Class RelyingPartyRegistration
- Direct Known Subclasses:
OpenSamlRelyingPartyRegistration
Each RP/AP pair is uniquely identified using a registrationId
, an arbitrary
string.
A fully configured registration may look like:
String registrationId = "simplesamlphp"; String relyingPartyEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}"; String assertionConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}"; Saml2X509Credential relyingPartySigningCredential = ...; String assertingPartyEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"; String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"; Saml2X509Credential assertingPartyVerificationCredential = ...; RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId) .entityId(relyingPartyEntityId) .assertionConsumerServiceLocation(assertingConsumerServiceLocation) .signingX509Credentials((c) -> c.add(relyingPartySigningCredential)) .assertingPartyDetails((details) -> details .entityId(assertingPartyEntityId)); .singleSignOnServiceLocation(singleSignOnServiceLocation)) .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential)) .build();
- Since:
- 5.2
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
The configuration metadata of the Asserting partystatic class
-
Constructor Summary
ModifierConstructorDescriptionprotected
RelyingPartyRegistration
(String registrationId, String entityId, String assertionConsumerServiceLocation, Saml2MessageBinding assertionConsumerServiceBinding, String singleLogoutServiceLocation, String singleLogoutServiceResponseLocation, Collection<Saml2MessageBinding> singleLogoutServiceBindings, RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails, String nameIdFormat, boolean authnRequestsSigned, Collection<Saml2X509Credential> decryptionX509Credentials, Collection<Saml2X509Credential> signingX509Credentials) -
Method Summary
Modifier and TypeMethodDescriptionDeprecated.Get the metadata for the Asserting PartyGet the AssertionConsumerService Binding.Get the AssertionConsumerService Location.Get theCollection
of decryptionSaml2X509Credential
s associated with this relying partyGet the relying party's EntityID.Get the NameID format.Get the unique registration id for this RP/AP pairGet theCollection
of signingSaml2X509Credential
s associated with this relying partyGet the SingleLogoutService BindingGet the SingleLogoutService BindingGet the SingleLogoutService Locationboolean
Get the AuthnRequestsSigned setting.mutate()
Copy the properties in thisRelyingPartyRegistration
into aRelyingPartyRegistration.Builder
withAssertingPartyDetails
(RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails) Deprecated, for removal: This API element is subject to removal in a future version.Creates aRelyingPartyRegistration
RelyingPartyRegistration.Builder
with aregistrationId
equivalent to the asserting party entity id.withRegistrationId
(String registrationId) withRelyingPartyRegistration
(RelyingPartyRegistration registration) Deprecated, for removal: This API element is subject to removal in a future version.Usemutate()
instead
-
Constructor Details
-
RelyingPartyRegistration
protected RelyingPartyRegistration(String registrationId, String entityId, String assertionConsumerServiceLocation, Saml2MessageBinding assertionConsumerServiceBinding, String singleLogoutServiceLocation, String singleLogoutServiceResponseLocation, Collection<Saml2MessageBinding> singleLogoutServiceBindings, RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails, String nameIdFormat, boolean authnRequestsSigned, Collection<Saml2X509Credential> decryptionX509Credentials, Collection<Saml2X509Credential> signingX509Credentials)
-
-
Method Details
-
mutate
Copy the properties in thisRelyingPartyRegistration
into aRelyingPartyRegistration.Builder
- Returns:
- a
RelyingPartyRegistration.Builder
based off of the properties in thisRelyingPartyRegistration
- Since:
- 6.1
-
getRegistrationId
Get the unique registration id for this RP/AP pair- Returns:
- the unique registration id for this RP/AP pair
-
getEntityId
Get the relying party's EntityID.Equivalent to the value found in the relying party's <EntityDescriptor EntityID="..."/>
This value may contain a number of placeholders, which need to be resolved before use. They are
baseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- the relying party's EntityID
- Since:
- 5.4
-
getAssertionConsumerServiceLocation
Get the AssertionConsumerService Location. Equivalent to the value found in <AssertionConsumerService Location="..."/> in the relying party's <SPSSODescriptor>. This value may contain a number of placeholders, which need to be resolved before use. They arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- the AssertionConsumerService Location
- Since:
- 5.4
-
getAssertionConsumerServiceBinding
Get the AssertionConsumerService Binding. Equivalent to the value found in <AssertionConsumerService Binding="..."/> in the relying party's <SPSSODescriptor>.- Returns:
- the AssertionConsumerService Binding
- Since:
- 5.4
-
getSingleLogoutServiceBinding
Get the SingleLogoutService BindingEquivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Binding
- Since:
- 5.6
-
getSingleLogoutServiceBindings
Get the SingleLogoutService BindingEquivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Binding
- Since:
- 5.8
-
getSingleLogoutServiceLocation
Get the SingleLogoutService LocationEquivalent to the value found in <SingleLogoutService Location="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Location
- Since:
- 5.6
-
getSingleLogoutServiceResponseLocation
Get the SingleLogoutService Response LocationEquivalent to the value found in <SingleLogoutService ResponseLocation="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Response Location
- Since:
- 5.6
-
getNameIdFormat
Get the NameID format.- Returns:
- the NameID format
- Since:
- 5.7
-
isAuthnRequestsSigned
public boolean isAuthnRequestsSigned()Get the AuthnRequestsSigned setting. Iftrue
, the relying party will sign all AuthnRequests, regardless of asserting party preference.Note that Spring Security will sign the request if either
isAuthnRequestsSigned()
istrue
orRelyingPartyRegistration.AssertingPartyDetails.getWantAuthnRequestsSigned()
istrue
.- Returns:
- the relying-party preference
- Since:
- 6.1
-
getDecryptionX509Credentials
Get theCollection
of decryptionSaml2X509Credential
s associated with this relying party- Returns:
- the
Collection
of decryptionSaml2X509Credential
s associated with this relying party - Since:
- 5.4
-
getSigningX509Credentials
Get theCollection
of signingSaml2X509Credential
s associated with this relying party- Returns:
- the
Collection
of signingSaml2X509Credential
s associated with this relying party - Since:
- 5.4
-
getAssertingPartyDetails
Deprecated.UsegetAssertingPartyMetadata()
insteadGet the configuration details for the Asserting Party- Returns:
- the
RelyingPartyRegistration.AssertingPartyDetails
- Since:
- 5.4
-
getAssertingPartyMetadata
Get the metadata for the Asserting Party- Returns:
- the
RelyingPartyRegistration.AssertingPartyDetails
- Since:
- 6.4
-
withRegistrationId
- Parameters:
registrationId
- a string identifier for theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
withAssertingPartyDetails
@Deprecated(forRemoval=true, since="6.4") public static RelyingPartyRegistration.Builder withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails) Deprecated, for removal: This API element is subject to removal in a future version.- Parameters:
assertingPartyDetails
- the asserting party metadata- Returns:
Builder
to create aRelyingPartyRegistration
object
-
withAssertingPartyMetadata
public static RelyingPartyRegistration.Builder withAssertingPartyMetadata(AssertingPartyMetadata metadata) Creates aRelyingPartyRegistration
RelyingPartyRegistration.Builder
with aregistrationId
equivalent to the asserting party entity id. Also initializes to the contents of the givenAssertingPartyMetadata
.Presented as a convenience method when working with
AssertingPartyMetadataRepository
return values. As such, only supportsAssertingPartyMetadata
instances of typeRelyingPartyRegistration.AssertingPartyDetails
.- Parameters:
metadata
- the metadata used to initialize theRelyingPartyRegistration
RelyingPartyRegistration.Builder
- Returns:
RelyingPartyRegistration.Builder
to create aRelyingPartyRegistration
object- Since:
- 6.4
-
withRelyingPartyRegistration
@Deprecated(forRemoval=true, since="6.1") public static RelyingPartyRegistration.Builder withRelyingPartyRegistration(RelyingPartyRegistration registration) Deprecated, for removal: This API element is subject to removal in a future version.Usemutate()
insteadCreates aRelyingPartyRegistration
RelyingPartyRegistration.Builder
based on an existing object- Parameters:
registration
- theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
getAssertingPartyMetadata()
instead