Class RelyingPartyRegistrations
java.lang.Object
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
A utility class for constructing instances of
RelyingPartyRegistration
- Since:
- 5.4
-
Method Summary
Modifier and TypeMethodDescriptioncollectionFromMetadata
(InputStream source) Return aCollection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata.collectionFromMetadataLocation
(String location) Return aCollection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata location.fromMetadata
(InputStream source) Return aRelyingPartyRegistration.Builder
based off of the given SAML 2.0 Asserting Party (IDP) metadata.fromMetadataLocation
(String metadataLocation) Return aRelyingPartyRegistration.Builder
based off of the given SAML 2.0 Asserting Party (IDP) metadata location.
-
Method Details
-
fromMetadataLocation
Return aRelyingPartyRegistration.Builder
based off of the given SAML 2.0 Asserting Party (IDP) metadata location. Valid locations can be classpath- or file-based or they can be HTTPS endpoints. Some valid endpoints might include:metadataLocation = "classpath:asserting-party-metadata.xml"; metadataLocation = "file:asserting-party-metadata.xml"; metadataLocation = "https://ap.example.org/metadata";
Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so:RelyingPartyRegistration registration = RelyingPartyRegistrations .fromMetadataLocation(metadataLocation) .registrationId("registration-id") .build();
Also note that anIDPSSODescriptor
typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.- Parameters:
metadataLocation
- The classpath- or file-based locations or HTTPS endpoints of the asserting party metadata file- Returns:
- the
RelyingPartyRegistration.Builder
for further configuration
-
fromMetadata
Return aRelyingPartyRegistration.Builder
based off of the given SAML 2.0 Asserting Party (IDP) metadata.This method is intended for scenarios when the metadata is looked up by a separate mechanism. One such example is when the metadata is stored in a database.
The callers of this method are accountable for closing the
Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so:InputStream
source.String xml = fromDatabase(); try (InputStream source = new ByteArrayInputStream(xml.getBytes())) { RelyingPartyRegistration registration = RelyingPartyRegistrations .fromMetadata(source) .registrationId("registration-id") .build(); }
Also note that anIDPSSODescriptor
typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.- Parameters:
source
- theInputStream
source containing the asserting party metadata- Returns:
- the
RelyingPartyRegistration.Builder
for further configuration - Since:
- 5.6
-
collectionFromMetadataLocation
public static Collection<RelyingPartyRegistration.Builder> collectionFromMetadataLocation(String location) Return aCollection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata location. Valid locations can be classpath- or file-based or they can be HTTPS endpoints. Some valid endpoints might include:metadataLocation = "classpath:asserting-party-metadata.xml"; metadataLocation = "file:asserting-party-metadata.xml"; metadataLocation = "https://ap.example.org/metadata";
Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so:Iterable<RelyingPartyRegistration> registrations = RelyingPartyRegistrations .collectionFromMetadataLocation(location).iterator(); RelyingPartyRegistration one = registrations.next().registrationId("one").build(); RelyingPartyRegistration two = registrations.next().registrationId("two").build(); return new InMemoryRelyingPartyRegistrationRepository(one, two);
Also note that anIDPSSODescriptor
typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.- Parameters:
location
- The classpath- or file-based locations or HTTPS endpoints of the asserting party metadata file- Returns:
- the
Collection
ofRelyingPartyRegistration.Builder
s for further configuration - Since:
- 5.7
-
collectionFromMetadata
public static Collection<RelyingPartyRegistration.Builder> collectionFromMetadata(InputStream source) Return aCollection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata.This method is intended for scenarios when the metadata is looked up by a separate mechanism. One such example is when the metadata is stored in a database.
The callers of this method are accountable for closing the
Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so:InputStream
source.String xml = fromDatabase(); try (InputStream source = new ByteArrayInputStream(xml.getBytes())) { Iterator<RelyingPartyRegistration> registrations = RelyingPartyRegistrations .collectionFromMetadata(source).iterator(); RelyingPartyRegistration one = registrations.next().registrationId("one").build(); RelyingPartyRegistration two = registrations.next().registrationId("two").build(); return new InMemoryRelyingPartyRegistrationRepository(one, two); }
Also note that anIDPSSODescriptor
typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.- Parameters:
source
- theInputStream
source containing the asserting party metadata- Returns:
- the
Collection
ofRelyingPartyRegistration.Builder
s for further configuration - Since:
- 5.7
-