Package se.swedenconnect.spring.saml.idp.utils

Interface Saml2MessageIDGenerator

All Known Implementing Classes:
DefaultSaml2MessageIDGenerator
public interface Saml2MessageIDGenerator
An interface for generating ID attributes for SAML objects.

From section 1.3.4 of Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0:

The xs:ID simple type is used to declare SAML identifiers for assertions, requests, and responses. Values declared to be of type xs:ID in this specification MUST satisfy the following properties in addition to those imposed by the definition of the xs:ID type itself:

  • Any party that assigns an identifier MUST ensure that there is negligible probability that that party or any other party will accidentally assign the same identifier to a different data object.
  • Where a data object declares that it has a particular identifier, there MUST be exactly one such declaration.

The mechanism by which a SAML system entity ensures that the identifier is unique is left to the implementation. In the case that a random or pseudorandom technique is employed, the probability of two randomly chosen identifiers being identical MUST be less than or equal to 2-128 and SHOULD be less than or equal to 2-160. This requirement MAY be met by encoding a randomly chosen value between 128 and 160 bits in length. The encoding must conform to the rules defining the xs:ID datatype. A pseudorandom generator MUST be seeded with unique material in order to ensure the desired uniqueness properties between different systems.

Author:
Martin Lindström

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    generateIdentifier()
    Generates an identifier.

  • Method Details

    • generateIdentifier

      String generateIdentifier()
      Generates an identifier.
      Returns:
      an identifier