Class OpenSamlAuthenticationRequestFactory
- java.lang.Object
-
- org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory
-
- All Implemented Interfaces:
Saml2AuthenticationRequestFactory
public class OpenSamlAuthenticationRequestFactory extends java.lang.Object implements Saml2AuthenticationRequestFactory
- Since:
- 5.2
-
-
Constructor Summary
Constructors Constructor Description OpenSamlAuthenticationRequestFactory()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description java.lang.String
createAuthenticationRequest(Saml2AuthenticationRequest request)
Deprecated.Saml2PostAuthenticationRequest
createPostAuthenticationRequest(Saml2AuthenticationRequestContext context)
Creates all the necessary AuthNRequest parameters for a POST binding.Saml2RedirectAuthenticationRequest
createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context)
Creates all the necessary AuthNRequest parameters for a REDIRECT binding.void
setClock(java.time.Clock clock)
' Use thisClock
withInstant.now()
for generating timestampsvoid
setProtocolBinding(java.lang.String protocolBinding)
Sets theprotocolBinding
to use when generating authentication requests.
-
-
-
Method Detail
-
createAuthenticationRequest
@Deprecated public java.lang.String createAuthenticationRequest(Saml2AuthenticationRequest request)
Deprecated.Description copied from interface:Saml2AuthenticationRequestFactory
Creates an authentication request from the Service Provider, sp, to the Identity Provider, idp. The authentication result is an XML string that may be signed, encrypted, both or neither. This method only returns theSAMLRequest
string for the request, and for a complete set of data parameters please useSaml2AuthenticationRequestFactory.createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
orSaml2AuthenticationRequestFactory.createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
- Specified by:
createAuthenticationRequest
in interfaceSaml2AuthenticationRequestFactory
- Parameters:
request
- information about the identity provider, the recipient of this authentication request and accompanying data- Returns:
- XML data in the format of a String. This data may be signed, encrypted, both signed and encrypted with the signature embedded in the XML or neither signed and encrypted
-
createPostAuthenticationRequest
public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context)
Creates all the necessary AuthNRequest parameters for a POST binding. If theSaml2AuthenticationRequestContext
doesn't contain anySaml2X509Credential.Saml2X509CredentialType.SIGNING
credentials the result will not contain any signatures. The data set will be signed and encoded for POST binding and if applicable signed with XML signatures. will contain the following parameters to be sent as part of the form data:SAMLRequest, RelayState
. The default implementation of this method returns the SAMLRequest message with an XML signature embedded, that should only be used for theSaml2MessageBinding.POST
binding.- Specified by:
createPostAuthenticationRequest
in interfaceSaml2AuthenticationRequestFactory
- Parameters:
context
- - information about the identity provider, the recipient of this authentication request and accompanying data- Returns:
- a
Saml2PostAuthenticationRequest
object with applicable http parameters necessary to make the AuthNRequest over a POST binding. All parameters will be SAML encoded but not escaped for Form Data.
-
createRedirectAuthenticationRequest
public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context)
Creates all the necessary AuthNRequest parameters for a REDIRECT binding. If theSaml2AuthenticationRequestContext
doesn't contain anySaml2X509Credential.Saml2X509CredentialType.SIGNING
credentials the result will not contain any signatures. The data set will be signed and encoded for REDIRECT binding including the DEFLATE encoding. It will contain the following parameters to be sent as part of the query string:SAMLRequest, RelayState, SigAlg, Signature
. The default implementation, for sake of backwards compatibility, of this method returns the SAMLRequest message with an XML signature embedded, that should only be used for theSaml2MessageBinding.POST
binding, but works overSaml2MessageBinding.POST
with most providers.- Specified by:
createRedirectAuthenticationRequest
in interfaceSaml2AuthenticationRequestFactory
- Parameters:
context
- - information about the identity provider, the recipient of this authentication request and accompanying data- Returns:
- a
Saml2RedirectAuthenticationRequest
object with applicable http parameters necessary to make the AuthNRequest over a POST or REDIRECT binding. All parameters will be SAML encoded/deflated, but escaped, ie URI encoded or encoded for Form Data.
-
setClock
public void setClock(java.time.Clock clock)
' Use thisClock
withInstant.now()
for generating timestamps- Parameters:
clock
-
-
setProtocolBinding
public void setProtocolBinding(java.lang.String protocolBinding)
Sets theprotocolBinding
to use when generating authentication requests. Acceptable values areSAMLConstants.SAML2_POST_BINDING_URI
andSAMLConstants.SAML2_REDIRECT_BINDING_URI
The IDP will be reading this value in theAuthNRequest
to determine how to send the Response/Assertion to the ACS URL, assertion consumer service URL.- Parameters:
protocolBinding
- eitherSAMLConstants.SAML2_POST_BINDING_URI
orSAMLConstants.SAML2_REDIRECT_BINDING_URI
- Throws:
java.lang.IllegalArgumentException
- if the protocolBinding is not valid
-
-