Package org.springframework.security.saml2.provider.service.registration

Class RelyingPartyRegistrations

  • public final class RelyingPartyRegistrations
extends java.lang.Object
    A utility class for constructing instances of RelyingPartyRegistration
    Since:
    5.4

    • Method Detail

      • fromMetadataLocation

        public static RelyingPartyRegistration.Builder fromMetadataLocation​(java.lang.String metadataLocation)
        Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata location. Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some valid endpoints might include: 
           metadataLocation = "classpath:asserting-party-metadata.xml";
   metadataLocation = "file:asserting-party-metadata.xml";
   metadataLocation = "https://ap.example.org/metadata";
        Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so: 
                RelyingPartyRegistration registration = RelyingPartyRegistrations
                .fromMetadataLocation(metadataLocation)
                .registrationId("registration-id")
                .build();
        Also note that an IDPSSODescriptor typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.
        Parameters:
        metadataLocation - The classpath- or file-based locations or HTTP endpoints of the asserting party metadata file
        Returns:
        the RelyingPartyRegistration.Builder for further configuration

      • fromMetadata

        public static RelyingPartyRegistration.Builder fromMetadata​(java.io.InputStream source)
        Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata.

        This method is intended for scenarios when the metadata is looked up by a separate mechanism. One such example is when the metadata is stored in a database.

        The callers of this method are accountable for closing the InputStream source.

        Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so: 
                String xml = fromDatabase();
        try (InputStream source = new ByteArrayInputStream(xml.getBytes())) {
                RelyingPartyRegistration registration = RelyingPartyRegistrations
                        .fromMetadata(source)
                        .registrationId("registration-id")
                        .build();
        }
        Also note that an IDPSSODescriptor typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.
        Parameters:
        source - the InputStream source containing the asserting party metadata
        Returns:
        the RelyingPartyRegistration.Builder for further configuration
        Since:
        5.6