Class RelyingPartyRegistration
- java.lang.Object
-
- org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
public final class RelyingPartyRegistration extends java.lang.Object
Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.Each RP/AP pair is uniquely identified using a
registrationId
, an arbitrary string.A fully configured registration may look like:
String registrationId = "simplesamlphp"; String relyingPartyEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}"; String assertionConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}"; Saml2X509Credential relyingPartySigningCredential = ...; String assertingPartyEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"; String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"; Saml2X509Credential assertingPartyVerificationCredential = ...; RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId) .entityId(relyingPartyEntityId) .assertionConsumerServiceLocation(assertingConsumerServiceLocation) .signingX509Credentials((c) -> c.add(relyingPartySigningCredential)) .assertingPartyDetails((details) -> details .entityId(assertingPartyEntityId)); .singleSignOnServiceLocation(singleSignOnServiceLocation)) .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential)) .build();
- Since:
- 5.2
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
RelyingPartyRegistration.AssertingPartyDetails
The configuration metadata of the Asserting partystatic class
RelyingPartyRegistration.Builder
static class
RelyingPartyRegistration.ProviderDetails
Deprecated.UseRelyingPartyRegistration.AssertingPartyDetails
instead
-
Method Summary
-
-
-
Method Detail
-
getRegistrationId
public java.lang.String getRegistrationId()
Get the unique registration id for this RP/AP pair- Returns:
- the unique registration id for this RP/AP pair
-
getEntityId
public java.lang.String getEntityId()
Get the relying party's EntityID.Equivalent to the value found in the relying party's <EntityDescriptor EntityID="..."/>
This value may contain a number of placeholders, which need to be resolved before use. They are
baseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- the relying party's EntityID
- Since:
- 5.4
-
getAssertionConsumerServiceLocation
public java.lang.String getAssertionConsumerServiceLocation()
Get the AssertionConsumerService Location. Equivalent to the value found in <AssertionConsumerService Location="..."/> in the relying party's <SPSSODescriptor>. This value may contain a number of placeholders, which need to be resolved before use. They arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- the AssertionConsumerService Location
- Since:
- 5.4
-
getAssertionConsumerServiceBinding
public Saml2MessageBinding getAssertionConsumerServiceBinding()
Get the AssertionConsumerService Binding. Equivalent to the value found in <AssertionConsumerService Binding="..."/> in the relying party's <SPSSODescriptor>.- Returns:
- the AssertionConsumerService Binding
- Since:
- 5.4
-
getSingleLogoutServiceBinding
public Saml2MessageBinding getSingleLogoutServiceBinding()
Get the SingleLogoutService BindingEquivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Binding
- Since:
- 5.6
-
getSingleLogoutServiceLocation
public java.lang.String getSingleLogoutServiceLocation()
Get the SingleLogoutService LocationEquivalent to the value found in <SingleLogoutService Location="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Location
- Since:
- 5.6
-
getSingleLogoutServiceResponseLocation
public java.lang.String getSingleLogoutServiceResponseLocation()
Get the SingleLogoutService Response LocationEquivalent to the value found in <SingleLogoutService ResponseLocation="..."/> in the relying party's <SPSSODescriptor>.
- Returns:
- the SingleLogoutService Response Location
- Since:
- 5.6
-
getNameIdFormat
public java.lang.String getNameIdFormat()
Get the NameID format.- Returns:
- the NameID format
- Since:
- 5.7
-
getDecryptionX509Credentials
public java.util.Collection<Saml2X509Credential> getDecryptionX509Credentials()
Get theCollection
of decryptionSaml2X509Credential
s associated with this relying party- Returns:
- the
Collection
of decryptionSaml2X509Credential
s associated with this relying party - Since:
- 5.4
-
getSigningX509Credentials
public java.util.Collection<Saml2X509Credential> getSigningX509Credentials()
Get theCollection
of signingSaml2X509Credential
s associated with this relying party- Returns:
- the
Collection
of signingSaml2X509Credential
s associated with this relying party - Since:
- 5.4
-
getAssertingPartyDetails
public RelyingPartyRegistration.AssertingPartyDetails getAssertingPartyDetails()
Get the configuration details for the Asserting Party- Returns:
- the
RelyingPartyRegistration.AssertingPartyDetails
- Since:
- 5.4
-
getRemoteIdpEntityId
@Deprecated public java.lang.String getRemoteIdpEntityId()
Deprecated.Returns the entity ID of the IDP, the asserting party.- Returns:
- entity ID of the asserting party
-
getAssertionConsumerServiceUrlTemplate
@Deprecated public java.lang.String getAssertionConsumerServiceUrlTemplate()
Deprecated.UsegetAssertionConsumerServiceLocation()
insteadreturns the URL template for which ACS URL authentication requests should contain Possible variables arebaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
.- Returns:
- string containing the ACS URL template, with or without variables present
-
getIdpWebSsoUrl
@Deprecated public java.lang.String getIdpWebSsoUrl()
Deprecated.Contains the URL for which to send the SAML 2 Authentication Request to initiate a single sign on flow.- Returns:
- a IDP URL that accepts REDIRECT or POST binding for authentication requests
-
getProviderDetails
@Deprecated public RelyingPartyRegistration.ProviderDetails getProviderDetails()
Deprecated.UsegetAssertingPartyDetails()
insteadReturns specific configuration around the Identity Provider SSO endpoint- Returns:
- the IDP SSO endpoint configuration
- Since:
- 5.3
-
getLocalEntityIdTemplate
@Deprecated public java.lang.String getLocalEntityIdTemplate()
Deprecated.UsegetEntityId()
insteadThe local relying party, or Service Provider, can generate it's entity ID based on possible variables ofbaseUrl
,registrationId
,baseScheme
,baseHost
, andbasePort
, for example{baseUrl}/saml2/service-provider-metadata/{registrationId}
- Returns:
- a string containing the entity ID or entity ID template
-
getCredentials
@Deprecated public java.util.List<Saml2X509Credential> getCredentials()
Deprecated.Instead of retrieving all credentials, use the appropriate method for obtaining the correct typeReturns a list of configured credentials to be used in message exchanges between relying party, SP, and asserting party, IDP.- Returns:
- a list of credentials
-
getVerificationCredentials
@Deprecated public java.util.List<Saml2X509Credential> getVerificationCredentials()
Deprecated.Use {code #getAssertingPartyDetails().getSigningX509Credentials()} instead- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.VERIFICATION
. Returns an empty list of credentials are not found
-
getSigningCredentials
@Deprecated public java.util.List<Saml2X509Credential> getSigningCredentials()
Deprecated.UsegetSigningX509Credentials()
instead- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.SIGNING
. Returns an empty list of credentials are not found
-
getEncryptionCredentials
@Deprecated public java.util.List<Saml2X509Credential> getEncryptionCredentials()
Deprecated.- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION
. Returns an empty list of credentials are not found
-
getDecryptionCredentials
@Deprecated public java.util.List<Saml2X509Credential> getDecryptionCredentials()
Deprecated.UsegetDecryptionX509Credentials()
instead- Returns:
- a filtered list containing only credentials of type
Saml2X509Credential.Saml2X509CredentialType.DECRYPTION
. Returns an empty list of credentials are not found
-
withRegistrationId
public static RelyingPartyRegistration.Builder withRegistrationId(java.lang.String registrationId)
- Parameters:
registrationId
- a string identifier for theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
withAssertingPartyDetails
public static RelyingPartyRegistration.Builder withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails)
-
withRelyingPartyRegistration
public static RelyingPartyRegistration.Builder withRelyingPartyRegistration(RelyingPartyRegistration registration)
Creates aRelyingPartyRegistration
RelyingPartyRegistration.Builder
based on an existing object- Parameters:
registration
- theRelyingPartyRegistration
- Returns:
Builder
to create aRelyingPartyRegistration
object
-
-