Class RelyingPartyRegistration
java.lang.Object
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
- All Implemented Interfaces:
Serializable
Represents a configured relying party (aka Service Provider) and asserting party (aka
Identity Provider) pair.
Each RP/AP pair is uniquely identified using a registrationId, an arbitrary
string.
A fully configured registration may look like:
String registrationId = "simplesamlphp";
String relyingPartyEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
String assertingConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}";
Saml2X509Credential relyingPartySigningCredential = ...;
String assertingPartyEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
Saml2X509Credential assertingPartyVerificationCredential = ...;
RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId)
.entityId(relyingPartyEntityId)
.assertionConsumerServiceLocation(assertingConsumerServiceLocation)
.signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
.assertingPartyMetadata((metadata) -> metadata
.entityId(assertingPartyEntityId));
.singleSignOnServiceLocation(singleSignOnServiceLocation))
.verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
.build();
- Since:
- 5.2
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classThe configuration metadata of the Asserting partystatic class -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedRelyingPartyRegistration(String registrationId, String entityId, String assertionConsumerServiceLocation, Saml2MessageBinding assertionConsumerServiceBinding, @Nullable String singleLogoutServiceLocation, @Nullable String singleLogoutServiceResponseLocation, Collection<Saml2MessageBinding> singleLogoutServiceBindings, RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails, @Nullable String nameIdFormat, boolean authnRequestsSigned, Collection<Saml2X509Credential> decryptionX509Credentials, Collection<Saml2X509Credential> signingX509Credentials) -
Method Summary
Modifier and TypeMethodDescriptionGet the metadata for the Asserting PartyGet the AssertionConsumerService Binding.Get the AssertionConsumerService Location.Get theCollectionof decryptionSaml2X509Credentials associated with this relying partyGet the relying party's EntityID.@Nullable StringGet the NameID format.Get the unique registration id for this RP/AP pairGet theCollectionof signingSaml2X509Credentials associated with this relying partyGet the SingleLogoutService BindingGet the SingleLogoutService Binding@Nullable StringGet the SingleLogoutService Location@Nullable StringbooleanGet the AuthnRequestsSigned setting.mutate()Copy the properties in thisRelyingPartyRegistrationinto aRelyingPartyRegistration.BuilderCreates aRelyingPartyRegistrationRelyingPartyRegistration.Builderwith aregistrationIdequivalent to the asserting party entity id.withRegistrationId(String registrationId)
-
Constructor Details
-
RelyingPartyRegistration
protected RelyingPartyRegistration(String registrationId, String entityId, String assertionConsumerServiceLocation, Saml2MessageBinding assertionConsumerServiceBinding, @Nullable String singleLogoutServiceLocation, @Nullable String singleLogoutServiceResponseLocation, Collection<Saml2MessageBinding> singleLogoutServiceBindings, RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails, @Nullable String nameIdFormat, boolean authnRequestsSigned, Collection<Saml2X509Credential> decryptionX509Credentials, Collection<Saml2X509Credential> signingX509Credentials)
-
-
Method Details
-
mutate
Copy the properties in thisRelyingPartyRegistrationinto aRelyingPartyRegistration.Builder- Returns:
- a
RelyingPartyRegistration.Builderbased off of the properties in thisRelyingPartyRegistration - Since:
- 6.1
-
getRegistrationId
Get the unique registration id for this RP/AP pair- Returns:
- the unique registration id for this RP/AP pair
-
getEntityId
Get the relying party's EntityID.Equivalent to the value found in the relying party's <EntityDescriptor EntityID="..."/>
This value may contain a number of placeholders, which need to be resolved before use. They are
baseUrl,registrationId,baseScheme,baseHost, andbasePort.- Returns:
- the relying party's EntityID
- Since:
- 5.4
-
getAssertionConsumerServiceLocation
Get the AssertionConsumerService Location. Equivalent to the value found in <AssertionConsumerService Location="..."/> in the relying party's <SPSSODescriptor>. This value may contain a number of placeholders, which need to be resolved before use. They arebaseUrl,registrationId,baseScheme,baseHost, andbasePort.- Returns:
- the AssertionConsumerService Location
- Since:
- 5.4
-
getAssertionConsumerServiceBinding
Get the AssertionConsumerService Binding. Equivalent to the value found in <AssertionConsumerService Binding="..."/> in the relying party's <SPSSODescriptor>.- Returns:
- the AssertionConsumerService Binding
- Since:
- 5.4
-
getSingleLogoutServiceBinding
Get the SingleLogoutService BindingEquivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Binding
- Since:
- 5.6
-
getSingleLogoutServiceBindings
Get the SingleLogoutService BindingEquivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Binding
- Since:
- 5.8
-
getSingleLogoutServiceLocation
Get the SingleLogoutService LocationEquivalent to the value found in <SingleLogoutService Location="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Location
- Since:
- 5.6
-
getSingleLogoutServiceResponseLocation
Get the SingleLogoutService Response LocationEquivalent to the value found in <SingleLogoutService ResponseLocation="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Response Location
- Since:
- 5.6
-
getNameIdFormat
Get the NameID format.- Returns:
- the NameID format
- Since:
- 5.7
-
isAuthnRequestsSigned
public boolean isAuthnRequestsSigned()Get the AuthnRequestsSigned setting. Iftrue, the relying party will sign all AuthnRequests, regardless of asserting party preference.Note that Spring Security will sign the request if either
isAuthnRequestsSigned()istrueorRelyingPartyRegistration.AssertingPartyDetails.getWantAuthnRequestsSigned()istrue.- Returns:
- the relying-party preference
- Since:
- 6.1
-
getDecryptionX509Credentials
Get theCollectionof decryptionSaml2X509Credentials associated with this relying party- Returns:
- the
Collectionof decryptionSaml2X509Credentials associated with this relying party - Since:
- 5.4
-
getSigningX509Credentials
Get theCollectionof signingSaml2X509Credentials associated with this relying party- Returns:
- the
Collectionof signingSaml2X509Credentials associated with this relying party - Since:
- 5.4
-
getAssertingPartyMetadata
Get the metadata for the Asserting Party- Returns:
- the
AssertingPartyMetadata - Since:
- 6.4
-
withRegistrationId
- Parameters:
registrationId- a string identifier for theRelyingPartyRegistration- Returns:
Builderto create aRelyingPartyRegistrationobject
-
withAssertingPartyMetadata
public static RelyingPartyRegistration.Builder withAssertingPartyMetadata(AssertingPartyMetadata metadata) Creates aRelyingPartyRegistrationRelyingPartyRegistration.Builderwith aregistrationIdequivalent to the asserting party entity id. Also initializes to the contents of the givenAssertingPartyMetadata.- Parameters:
metadata- the metadata used to initialize theRelyingPartyRegistrationRelyingPartyRegistration.Builder- Returns:
RelyingPartyRegistration.Builderto create aRelyingPartyRegistrationobject- Since:
- 6.4
-