public class OpenSamlAuthenticationRequestFactory extends java.lang.Object implements Saml2AuthenticationRequestFactory
Constructor and Description |
---|
OpenSamlAuthenticationRequestFactory() |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
createAuthenticationRequest(Saml2AuthenticationRequest request)
Deprecated.
|
Saml2PostAuthenticationRequest |
createPostAuthenticationRequest(Saml2AuthenticationRequestContext context)
Creates all the necessary AuthNRequest parameters for a POST binding.
|
Saml2RedirectAuthenticationRequest |
createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context)
Creates all the necessary AuthNRequest parameters for a REDIRECT binding.
|
void |
setClock(java.time.Clock clock)
'
Use this
Clock with Instant.now() for generating
timestamps |
void |
setProtocolBinding(java.lang.String protocolBinding)
Sets the
protocolBinding to use when generating authentication requests. |
public OpenSamlAuthenticationRequestFactory()
@Deprecated public java.lang.String createAuthenticationRequest(Saml2AuthenticationRequest request)
Saml2AuthenticationRequestFactory
SAMLRequest
string for the request, and for a complete
set of data parameters please use Saml2AuthenticationRequestFactory.createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)
or Saml2AuthenticationRequestFactory.createPostAuthenticationRequest(Saml2AuthenticationRequestContext)
createAuthenticationRequest
in interface Saml2AuthenticationRequestFactory
request
- information about the identity provider,
the recipient of this authentication request and accompanying datapublic Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context)
Saml2AuthenticationRequestContext
doesn't contain any Saml2X509Credential.Saml2X509CredentialType.SIGNING
credentials
the result will not contain any signatures.
The data set will be signed and encoded for POST binding and if applicable signed with XML signatures.
will contain the following parameters to be sent as part of the form data: SAMLRequest, RelayState
.
The default implementation of this method returns the SAMLRequest message with an XML signature embedded,
that should only be used for the Saml2MessageBinding.POST
binding.createPostAuthenticationRequest
in interface Saml2AuthenticationRequestFactory
context
- - information about the identity provider, the recipient of this authentication request and
accompanying dataSaml2PostAuthenticationRequest
object with applicable http parameters
necessary to make the AuthNRequest over a POST binding.
All parameters will be SAML encoded but not escaped for Form Data.public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context)
Saml2AuthenticationRequestContext
doesn't contain any Saml2X509Credential.Saml2X509CredentialType.SIGNING
credentials
the result will not contain any signatures.
The data set will be signed and encoded for REDIRECT binding including the DEFLATE encoding.
It will contain the following parameters to be sent as part of the query string:
SAMLRequest, RelayState, SigAlg, Signature
.
The default implementation, for sake of backwards compatibility, of this method returns the
SAMLRequest message with an XML signature embedded, that should only be used for theSaml2MessageBinding.POST
binding, but works over Saml2MessageBinding.POST
with most providers.createRedirectAuthenticationRequest
in interface Saml2AuthenticationRequestFactory
context
- - information about the identity provider, the recipient of this authentication request and
accompanying dataSaml2RedirectAuthenticationRequest
object with applicable http parameters
necessary to make the AuthNRequest over a POST or REDIRECT binding.
All parameters will be SAML encoded/deflated, but escaped, ie URI encoded or encoded for Form Data.public void setClock(java.time.Clock clock)
Clock
with Instant.now()
for generating
timestampsclock
- public void setProtocolBinding(java.lang.String protocolBinding)
protocolBinding
to use when generating authentication requests.
Acceptable values are SAMLConstants.SAML2_POST_BINDING_URI
and
SAMLConstants.SAML2_REDIRECT_BINDING_URI
The IDP will be reading this value in the AuthNRequest
to determine how to
send the Response/Assertion to the ACS URL, assertion consumer service URL.protocolBinding
- either SAMLConstants.SAML2_POST_BINDING_URI
or
SAMLConstants.SAML2_REDIRECT_BINDING_URI
java.lang.IllegalArgumentException
- if the protocolBinding is not valid