Spring Security SAML

org.springframework.security.saml.websso
Class WebSSOProfileOptions

java.lang.Object
  extended by org.springframework.security.saml.websso.WebSSOProfileOptions
All Implemented Interfaces:
Serializable, Cloneable

public class WebSSOProfileOptions
extends Object
implements Serializable, Cloneable

JavaBean contains properties allowing customization of SAML request message sent to the IDP.

Author:
Vladimir Schafer
See Also:
Serialized Form

Constructor Summary
WebSSOProfileOptions()
           
WebSSOProfileOptions(String binding)
           
 
Method Summary
 WebSSOProfileOptions clone()
          Clones the current object.
 Set<String> getAllowedIDPs()
           
 Integer getAssertionConsumerIndex()
           
 org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration getAuthnContextComparison()
           
 Collection<String> getAuthnContexts()
           
 String getBinding()
           
 Boolean getForceAuthN()
           
 String getNameID()
          NameID to used or null to omit NameIDPolicy from request.
 Boolean getPassive()
          Sets whether the IdP should refrain from interacting with the user during the authentication process.
 String getProviderName()
          Human readable name of the local entity.
 Integer getProxyCount()
           
 String getRelayState()
           
 Boolean isAllowCreate()
           
 Boolean isIncludeScoping()
          True if scoping element should be included in the requests sent to IDP.
 void setAllowCreate(Boolean allowCreate)
          Flag indicating whether IDP can create new user based on the current authentication request.
 void setAllowedIDPs(Set<String> allowedIDPs)
          List of IDPs which are allowed to process the created AuthnRequest.
 void setAssertionConsumerIndex(Integer assertionConsumerIndex)
          When set determines assertionConsumerService and binding to which should IDP send response.
 void setAuthnContextComparison(org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration authnContextComparison)
          Sets comparison to use for WebSSO requests.
 void setAuthnContexts(Collection<String> authnContexts)
           
 void setBinding(String binding)
          Sets binding to be used for for sending SAML message to IDP.
 void setForceAuthN(Boolean forceAuthN)
           
 void setIncludeScoping(Boolean includeScoping)
           
 void setNameID(String nameID)
          When set determines which NameIDPolicy will be requested as part of the AuthnRequest sent to the IDP.
 void setPassive(Boolean passive)
          Sets whether the IdP should refrain from interacting with the user during the authentication process.
 void setProviderName(String providerName)
          Sets human readable name of the local entity used in ECP profile.
 void setProxyCount(Integer proxyCount)
          Determines value to be used in the proxyCount attribute of the scope in the AuthnRequest.
 void setRelayState(String relayState)
          Relay state sent to the IDP as part of the authentication request.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

WebSSOProfileOptions

public WebSSOProfileOptions()

WebSSOProfileOptions

public WebSSOProfileOptions(String binding)
Method Detail

getBinding

public String getBinding()

setBinding

public void setBinding(String binding)
Sets binding to be used for for sending SAML message to IDP.

Parameters:
binding - binding value
See Also:
SAMLConstants.SAML2_POST_BINDING_URI, SAMLConstants.SAML2_REDIRECT_BINDING_URI, SAMLConstants.SAML2_PAOS_BINDING_URI, SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI

getPassive

public Boolean getPassive()
Sets whether the IdP should refrain from interacting with the user during the authentication process. Boolean values will be marshalled to either "true" or "false".

Returns:
true if passive authentication is allowed, false otherwise, null will omit the passive parameter from request

setPassive

public void setPassive(Boolean passive)
Sets whether the IdP should refrain from interacting with the user during the authentication process. Boolean values will be marshalled to either "true" or "false", value will be omitted from request when null..

Parameters:
passive - true if passive authentication is allowed, false otherwise, null to omit the field

getForceAuthN

public Boolean getForceAuthN()

setForceAuthN

public void setForceAuthN(Boolean forceAuthN)

isIncludeScoping

public Boolean isIncludeScoping()
True if scoping element should be included in the requests sent to IDP.

Returns:
true if scoping should be included, scoping won't be included when null or false

setIncludeScoping

public void setIncludeScoping(Boolean includeScoping)

getProxyCount

public Integer getProxyCount()
Returns:
null to skip proxyCount, 0 to disable proxying, >0 to allow proxying

setProxyCount

public void setProxyCount(Integer proxyCount)
Determines value to be used in the proxyCount attribute of the scope in the AuthnRequest. In case value is null the proxyCount attribute is omitted. Use zero to disable proxying or value >0 to specify how many hops are allowed.

Property includeScoping must be enabled for this value to take any effect.

Parameters:
proxyCount - null to skip proxyCount in the AuthnRequest, 0 to disable proxying, >0 to allow proxying

getAuthnContexts

public Collection<String> getAuthnContexts()

setAuthnContexts

public void setAuthnContexts(Collection<String> authnContexts)

clone

public WebSSOProfileOptions clone()
Clones the current object.

Overrides:
clone in class Object
Returns:
clone

getNameID

public String getNameID()
NameID to used or null to omit NameIDPolicy from request.

Returns:
name ID

setNameID

public void setNameID(String nameID)
When set determines which NameIDPolicy will be requested as part of the AuthnRequest sent to the IDP.

Parameters:
nameID - name ID
See Also:
NameIDType.EMAIL, NameIDType.TRANSIENT, NameIDType.PERSISTENT, NameIDType.X509_SUBJECT, NameIDType.KERBEROS, NameIDType.UNSPECIFIED

isAllowCreate

public Boolean isAllowCreate()

setAllowCreate

public void setAllowCreate(Boolean allowCreate)
Flag indicating whether IDP can create new user based on the current authentication request. Null value will omit field from the request.

Parameters:
allowCreate - allow create

getAuthnContextComparison

public org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration getAuthnContextComparison()
Returns:
comparison mode to use by default mode minimum is used

setAuthnContextComparison

public void setAuthnContextComparison(org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration authnContextComparison)
Sets comparison to use for WebSSO requests. No change for null values.

Parameters:
authnContextComparison - context to set

getAllowedIDPs

public Set<String> getAllowedIDPs()

setAllowedIDPs

public void setAllowedIDPs(Set<String> allowedIDPs)
List of IDPs which are allowed to process the created AuthnRequest. IDP the request will be sent to is added automatically. In case value is null the allowedIDPs will not be included in the Scoping element.

Property includeScoping must be enabled for this value to take any effect.

Parameters:
allowedIDPs - IDPs enabled to process the created authnRequest, null to skip the attribute from scoptin

getProviderName

public String getProviderName()
Human readable name of the local entity.

Returns:
entity name

setProviderName

public void setProviderName(String providerName)
Sets human readable name of the local entity used in ECP profile.

Parameters:
providerName - provider name

getAssertionConsumerIndex

public Integer getAssertionConsumerIndex()

setAssertionConsumerIndex

public void setAssertionConsumerIndex(Integer assertionConsumerIndex)
When set determines assertionConsumerService and binding to which should IDP send response. By default service is determined automatically. Available indexes can be found in metadata of this service provider.

Parameters:
assertionConsumerIndex - index

getRelayState

public String getRelayState()

setRelayState

public void setRelayState(String relayState)
Relay state sent to the IDP as part of the authentication request. Value will be returned by IDP and made available in the SAMLCredential after successful authentication.

Parameters:
relayState - relay state

Spring Security SAML