org.springframework.security.saml.websso
Class WebSSOProfileOptions

java.lang.Object
  org.springframework.security.saml.websso.WebSSOProfileOptions

All Implemented Interfaces:

Serializable, Cloneable

public class WebSSOProfileOptions
extends Object
implements Serializable, Cloneable

JavaBean contains properties allowing customization of SAML request message sent to the IDP.

Author:

Vladimir Schafer

See Also:

Serialized Form

Constructor Summary

WebSSOProfileOptions()

WebSSOProfileOptions(String binding)

Method Summary

WebSSOProfileOptions	clone() Clones the current object.
Set<String>	getAllowedIDPs()
Integer	getAssertionConsumerIndex()
org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration	getAuthnContextComparison()
Collection<String>	getAuthnContexts()
String	getBinding()
Boolean	getForceAuthN()
String	getNameID() NameID to used or null to omit NameIDPolicy from request.
Boolean	getPassive() Sets whether the IdP should refrain from interacting with the user during the authentication process.
String	getProviderName() Human readable name of the local entity.
Integer	getProxyCount()
String	getRelayState()
Boolean	isAllowCreate()
Boolean	isIncludeScoping() True if scoping element should be included in the requests sent to IDP.
void	setAllowCreate(Boolean allowCreate) Flag indicating whether IDP can create new user based on the current authentication request.
void	setAllowedIDPs(Set<String> allowedIDPs) List of IDPs which are allowed to process the created AuthnRequest.
void	setAssertionConsumerIndex(Integer assertionConsumerIndex) When set determines assertionConsumerService and binding to which should IDP send response.
void	setAuthnContextComparison(org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration authnContextComparison) Sets comparison to use for WebSSO requests.
void	setAuthnContexts(Collection<String> authnContexts)
void	setBinding(String binding) Sets binding to be used for for sending SAML message to IDP.
void	setForceAuthN(Boolean forceAuthN)
void	setIncludeScoping(Boolean includeScoping)
void	setNameID(String nameID) When set determines which NameIDPolicy will be requested as part of the AuthnRequest sent to the IDP.
void	setPassive(Boolean passive) Sets whether the IdP should refrain from interacting with the user during the authentication process.
void	setProviderName(String providerName) Sets human readable name of the local entity used in ECP profile.
void	setProxyCount(Integer proxyCount) Determines value to be used in the proxyCount attribute of the scope in the AuthnRequest.
void	setRelayState(String relayState) Relay state sent to the IDP as part of the authentication request.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WebSSOProfileOptions

public WebSSOProfileOptions()

WebSSOProfileOptions

public WebSSOProfileOptions(String binding)

Method Detail

getBinding

public String getBinding()

setBinding

public void setBinding(String binding)

Sets binding to be used for for sending SAML message to IDP.

Parameters:

binding - binding value

See Also:

SAMLConstants.SAML2_POST_BINDING_URI, SAMLConstants.SAML2_REDIRECT_BINDING_URI, SAMLConstants.SAML2_PAOS_BINDING_URI, SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI

getPassive

public Boolean getPassive()

Sets whether the IdP should refrain from interacting with the user during the authentication process. Boolean values will be marshalled to either "true" or "false".

Returns:

true if passive authentication is allowed, false otherwise, null will omit the passive parameter from request

setPassive

public void setPassive(Boolean passive)

Sets whether the IdP should refrain from interacting with the user during the authentication process. Boolean values will be marshalled to either "true" or "false", value will be omitted from request when null..

Parameters:

passive - true if passive authentication is allowed, false otherwise, null to omit the field

getForceAuthN

public Boolean getForceAuthN()

setForceAuthN

public void setForceAuthN(Boolean forceAuthN)

isIncludeScoping

public Boolean isIncludeScoping()

True if scoping element should be included in the requests sent to IDP.

Returns:

true if scoping should be included, scoping won't be included when null or false

setIncludeScoping

public void setIncludeScoping(Boolean includeScoping)

getProxyCount

public Integer getProxyCount()

Returns:

null to skip proxyCount, 0 to disable proxying, >0 to allow proxying

setProxyCount

public void setProxyCount(Integer proxyCount)

Determines value to be used in the proxyCount attribute of the scope in the AuthnRequest. In case value is null the proxyCount attribute is omitted. Use zero to disable proxying or value >0 to specify how many hops are allowed.

Property includeScoping must be enabled for this value to take any effect.

Parameters:

proxyCount - null to skip proxyCount in the AuthnRequest, 0 to disable proxying, >0 to allow proxying

getAuthnContexts

public Collection<String> getAuthnContexts()

setAuthnContexts

public void setAuthnContexts(Collection<String> authnContexts)

clone

public WebSSOProfileOptions clone()

Clones the current object.

Overrides:

clone in class Object

Returns:

clone

getNameID

public String getNameID()

NameID to used or null to omit NameIDPolicy from request.

Returns:

name ID

setNameID

public void setNameID(String nameID)

When set determines which NameIDPolicy will be requested as part of the AuthnRequest sent to the IDP.

Parameters:

nameID - name ID

See Also:

NameIDType.EMAIL, NameIDType.TRANSIENT, NameIDType.PERSISTENT, NameIDType.X509_SUBJECT, NameIDType.KERBEROS, NameIDType.UNSPECIFIED

isAllowCreate

public Boolean isAllowCreate()

setAllowCreate

public void setAllowCreate(Boolean allowCreate)

Flag indicating whether IDP can create new user based on the current authentication request. Null value will omit field from the request.

Parameters:

allowCreate - allow create

getAuthnContextComparison

public org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration getAuthnContextComparison()

Returns:

comparison mode to use by default mode minimum is used

setAuthnContextComparison

public void setAuthnContextComparison(org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration authnContextComparison)

Sets comparison to use for WebSSO requests. No change for null values.

Parameters:

authnContextComparison - context to set

getAllowedIDPs

public Set<String> getAllowedIDPs()

setAllowedIDPs

public void setAllowedIDPs(Set<String> allowedIDPs)

List of IDPs which are allowed to process the created AuthnRequest. IDP the request will be sent to is added automatically. In case value is null the allowedIDPs will not be included in the Scoping element.

Property includeScoping must be enabled for this value to take any effect.

Parameters:

allowedIDPs - IDPs enabled to process the created authnRequest, null to skip the attribute from scoptin

getProviderName

public String getProviderName()

Human readable name of the local entity.

Returns:

entity name

setProviderName

public void setProviderName(String providerName)

Sets human readable name of the local entity used in ECP profile.

Parameters:

providerName - provider name

getAssertionConsumerIndex

public Integer getAssertionConsumerIndex()

setAssertionConsumerIndex

public void setAssertionConsumerIndex(Integer assertionConsumerIndex)

When set determines assertionConsumerService and binding to which should IDP send response. By default service is determined automatically. Available indexes can be found in metadata of this service provider.

Parameters:

assertionConsumerIndex - index

getRelayState

public String getRelayState()

setRelayState

public void setRelayState(String relayState)

Relay state sent to the IDP as part of the authentication request. Value will be returned by IDP and made available in the SAMLCredential after successful authentication.

Parameters:

relayState - relay state