Spring Security SAML

org.springframework.security.saml
Class SAMLCredential

java.lang.Object
  extended by org.springframework.security.saml.SAMLCredential
All Implemented Interfaces:
Serializable

public class SAMLCredential
extends Object
implements Serializable

Object is a storage for entities parsed from SAML2 response during its authentication. The object is stored as credential object inside the Authentication returned after the authentication success.

The SAML entities (NameID, Assertion) are internally stored in SAMLObject to permit their serialization.

Author:
Vladimir Schafer
See Also:
Serialized Form

Constructor Summary
SAMLCredential(org.opensaml.saml2.core.NameID nameID, org.opensaml.saml2.core.Assertion authenticationAssertion, String remoteEntityID, List<org.opensaml.saml2.core.Attribute> attributes, String localEntityID)
          Created unmodifiable SAML credential object.
SAMLCredential(org.opensaml.saml2.core.NameID nameID, org.opensaml.saml2.core.Assertion authenticationAssertion, String remoteEntityID, String localEntityID)
          Created unmodifiable SAML credential object.
SAMLCredential(org.opensaml.saml2.core.NameID nameID, org.opensaml.saml2.core.Assertion authenticationAssertion, String remoteEntityID, String relayState, List<org.opensaml.saml2.core.Attribute> attributes, String localEntityID)
          Created unmodifiable SAML credential object.
SAMLCredential(org.opensaml.saml2.core.NameID nameID, org.opensaml.saml2.core.Assertion authenticationAssertion, String remoteEntityID, String relayState, List<org.opensaml.saml2.core.Attribute> attributes, String localEntityID, Serializable additionalData)
          Created unmodifiable SAML credential object which contains additional customer specified data.
 
Method Summary
 Serializable getAdditionalData()
          Custom data created by profile customization
 org.opensaml.saml2.core.Attribute getAttribute(String name)
          Method searches for the first occurrence of the attribute with given name and returns it.
 String getAttributeAsString(String name)
          Method searches for the first occurrence of the Attribute with given name.
 String[] getAttributeAsStringArray(String name)
          Method searches for the first occurrence of the Attribute with given name.
 List<org.opensaml.saml2.core.Attribute> getAttributes()
          Unmodifiable list of all attributes loaded from the assertions received during SSO.
 org.opensaml.saml2.core.Assertion getAuthenticationAssertion()
          Assertion issued by IDP as part of the authentication process.
 String getLocalEntityID()
          Entity ID of the local actor.
 org.opensaml.saml2.core.NameID getNameID()
          NameID returned from IDP as part of the authentication process.
 String getRelayState()
           
 String getRemoteEntityID()
          Entity ID of the IDP which issued the assertion.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLCredential

public SAMLCredential(org.opensaml.saml2.core.NameID nameID,
                      org.opensaml.saml2.core.Assertion authenticationAssertion,
                      String remoteEntityID,
                      String localEntityID)
Created unmodifiable SAML credential object.

Parameters:
nameID - name ID of the authenticated entity
authenticationAssertion - assertion used to validate the entity
remoteEntityID - identifier of IDP where the assertion came from
localEntityID - local entity ID

SAMLCredential

public SAMLCredential(org.opensaml.saml2.core.NameID nameID,
                      org.opensaml.saml2.core.Assertion authenticationAssertion,
                      String remoteEntityID,
                      List<org.opensaml.saml2.core.Attribute> attributes,
                      String localEntityID)
Created unmodifiable SAML credential object.

Parameters:
nameID - name ID of the authenticated entity
authenticationAssertion - assertion used to validate the entity
remoteEntityID - identifier of IDP where the assertion came from
attributes - attributes collected from received assertions
localEntityID - local entity ID

SAMLCredential

public SAMLCredential(org.opensaml.saml2.core.NameID nameID,
                      org.opensaml.saml2.core.Assertion authenticationAssertion,
                      String remoteEntityID,
                      String relayState,
                      List<org.opensaml.saml2.core.Attribute> attributes,
                      String localEntityID)
Created unmodifiable SAML credential object.

Parameters:
nameID - name ID of the authenticated entity, may be null
authenticationAssertion - assertion used to validate the entity
remoteEntityID - identifier of IDP where the assertion came from
relayState - relay state received from IDP in case of unsolicited response
attributes - attributes collected from received assertions
localEntityID - local entity ID

SAMLCredential

public SAMLCredential(org.opensaml.saml2.core.NameID nameID,
                      org.opensaml.saml2.core.Assertion authenticationAssertion,
                      String remoteEntityID,
                      String relayState,
                      List<org.opensaml.saml2.core.Attribute> attributes,
                      String localEntityID,
                      Serializable additionalData)
Created unmodifiable SAML credential object which contains additional customer specified data.

Parameters:
nameID - name ID of the authenticated entity, may be null
authenticationAssertion - assertion used to validate the entity
remoteEntityID - identifier of IDP where the assertion came from
relayState - relay state received from IDP in case of unsolicited response
attributes - attributes collected from received assertions
localEntityID - local entity ID
additionalData - custom data created by profile customization
Method Detail

getNameID

public org.opensaml.saml2.core.NameID getNameID()
NameID returned from IDP as part of the authentication process.

Returns:
name id or null if there was no nameID in the assertion used to create the SAMLCredential

getAuthenticationAssertion

public org.opensaml.saml2.core.Assertion getAuthenticationAssertion()
Assertion issued by IDP as part of the authentication process.

Returns:
assertion

getRemoteEntityID

public String getRemoteEntityID()
Entity ID of the IDP which issued the assertion.

Returns:
IDP entity ID

getAttribute

public org.opensaml.saml2.core.Attribute getAttribute(String name)
Method searches for the first occurrence of the attribute with given name and returns it. Name comparing is only done by "name" attribute, disregarding "friendly-name" and "name-format". Attributes are searched in order as received in SAML message. Attribute names are case-insensitive.

Parameters:
name - name of attribute to find
Returns:
the first occurrence of the attribute with the given name or null if not found

getAttributeAsString

public String getAttributeAsString(String name)
Method searches for the first occurrence of the Attribute with given name. It returns text content of the first AttributeValue element. In case there's multiple AttributeValues, the others are ignored. In case the Attribute is not found or doesn't contain any values method returns null. The AttributeValue must be of type xs:String or xs:Any, other types are ignored and return null. Attribute names are case-insensitive.

Parameters:
name - name of attribute to find
Returns:
the first occurrence of the attribute with the given name or null if not found

getAttributeAsStringArray

public String[] getAttributeAsStringArray(String name)
Method searches for the first occurrence of the Attribute with given name. It returns array with text contents of all the AttributeValue elements. In case the Attribute is not found method returns null. In case Attribute doesn't contain any values an empty array is returned. Array has always length equal to number of values in the attribute. The AttributeValues must be of type xs:String or xs:Any, other types are ignored and add null value to the array. Attribute names are case-insensitive.

Parameters:
name - name of attribute to find
Returns:
the first occurrence of the attribute with the given name or null if not found

getAttributes

public List<org.opensaml.saml2.core.Attribute> getAttributes()
Unmodifiable list of all attributes loaded from the assertions received during SSO. Attributes with the same name might be contained multiple times if received from different assertions. Order of attributes is the same as declared in the received SAML message.

Returns:
unmodifiable list of users attributes

getRelayState

public String getRelayState()
Returns:
null if not set, relayState received from IDP otherwise

getLocalEntityID

public String getLocalEntityID()
Entity ID of the local actor.

Returns:
entity ID

getAdditionalData

public Serializable getAdditionalData()
Custom data created by profile customization

Returns:
custom data

Spring Security SAML