdentityProviderSettings.Builder withSettings(Map<String,Object> settings)
      Constructs a new IdentityProviderSettings.Builder with the provided settings.
      Parameters:
      settings - the settings to initialize the builder
      Returns:
      the builder