Class RelyingPartyRegistration
- java.lang.Object
-
- org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
public final class RelyingPartyRegistration extends java.lang.Object
Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.Each RP/AP pair is uniquely identified using a
registrationId
, an arbitrary string.A fully configured registration may look like:
String registrationId = "simplesamlphp"; String relyingPartyEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}"; String assertionConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}"; Saml2X509Credential relyingPartySigningCredential = ...; String assertingPartyEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"; String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"; Saml2X509Credential assertingPartyVerificationCredential = ...; RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId) .entityId(relyingPartyEntityId) .assertionConsumerServiceLocation(assertingConsumerServiceLocation) .signingX509Credentials((c) -> c.add(relyingPartySigningCredential)) .assertingPartyDetails((details) -> details .entityId(assertingPartyEntityId)); .singleSignOnServiceLocation(singleSignOnServiceLocation)) .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential)) .build();
- Since:
- 5.2
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
RelyingPartyRegistration.AssertingPartyDetails
The configuration metadata of the Asserting partystatic class
RelyingPartyRegistration.Builder
static class
RelyingPartyRegistration.ProviderDetails
Deprecated.UseRelyingPartyRegistration.AssertingPartyDetails
instead
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description RelyingPartyRegistration.AssertingPartyDetails
getAssertingPartyDetails()
Get the configuration details for the Asserting PartySaml2MessageBinding
getAssertionConsumerServiceBinding()
Get the AssertionConsumerService Binding.java.lang.String
getAssertionConsumerServiceLocation()
Get the AssertionConsumerService Location.java.lang.String
getAssertionConsumerServiceUrlTemplate()
Deprecated.UsegetAssertionConsumerServiceLocation()
insteadjava.util.List<Saml2X509Credential>
getCredentials()
Deprecated.Instead of retrieving all credentials, use the appropriate method for obtaining the correct typejava.util.List<Saml2X509Credential>
getDecryptionCredentials()
Deprecated.UsegetDecryptionX509Credentials()
insteadjava.util.Collection<Saml2X509Credential>
getDecryptionX509Credentials()
Get theCollection
of decryptionSaml2X509Credential
s associated with this relying partyjava.util.List<Saml2X509Credential>
getEncryptionCredentials()
Deprecated.java.lang.String
getEntityId()
Get the relying party's EntityID.java.lang.String
getIdpWebSsoUrl()
java.lang.String
getLocalEntityIdTemplate()
Deprecated.UsegetEntityId()
insteadRelyingPartyRegistration.ProviderDetails
getProviderDetails()
Deprecated.UsegetAssertingPartyDetails()
insteadjava.lang.String
getRegistrationId()
Get the unique registration id for this RP/AP pairjava.lang.String
getRemoteIdpEntityId()
Deprecated.java.util.List<Saml2X509Credential>
getSigningCredentials()
Deprecated.UsegetSigningX509Credentials()
insteadjava.util.Collection<Saml2X509Credential>
getSigningX509Credentials()
Get theCollection
of signingSaml2X509Credential
s associated with this relying partySaml2MessageBinding
getSingleLogoutServiceBinding()
Get the SingleLogoutService Bindingjava.lang.String
getSingleLogoutServiceLocation()
Get the SingleLogoutService Locationjava.lang.String
getSingleLogoutServiceResponseLocation()
java.util.List<Saml2X509Credential>
getVerificationCredentials()
Deprecated.Use {code #getAssertingPartyDetails().getSigningX509Credentials()} insteadstatic RelyingPartyRegistration.Builder
withRegistrationId(java.lang.String registrationId)
static RelyingPartyRegistration.Builder
withRelyingPartyRegistration(RelyingPartyRegistration registration)
Creates aRelyingPartyRegistration
RelyingPartyRegistration.Builder
based on an existing object
-
-
-
Method Detail
-
getRegistrationId
public java.lang.String getRegistrationId()
Get the unique registration id for this RP/AP pair- Returns:
- the unique registration id for this RP/AP pair
-
getEntityId
public java.lang.String getEntityId()
Get the relying party's EntityID.Equivalent to the value found in the relying party's <EntityDescriptor EntityID="..."/>
This value may contain a number of placeholders, which need to be resolved before use. They are
baseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- the relying party's EntityID
- Since:
- 5.4
-
getAssertionConsumerServiceLocation
public java.lang.String getAssertionConsumerServiceLocation()
Get the AssertionConsumerService Location. Equivalent to the value found in <AssertionConsumerService Location="..."/> in the relying party's <SPSSODescriptor>. This value may contain a number of placeholders, which need to be resolved before use. They arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- the AssertionConsumerService Location
- Since:
- 5.4
-
getAssertionConsumerServiceBinding
public Saml2MessageBinding getAssertionConsumerServiceBinding()
Get the AssertionConsumerService Binding. Equivalent to the value found in <AssertionConsumerService Binding="..."/> in the relying party's <SPSSODescriptor>.- Returns:
- the AssertionConsumerService Binding
- Since:
- 5.4
-
getSingleLogoutServiceBinding
public Saml2MessageBinding getSingleLogoutServiceBinding()
Get the SingleLogoutService BindingEquivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Binding
- Since:
- 5.6
-
getSingleLogoutServiceLocation
public java.lang.String getSingleLogoutServiceLocation()
Get the SingleLogoutService LocationEquivalent to the value found in <SingleLogoutService Location="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Location
- Since:
- 5.6
-
getSingleLogoutServiceResponseLocation
public java.lang.String getSingleLogoutServiceResponseLocation()
Get the SingleLogoutService Response LocationEquivalent to the value found in <SingleLogoutService ResponseLocation="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Response Location
- Since:
- 5.6
-
getDecryptionX509Credentials
public java.util.Collection<Saml2X509Credential> getDecryptionX509Credentials()
Get theCollection
of decryptionSaml2X509Credential
s associated with this relying party- Returns:
- the
Collection
of decryptionSaml2X509Credential
s associated with this relying party - Since:
- 5.4
-
getSigningX509Credentials
public java.util.Collection<Saml2X509Credential> getSigningX509Credentials()
Get theCollection
of signingSaml2X509Credential
s associated with this relying party- Returns:
- the
Collection
of signingSaml2X509Credential
s associated with this relying party - Since:
- 5.4
-
getAssertingPartyDetails
public RelyingPartyRegistration.AssertingPartyDetails getAssertingPartyDetails()
Get the configuration details for the Asserting Party- Returns:
- the
RelyingPartyRegistration.AssertingPartyDetails
- Since:
- 5.4
-
getRemoteIdpEntityId
@Deprecated public java.lang.String getRemoteIdpEntityId()
Deprecated.Returns the entity ID of the IDP, the asserting party.- Returns:
- entity ID of the asserting party
-
getAssertionConsumerServiceUrlTemplate
@Deprecated public java.lang.String getAssertionConsumerServiceUrlTemplate()
Deprecated.UsegetAssertionConsumerServiceLocation()
insteadreturns the URL template for which ACS URL authentication requests should contain Possible variables arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- string containing the ACS URL template, with or without variables present
-
getIdpWebSsoUrl
@Deprecated public java.lang.String getIdpWebSsoUrl()
Deprecated.Contains the URL for which to send the SAML 2 Authentication Request to initiate a single sign on flow.- Returns:
- a IDP URL that accepts REDIRECT or POST binding for authentication requests
-
getProviderDetails
@Deprecated public RelyingPartyRegistration.ProviderDetails getProviderDetails()
Deprecated.UsegetAssertingPartyDetails()
insteadReturns specific configuration around the Identity Provider SSO endpoint- Returns:
- the IDP SSO endpoint configuration
- Since:
- 5.3
-
getLocalEntityIdTemplate
@Deprecated public java.lang.String getLocalEntityIdTemplate()
Deprecated.UsegetEntityId()
insteadThe local relying party, or Service Provider, can generate it's entity ID based on possible variables ofbaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
, for example{baseUrl}/saml2/service-provider-metadata/{registrationId}
- Returns:
- a string containing the entity ID or entity ID template
-
getCredentials
@Deprecated public java.util.List<Saml2X509Credential> getCredentials()
Deprecated.Instead of retrieving all credentials, use the appropriate method for obtaining the correct typeReturns a list of configured credentials to be used in message exchanges between relying party, SP, and asserting party, IDP.- Returns:
- a list of credentials
-
getVerificationCredentials
@Deprecated public java.util.List<Saml2X509Credential> getVerificationCredentials()
Deprecated.Use {code #getAssertingPartyDetails().getSigningX509Credentials()} instead- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.VERIFICATION
. Returns an empty list of credentials are not found
-
getSigningCredentials
@Deprecated public java.util.List<Saml2X509Credential> getSigningCredentials()
Deprecated.UsegetSigningX509Credentials()
instead- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.SIGNING
. Returns an empty list of credentials are not found
-
getEncryptionCredentials
@Deprecated public java.util.List<Saml2X509Credential> getEncryptionCredentials()
Deprecated.- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION
. Returns an empty list of credentials are not found
-
getDecryptionCredentials
@Deprecated public java.util.List<Saml2X509Credential> getDecryptionCredentials()
Deprecated.UsegetDecryptionX509Credentials()
instead- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.DECRYPTION
. Returns an empty list of credentials are not found
-
withRegistrationId
public static RelyingPartyRegistration.Builder withRegistrationId(java.lang.String registrationId)
- Parameters:
registrationId
- a string identifier for theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
withRelyingPartyRegistration
public static RelyingPartyRegistration.Builder withRelyingPartyRegistration(RelyingPartyRegistration registration)
Creates aRelyingPartyRegistration
RelyingPartyRegistration.Builder
based on an existing object- Parameters:
registration
- theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
-