Package net.shibboleth.idp.saml.saml2.profile.config.impl

Class AbstractSAML2AssertionProducingProfileConfiguration

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent
net.shibboleth.profile.config.AbstractProfileConfiguration
net.shibboleth.profile.config.AbstractConditionalProfileConfiguration
net.shibboleth.idp.profile.config.AbstractInterceptorAwareProfileConfiguration
net.shibboleth.idp.saml.profile.config.impl.AbstractSAMLProfileConfiguration
net.shibboleth.idp.saml.saml2.profile.config.impl.AbstractSAML2ProfileConfiguration
net.shibboleth.idp.saml.saml2.profile.config.impl.AbstractSAML2ArtifactAwareProfileConfiguration
net.shibboleth.idp.saml.saml2.profile.config.impl.AbstractSAML2AssertionProducingProfileConfiguration
All Implemented Interfaces:
InterceptorAwareProfileConfiguration, SAMLProfileConfiguration, ConditionalProfileConfiguration, ProfileConfiguration, SAMLArtifactAwareProfileConfiguration, SAMLArtifactConsumerProfileConfiguration, SAMLAssertionProducingProfileConfiguration, SAMLProfileConfiguration, SAML2AssertionProducingProfileConfiguration, SAML2ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
AttributeQueryProfileConfiguration, BrowserSSOProfileConfiguration
public abstract class AbstractSAML2AssertionProducingProfileConfiguration extends AbstractSAML2ArtifactAwareProfileConfiguration implements SAML2AssertionProducingProfileConfiguration
Base class for IdP SAML 2.0 profile configurations that produce assertions.

  • Field Details

    • signAssertionsPredicate

      @Nonnull private Predicate<ProfileRequestContext> signAssertionsPredicate
      Predicate used to determine whether to sign assertions.

    • includeNotBeforePredicate

      @Nonnull private Predicate<ProfileRequestContext> includeNotBeforePredicate
      Predicate used to determine whether to include a NotBefore attribute in the Conditions of generated assertions.

    • assertionLifetimeLookupStrategy

      @Nonnull private Function<ProfileRequestContext,Duration> assertionLifetimeLookupStrategy
      Lookup function to supply assertionLifetime property.

    • additionalAudiencesLookupStrategy

      @Nonnull private Function<ProfileRequestContext,Set<String>> additionalAudiencesLookupStrategy
      Lookup function to supply assertionAudiences property.

    • encryptAssertionsPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptAssertionsPredicate
      Predicate used to determine if assertions should be encrypted.

    • encryptAttributesPredicate

      @Nonnull private Predicate<ProfileRequestContext> encryptAttributesPredicate
      Predicate used to determine if attributes should be encrypted.

  • Constructor Details

    • AbstractSAML2AssertionProducingProfileConfiguration

      public AbstractSAML2AssertionProducingProfileConfiguration(@Nonnull @NotEmpty String profileId)
      Constructor.
      Parameters:
      profileId - ID of the communication profile, never null or empty

  • Method Details

    • isSignAssertions

      public boolean isSignAssertions(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      isSignAssertions in interface SAMLAssertionProducingProfileConfiguration

    • setSignAssertions

      public void setSignAssertions(boolean flag)
      Set whether generated assertions should be signed.
      Parameters:
      flag - flag to set

    • setSignAssertionsPredicate

      public void setSignAssertionsPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if generated assertions should be signed.
      Parameters:
      predicate - predicate used to determine if generated assertions should be signed

    • isIncludeConditionsNotBefore

      public boolean isIncludeConditionsNotBefore(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      isIncludeConditionsNotBefore in interface SAMLAssertionProducingProfileConfiguration

    • setIncludeConditionsNotBefore

      public void setIncludeConditionsNotBefore(boolean flag)
      Set whether to include a NotBefore attribute in the Conditions of generated assertions.
      Parameters:
      flag - flag to set

    • setIncludeConditionsNotBeforePredicate

      public void setIncludeConditionsNotBeforePredicate(@Nonnull Predicate<ProfileRequestContext> condition)
      Set a condition to determine whether to include a NotBefore attribute in the Conditions of generated assertions.
      Parameters:
      condition - lookup strategy

    • getAssertionLifetime

      @Nonnull public Duration getAssertionLifetime(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      getAssertionLifetime in interface SAMLAssertionProducingProfileConfiguration

    • setAssertionLifetime

      public void setAssertionLifetime(@Nonnull Duration lifetime)
      Set the lifetime of an assertion.
      Parameters:
      lifetime - lifetime of an assertion

    • setAssertionLifetimeLookupStrategy

      public void setAssertionLifetimeLookupStrategy(@Nonnull Function<ProfileRequestContext,Duration> strategy)
      Set a lookup strategy for the lifetime of an assertion.
      Parameters:
      strategy - lookup strategy

    • getAssertionAudiences

      @Nonnull @Unmodifiable @NotLive public Set<String> getAssertionAudiences(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      getAssertionAudiences in interface SAMLAssertionProducingProfileConfiguration

    • setAdditionalAudiencesForAssertion

      @Deprecated(since="5.0.0", forRemoval=true) public void setAdditionalAudiencesForAssertion(@Nullable Collection<String> audiences)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Deprecated, replacement is setAssertionAudiences(Collection).
      Parameters:
      audiences - the additional audiences

    • setAdditionalAudiencesForAssertionLookupStrategy

      @Deprecated(since="5.0.0", forRemoval=true) public void setAdditionalAudiencesForAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Deprecated, replacement is setAssertionAudiencesLookupStrategy(Function).
      Parameters:
      strategy - lookup strategy

    • setAssertionAudiences

      public void setAssertionAudiences(@Nullable Collection<String> audiences)
      Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
      Parameters:
      audiences - the additional audiences

    • setAssertionAudiencesLookupStrategy

      public void setAssertionAudiencesLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)
      Set a lookup strategy for the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the assertion, with which an assertion may be shared.
      Parameters:
      strategy - lookup strategy

    • isEncryptAssertions

      public boolean isEncryptAssertions(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      isEncryptAssertions in interface SAML2AssertionProducingProfileConfiguration

    • setEncryptAssertions

      public void setEncryptAssertions(boolean flag)
      Set whether assertions should be encrypted.
      Parameters:
      flag - flag to set

    • setEncryptAssertionsPredicate

      public void setEncryptAssertionsPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if assertions should be encrypted.
      Parameters:
      predicate - predicate used to determine if assertions should be encrypted
      Since:
      4.0.0

    • isEncryptAttributes

      public boolean isEncryptAttributes(@Nullable ProfileRequestContext profileRequestContext)
      Specified by:
      isEncryptAttributes in interface SAML2AssertionProducingProfileConfiguration

    • setEncryptAttributes

      public void setEncryptAttributes(boolean flag)
      Set whether attributes should be encrypted.
      Parameters:
      flag - flag to set

    • setEncryptAttributesPredicate

      public void setEncryptAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine if attributes should be encrypted.
      Parameters:
      predicate - predicate used to determine if attributes should be encrypted
      Since:
      4.0.0