Package net.shibboleth.idp.admin

Class BasicAdministrativeFlowDescriptor

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent
net.shibboleth.profile.config.AbstractProfileConfiguration
net.shibboleth.profile.config.AbstractConditionalProfileConfiguration
net.shibboleth.idp.profile.config.AbstractInterceptorAwareProfileConfiguration
net.shibboleth.idp.admin.BasicAdministrativeFlowDescriptor
All Implemented Interfaces:
AdministrativeFlowDescriptor, AuthenticationProfileConfiguration, InterceptorAwareProfileConfiguration, FlowDescriptor, AttributeResolvingProfileConfiguration, ConditionalProfileConfiguration, OverriddenIssuerProfileConfiguration, ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
OneTimeAdministrativeFlowDescriptor
public class BasicAdministrativeFlowDescriptor extends AbstractInterceptorAwareProfileConfiguration implements AdministrativeFlowDescriptor, OverriddenIssuerProfileConfiguration
A descriptor for an administrative flow.

Administrative flows are essentially any feature intrinsic to the IdP itself and generally not exposed to external systems using security mechanisms that would involve the more traditional "relying party" machinery and security models. Examples include status reporting and service management features, or user self-service features.

Since:
3.3.0

  • Field Details

  • Constructor Details

    • BasicAdministrativeFlowDescriptor

      public BasicAdministrativeFlowDescriptor(@Nonnull @NotEmpty @ParameterName(name="id") String id)
      Constructor.
      Parameters:
      id - profile Id

  • Method Details

    • setPrincipalServiceManager

      public void setPrincipalServiceManager(@Nullable PrincipalServiceManager manager)
      Sets a PrincipalServiceManager to use for string-based principal processing.
      Parameters:
      manager - manager to set
      Since:
      4.2.0

    • getLoggingId

      @Nullable public String getLoggingId()
      Get a logging ID to use when auditing this profile.
      Specified by:
      getLoggingId in interface AdministrativeFlowDescriptor
      Returns:
      logging ID

    • setLoggingId

      public void setLoggingId(@Nullable String id)
      Set a logging ID to use when auditing this profile.
      Parameters:
      id - logging ID

    • getIssuer

      @Nullable public String getIssuer(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      getIssuer in interface OverriddenIssuerProfileConfiguration
      Since:
      5.1.0

    • setIssuer

      public void setIssuer(@Nullable String id)
      Set the issuer value to use with this profile.
      Parameters:
      id - issuer value
      Since:
      5.1.0

    • setIssuerLookupStrategy

      public void setIssuerLookupStrategy(@Nonnull Function<ProfileRequestContext,String> strategy)
      Set the lookup strategy for the issuer value to use with this profile.
      Parameters:
      strategy - lookup strategy
      Since:
      5.1.0

    • isNonBrowserSupported

      public boolean isNonBrowserSupported(@Nullable ProfileRequestContext profileRequestContext)
      Get whether this flow supports non-browser clients (default is true).
      Specified by:
      isNonBrowserSupported in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether this flow supports non-browser clients

    • setNonBrowserSupported

      public void setNonBrowserSupported(boolean flag)
      Set whether this flow supports non-browser clients.
      Parameters:
      flag - flag to set

    • setNonBrowserSupportedPredicate

      public void setNonBrowserSupportedPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set condition to determine whether this flow supports non-browser clients.
      Parameters:
      condition - condition to apply

    • isAuthenticated

      public boolean isAuthenticated(@Nullable ProfileRequestContext profileRequestContext)
      Get whether user authentication is required (default is false).
      Specified by:
      isAuthenticated in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether user authentication is required

    • setAuthenticated

      public void setAuthenticated(boolean flag)
      Set whether user authentication is required (default is false).
      Parameters:
      flag - flag to set

    • setAuthenticatedPredicate

      public void setAuthenticatedPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set condition to determine whether user authentication is required (default is false).
      Parameters:
      condition - condition to apply

    • getUIInfo

      @Nonnull public UIInfo getUIInfo()
      Get the user interface details for this profile.
      Specified by:
      getUIInfo in interface AdministrativeFlowDescriptor
      Returns:
      user interface details

    • setDisplayNames

      public void setDisplayNames(@Nonnull Collection<LangBearingString> displayNames)
      Set the DisplayName objects to expose via getUIInfo() via a utility class.
      Parameters:
      displayNames - utility class collection of language-annotated strings

    • setDescriptions

      public void setDescriptions(@Nonnull Collection<LangBearingString> descriptions)
      Set the Description objects to expose via getUIInfo() via a utility class.
      Parameters:
      descriptions - utility class collection of language-annotated strings

    • setLogos

      public void setLogos(@Nonnull Collection<BasicAdministrativeFlowDescriptor.Logo> logos)
      Set the Logo objects to expose via getUIInfo() via a utility class.
      Parameters:
      logos - utility class collection of logo metadata

    • setInformationURLs

      public void setInformationURLs(@Nonnull Collection<LangBearingString> urls)
      Set the InformationURL objects to expose via getUIInfo() via a utility class.
      Parameters:
      urls - utility class collection of language-annotated strings

    • setPrivacyStatementURLs

      public void setPrivacyStatementURLs(@Nonnull Collection<LangBearingString> urls)
      Set the PrivacyStatementURL objects to expose via getUIInfo() via a utility class.
      Parameters:
      urls - utility class collection of language-annotated strings

    • getPolicyName

      @Nullable public String getPolicyName(@Nullable ProfileRequestContext profileRequestContext)
      Get the access control policy for this flow.
      Specified by:
      getPolicyName in interface AdministrativeFlowDescriptor
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      name of access control policy

    • setPolicyName

      public void setPolicyName(@Nullable String name)
      Set an explicit access control policy name to apply.
      Parameters:
      name - policy name

    • setPolicyNameLookupStrategy

      public void setPolicyNameLookupStrategy(@Nonnull Function<ProfileRequestContext,String> strategy)
      Set a lookup strategy to use to obtain the access control policy for this flow.
      Parameters:
      strategy - lookup strategy

    • isResolveAttributes

      public boolean isResolveAttributes(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      isResolveAttributes in interface AttributeResolvingProfileConfiguration

    • setResolveAttributes

      public void setResolveAttributes(boolean flag)
      Set whether attributes should be resolved during the profile.
      Parameters:
      flag - flag to set

    • setResolveAttributesPredicate

      public void setResolveAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether attributes should be resolved during the profile.
      Parameters:
      condition - condition to set

    • getInboundInterceptorFlows

      @Nonnull @NotLive @Unmodifiable public List<String> getInboundInterceptorFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of interceptor flows to run for this profile after an inbound message is decoded.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getInboundInterceptorFlows in interface InterceptorAwareProfileConfiguration
      Overrides:
      getInboundInterceptorFlows in class AbstractInterceptorAwareProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable

    • getOutboundInterceptorFlows

      @Nonnull @NotLive @Unmodifiable public List<String> getOutboundInterceptorFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of interceptor flows to run for this profile before a final outbound message is generated.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getOutboundInterceptorFlows in interface InterceptorAwareProfileConfiguration
      Overrides:
      getOutboundInterceptorFlows in class AbstractInterceptorAwareProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable

    • getSecurityConfiguration

      @Nullable public SecurityConfiguration getSecurityConfiguration(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      getSecurityConfiguration in interface ProfileConfiguration
      Overrides:
      getSecurityConfiguration in class AbstractProfileConfiguration

    • getDefaultAuthenticationMethods

      @Nonnull @NotLive @Unmodifiable public List<Principal> getDefaultAuthenticationMethods(@Nullable ProfileRequestContext profileRequestContext)
      Get the default authentication methods to use, expressed as custom principals.
      Specified by:
      getDefaultAuthenticationMethods in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      default authentication methods to use

    • setDefaultAuthenticationMethods

      public void setDefaultAuthenticationMethods(@Nullable Collection<Principal> methods)
      Set the default authentication methods to use, expressed as custom principals.
      Parameters:
      methods - default authentication methods to use

    • setDefaultAuthenticationMethodsLookupStrategy

      public void setDefaultAuthenticationMethodsLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<Principal>> strategy)
      Set a lookup strategy for the authentication methods to use, expressed as custom principals.
      Parameters:
      strategy - lookup strategy

    • setDefaultAuthenticationMethodsByString

      public void setDefaultAuthenticationMethodsByString(@Nullable Collection<String> methods)
      Set the authentication methods to use, expressed as strings that will be converted to principals during initialization.
      Parameters:
      methods - default authentication methods to use, expressed as strings
      Since:
      4.2.0

    • setDefaultAuthenticationMethodsByStringLookupStrategy

      public void setDefaultAuthenticationMethodsByStringLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<String>> strategy)
      Set a lookup strategy for the authentication methods to use, expressed as strings that will be converted to principals during initialization.
      Parameters:
      strategy - lookup strategy
      Since:
      4.2.0

    • getAuthenticationFlows

      @Nonnull @NotLive @Unmodifiable public Set<String> getAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get the allowable authentication flows for this profile.

      The flow IDs returned MUST NOT contain the AuthenticationFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of authentication flow IDs to allow

    • setAuthenticationFlows

      public void setAuthenticationFlows(@Nullable Collection<String> flows)
      Set the authentication flows to use.
      Parameters:
      flows - flow identifiers to use

    • setAuthenticationFlowsLookupStrategy

      public void setAuthenticationFlowsLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)
      Set a lookup strategy for the authentication flows to use.
      Parameters:
      strategy - lookup strategy

    • getPostAuthenticationFlows

      @Nonnull @NotLive @Unmodifiable public List<String> getPostAuthenticationFlows(@Nullable ProfileRequestContext profileRequestContext)
      Get an ordered list of post-authentication interceptor flows to run for this profile.

      The flow IDs returned MUST NOT contain the ProfileInterceptorFlowDescriptor.FLOW_ID_PREFIX prefix common to all interceptor flows.

      Specified by:
      getPostAuthenticationFlows in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      a set of interceptor flow IDs to enable

    • setPostAuthenticationFlows

      public void setPostAuthenticationFlows(@Nullable Collection<String> flows)
      Set the ordered collection of post-authentication interceptor flows to enable.
      Parameters:
      flows - flow identifiers to enable

    • setPostAuthenticationFlowsLookupStrategy

      public void setPostAuthenticationFlowsLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<String>> strategy)
      Set a lookup strategy for the post-authentication interceptor flows to enable.
      Parameters:
      strategy - lookup strategy

    • isForceAuthn

      public boolean isForceAuthn(@Nullable ProfileRequestContext profileRequestContext)
      Get whether the authentication process should include a proof of user presence.
      Specified by:
      isForceAuthn in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff authentication should require user presence

    • setForceAuthn

      public void setForceAuthn(boolean flag)
      Set whether a fresh user presence proof should be required for this request.
      Parameters:
      flag - flag to set

    • setForceAuthnPredicate

      public void setForceAuthnPredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether a fresh user presence proof should be required for this request.
      Parameters:
      condition - condition to set

    • getProxyCount

      @Nullable public Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Specified by:
      getProxyCount in interface AuthenticationProfileConfiguration
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion or authentication may be proxied

    • setProxyCount

      public void setProxyCount(@Nullable @NonNegative Integer count)
      Sets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      count - proxy count
      Since:
      4.0.0

    • setProxyCountLookupStrategy

      public void setProxyCountLookupStrategy(@Nonnull Function<ProfileRequestContext,Integer> strategy)
      Set a lookup strategy for the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
      Parameters:
      strategy - lookup strategy
      Since:
      4.0.0

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class AbstractProfileConfiguration

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class AbstractProfileConfiguration

    • toString

      public String toString()
      Overrides:
      toString in class Object