Package net.shibboleth.idp.saml.saml1.profile.config.impl

Class AbstractSAML1AssertionProducingProfileConfiguration

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent

net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent

net.shibboleth.profile.config.AbstractProfileConfiguration

net.shibboleth.profile.config.AbstractConditionalProfileConfiguration

net.shibboleth.idp.profile.config.AbstractInterceptorAwareProfileConfiguration

net.shibboleth.idp.saml.profile.config.impl.AbstractSAMLProfileConfiguration

net.shibboleth.idp.saml.saml1.profile.config.impl.AbstractSAML1ArtifactAwareProfileConfiguration

net.shibboleth.idp.saml.saml1.profile.config.impl.AbstractSAML1AssertionProducingProfileConfiguration

All Implemented Interfaces:

InterceptorAwareProfileConfiguration, SAMLProfileConfiguration, ConditionalProfileConfiguration, ProfileConfiguration, SAMLArtifactAwareProfileConfiguration, SAMLAssertionProducingProfileConfiguration, SAMLProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

Direct Known Subclasses:

AttributeQueryProfileConfiguration, BrowserSSOProfileConfiguration

public abstract class AbstractSAML1AssertionProducingProfileConfiguration
extends AbstractSAML1ArtifactAwareProfileConfiguration
implements SAMLAssertionProducingProfileConfiguration

Base class for IdP SAML 1.x profile configurations that produce assertions.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,Set<String>>	additionalAudiencesLookupStrategy	Lookup function to supply assertionAudiences property.
private Function<ProfileRequestContext,Duration>	assertionLifetimeLookupStrategy	Lookup function to supply assertionLifetime property.
private Predicate<ProfileRequestContext>	includeNotBeforePredicate	Predicate used to determine whether to include a NotBefore attribute in the Conditions of generated assertions.
private Predicate<ProfileRequestContext>	signAssertionsPredicate	Predicate used to determine whether to sign assertions.

Fields inherited from interface net.shibboleth.profile.config.ProfileConfiguration

DEFAULT_DISALLOWED_FEATURES

Fields inherited from interface net.shibboleth.saml.profile.config.SAMLAssertionProducingProfileConfiguration

DEFAULT_ASSERTION_LIFETIME

Constructor Summary

Constructors

Constructor	Description
AbstractSAML1AssertionProducingProfileConfiguration(String profileId)	Constructor.

Method Summary

Modifier and Type	Method	Description
Set<String>	getAssertionAudiences(ProfileRequestContext profileRequestContext)
Duration	getAssertionLifetime(ProfileRequestContext profileRequestContext)
boolean	isIncludeConditionsNotBefore(ProfileRequestContext profileRequestContext)
boolean	isSignAssertions(ProfileRequestContext profileRequestContext)
void	setAdditionalAudiencesForAssertion(Collection<String> audiences)	Deprecated, for removal: This API element is subject to removal in a future version.
void	setAdditionalAudiencesForAssertionLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)	Deprecated, for removal: This API element is subject to removal in a future version.
void	setAssertionAudiences(Collection<String> audiences)	Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
void	setAssertionAudiencesLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)	Set a lookup strategy for the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
void	setAssertionLifetime(Duration lifetime)	Set the lifetime of an assertion.
void	setAssertionLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set a lookup strategy for the lifetime of an assertion.
void	setIncludeConditionsNotBefore(boolean flag)	Set whether to include a NotBefore attribute in the Conditions of generated assertions.
void	setIncludeConditionsNotBeforePredicate(Predicate<ProfileRequestContext> condition)	Set a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.
void	setSignAssertions(boolean flag)	Set whether generated assertions should be signed.
void	setSignAssertionsPredicate(Predicate<ProfileRequestContext> predicate)	Set the predicate used to determine if generated assertions should be signed.

Methods inherited from class net.shibboleth.idp.saml.saml1.profile.config.impl.AbstractSAML1ArtifactAwareProfileConfiguration

getArtifactConfiguration, setArtifactConfiguration, setArtifactConfigurationLookupStrategy

Methods inherited from class net.shibboleth.idp.saml.profile.config.impl.AbstractSAMLProfileConfiguration

getMessageHandler, isSignRequests, isSignResponses, setMessageDecorator, setMessageHandler, setMessageHandlerLookupStrategy, setSignRequests, setSignRequestsPredicate, setSignResponses, setSignResponsesPredicate

Methods inherited from class net.shibboleth.idp.profile.config.AbstractInterceptorAwareProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, setInboundInterceptorFlows, setInboundInterceptorFlowsLookupStrategy, setOutboundInterceptorFlows, setOutboundInterceptorFlowsLookupStrategy

Methods inherited from class net.shibboleth.profile.config.AbstractConditionalProfileConfiguration

getActivationCondition, setActivationCondition

Methods inherited from class net.shibboleth.profile.config.AbstractProfileConfiguration

equals, getDisallowedFeatures, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setSecurityConfiguration, setSecurityConfigurationLookupStrategy

Methods inherited from class net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent

setId

Methods inherited from class net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent

doInitialize, ensureId, getId, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.idp.profile.config.InterceptorAwareProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows

Methods inherited from interface net.shibboleth.profile.config.ProfileConfiguration

getDisallowedFeatures, getSecurityConfiguration, isFeatureDisallowed

Methods inherited from interface net.shibboleth.saml.profile.config.SAMLProfileConfiguration

getMessageHandler, isSignRequests, isSignResponses

Field Details

signAssertionsPredicate

@Nonnull
private Predicate<ProfileRequestContext> signAssertionsPredicate

Predicate used to determine whether to sign assertions.

includeNotBeforePredicate

@Nonnull
private Predicate<ProfileRequestContext> includeNotBeforePredicate

Predicate used to determine whether to include a NotBefore attribute in the Conditions of generated assertions.

assertionLifetimeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> assertionLifetimeLookupStrategy

Lookup function to supply assertionLifetime property.

additionalAudiencesLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Set<String>> additionalAudiencesLookupStrategy

Lookup function to supply assertionAudiences property.

Constructor Details

AbstractSAML1AssertionProducingProfileConfiguration

public AbstractSAML1AssertionProducingProfileConfiguration(@Nonnull @NotEmpty
 String profileId)

Constructor.

Parameters:

profileId - ID of the communication profile, never null or empty

Method Details

isSignAssertions

public boolean isSignAssertions(@Nullable
 ProfileRequestContext profileRequestContext)

Specified by:

isSignAssertions in interface SAMLAssertionProducingProfileConfiguration

setSignAssertions

public void setSignAssertions(boolean flag)

Set whether generated assertions should be signed.

Parameters:

flag - flag to set

setSignAssertionsPredicate

public void setSignAssertionsPredicate(@Nonnull
 Predicate<ProfileRequestContext> predicate)

Set the predicate used to determine if generated assertions should be signed.

Parameters:

predicate - predicate used to determine if generated assertions should be signed

isIncludeConditionsNotBefore

public boolean isIncludeConditionsNotBefore(@Nullable
 ProfileRequestContext profileRequestContext)

Specified by:

isIncludeConditionsNotBefore in interface SAMLAssertionProducingProfileConfiguration

setIncludeConditionsNotBefore

public void setIncludeConditionsNotBefore(boolean flag)

Set whether to include a NotBefore attribute in the Conditions of generated assertions.

Parameters:

flag - flag to set

setIncludeConditionsNotBeforePredicate

public void setIncludeConditionsNotBeforePredicate(@Nonnull
 Predicate<ProfileRequestContext> condition)

Set a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.

Parameters:

condition - lookup strategy

getAssertionLifetime

@Nonnull
public Duration getAssertionLifetime(@Nullable
 ProfileRequestContext profileRequestContext)

Specified by:

getAssertionLifetime in interface SAMLAssertionProducingProfileConfiguration

setAssertionLifetime

public void setAssertionLifetime(@Nonnull
 Duration lifetime)

Set the lifetime of an assertion.

Parameters:

lifetime - lifetime of an assertion

setAssertionLifetimeLookupStrategy

public void setAssertionLifetimeLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Duration> strategy)

Set a lookup strategy for the lifetime of an assertion.

Parameters:

strategy - lookup strategy

getAssertionAudiences

@Nonnull
@Unmodifiable
@NotLive
public Set<String> getAssertionAudiences(@Nullable
 ProfileRequestContext profileRequestContext)

Specified by:

getAssertionAudiences in interface SAMLAssertionProducingProfileConfiguration

setAdditionalAudiencesForAssertion

@Deprecated(since="5.0.0",
            forRemoval=true)
public void setAdditionalAudiencesForAssertion(@Nullable
 Collection<String> audiences)

Deprecated, for removal: This API element is subject to removal in a future version.

Deprecated, replacement is setAssertionAudiences(Collection).

Parameters:

audiences - the additional audiences

setAdditionalAudiencesForAssertionLookupStrategy

@Deprecated(since="5.0.0",
            forRemoval=true)
public void setAdditionalAudiencesForAssertionLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Set<String>> strategy)

Deprecated, for removal: This API element is subject to removal in a future version.

Deprecated, replacement is setAssertionAudiencesLookupStrategy(Function).

Parameters:

strategy - lookup strategy

setAssertionAudiences

public void setAssertionAudiences(@Nullable
 Collection<String> audiences)

Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.

Parameters:

audiences - the additional audiences

setAssertionAudiencesLookupStrategy

public void setAssertionAudiencesLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Set<String>> strategy)

Set a lookup strategy for the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.

Parameters:

strategy - lookup strategy