Class RelyingPartyRegistration
- java.lang.Object
-
- org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
public class RelyingPartyRegistration extends java.lang.Object
Represents a configured service provider, SP, and a remote identity provider, IDP, pair. Each SP/IDP pair is uniquely identified using aregistrationId
, an arbitrary string. A fully configured registration may look like//remote IDP entity ID String idpEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"; //remote WebSSO Endpoint - Where to Send AuthNRequests to String webSsoEndpoint = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"; //local registration ID String registrationId = "simplesamlphp"; //local entity ID - autogenerated based on URL String localEntityIdTemplate = "{baseUrl}/saml2/service-provider-metadata/{registrationId}"; //local SSO URL - autogenerated, endpoint to receive SAML Response objects String acsUrlTemplate = "{baseUrl}/login/saml2/sso/{registrationId}"; //local signing (and local decryption key and remote encryption certificate) Saml2X509Credential signingCredential = getSigningCredential(); //IDP certificate for verification of incoming messages Saml2X509Credential idpVerificationCertificate = getVerificationCertificate(); RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId) .remoteIdpEntityId(idpEntityId) .idpWebSsoUrl(webSsoEndpoint) .credentials(c -> c.add(signingCredential)) .credentials(c -> c.add(idpVerificationCertificate)) .localEntityIdTemplate(localEntityIdTemplate) .assertionConsumerServiceUrlTemplate(acsUrlTemplate) .build();
- Since:
- 5.2
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
RelyingPartyRegistration.Builder
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getAssertionConsumerServiceUrlTemplate()
returns the URL template for which ACS URL authentication requests should contain Possible variables arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.java.util.List<Saml2X509Credential>
getCredentials()
Returns a list of configured credentials to be used in message exchanges between relying party, SP, and asserting party, IDP.java.util.List<Saml2X509Credential>
getDecryptionCredentials()
java.util.List<Saml2X509Credential>
getEncryptionCredentials()
java.lang.String
getIdpWebSsoUrl()
Contains the URL for which to send the SAML 2 Authentication Request to initiate a single sign on flow.java.lang.String
getLocalEntityIdTemplate()
The local relying party, or Service Provider, can generate it's entity ID based on possible variables ofbaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
, for example{baseUrl}/saml2/service-provider-metadata/{registrationId}
java.lang.String
getRegistrationId()
Returns the unique relying party registration IDjava.lang.String
getRemoteIdpEntityId()
Returns the entity ID of the IDP, the asserting party.java.util.List<Saml2X509Credential>
getSigningCredentials()
java.util.List<Saml2X509Credential>
getVerificationCredentials()
static RelyingPartyRegistration.Builder
withRegistrationId(java.lang.String registrationId)
-
-
-
Method Detail
-
getRemoteIdpEntityId
public java.lang.String getRemoteIdpEntityId()
Returns the entity ID of the IDP, the asserting party.- Returns:
- entity ID of the asserting party
-
getRegistrationId
public java.lang.String getRegistrationId()
Returns the unique relying party registration ID- Returns:
- registrationId
-
getAssertionConsumerServiceUrlTemplate
public java.lang.String getAssertionConsumerServiceUrlTemplate()
returns the URL template for which ACS URL authentication requests should contain Possible variables arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- string containing the ACS URL template, with or without variables present
-
getIdpWebSsoUrl
public java.lang.String getIdpWebSsoUrl()
Contains the URL for which to send the SAML 2 Authentication Request to initiate a single sign on flow.- Returns:
- a IDP URL that accepts REDIRECT or POST binding for authentication requests
-
getLocalEntityIdTemplate
public java.lang.String getLocalEntityIdTemplate()
The local relying party, or Service Provider, can generate it's entity ID based on possible variables ofbaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
, for example{baseUrl}/saml2/service-provider-metadata/{registrationId}
- Returns:
- a string containing the entity ID or entity ID template
-
getCredentials
public java.util.List<Saml2X509Credential> getCredentials()
Returns a list of configured credentials to be used in message exchanges between relying party, SP, and asserting party, IDP.- Returns:
- a list of credentials
-
getVerificationCredentials
public java.util.List<Saml2X509Credential> getVerificationCredentials()
- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.VERIFICATION
. Returns an empty list of credentials are not found
-
getSigningCredentials
public java.util.List<Saml2X509Credential> getSigningCredentials()
- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.SIGNING
. Returns an empty list of credentials are not found
-
getEncryptionCredentials
public java.util.List<Saml2X509Credential> getEncryptionCredentials()
- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION
. Returns an empty list of credentials are not found
-
getDecryptionCredentials
public java.util.List<Saml2X509Credential> getDecryptionCredentials()
- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.DECRYPTION
. Returns an empty list of credentials are not found
-
withRegistrationId
public static RelyingPartyRegistration.Builder withRegistrationId(java.lang.String registrationId)
- Parameters:
registrationId
- a string identifier for theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
-