SecurityConfiguration (Shibboleth IdP :: Profile API 3.0.0 API)

java.lang.Object
- net.shibboleth.idp.profile.config.SecurityConfiguration

public class SecurityConfiguration
extends Object

Configuration for security behavior of profiles.

Field Summary

Fields
Modifier and Type	Field and Description
`private org.opensaml.security.x509.tls.ClientTLSValidationConfiguration`	`clientTLSConfig` Configuration used when validating client TLS X509Credentials.
`private long`	`clockSkew` Acceptable clock skew expressed in milliseconds.
`private org.opensaml.xmlsec.DecryptionConfiguration`	`decryptConfig` Configuration used when decrypting protocol message information.
`private org.opensaml.xmlsec.EncryptionConfiguration`	`encryptConfig` Configuration used when encrypting protocol message information.
`private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy`	`idGenerator` Generator used to generate various secure IDs (e.g., message identifiers).
`private org.opensaml.xmlsec.SignatureSigningConfiguration`	`sigSigningConfig` Configuration used when generating protocol message signatures.
`private org.opensaml.xmlsec.SignatureValidationConfiguration`	`sigValidateConfig` Configuration used when validating protocol message signatures.

Constructor Summary

Constructors
Constructor and Description
`SecurityConfiguration()` Constructor.
`SecurityConfiguration(long skew, net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy generator)` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`org.opensaml.security.x509.tls.ClientTLSValidationConfiguration`	`getClientTLSValidationConfiguration()` Get the configuration used when validating client TLS X509Credentials.
`long`	`getClockSkew()` Get the acceptable clock skew expressed in milliseconds.
`org.opensaml.xmlsec.DecryptionConfiguration`	`getDecryptionConfiguration()` Get the configuration used when decrypting protocol message information.
`org.opensaml.xmlsec.EncryptionConfiguration`	`getEncryptionConfiguration()` Get the configuration used when encrypting protocol message information.
`net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy`	`getIdGenerator()` Get the generator used to generate secure identifiers.
`org.opensaml.xmlsec.SignatureSigningConfiguration`	`getSignatureSigningConfiguration()` Get the configuration used when generating protocol message signatures.
`org.opensaml.xmlsec.SignatureValidationConfiguration`	`getSignatureValidationConfiguration()` Get the configuration used when validating protocol message signatures.
`void`	`setClientTLSValidationConfiguration(org.opensaml.security.x509.tls.ClientTLSValidationConfiguration config)` Set the configuration used when validating client TLS X509Credentials.
`void`	`setDecryptionConfiguration(org.opensaml.xmlsec.DecryptionConfiguration config)` Set the configuration used when decrypting protocol message information.
`void`	`setEncryptionConfiguration(org.opensaml.xmlsec.EncryptionConfiguration config)` Set the configuration used when encrypting protocol message information.
`void`	`setSignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration config)` Set the configuration used when generating protocol message signatures.
`void`	`setSignatureValidationConfiguration(org.opensaml.xmlsec.SignatureValidationConfiguration config)` Set the configuration used when validating protocol message signatures.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - clockSkew
```
@Duration
@Positive
private final long clockSkew
```
    Acceptable clock skew expressed in milliseconds.
  - idGenerator
```
@Nonnull
private final net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator
```
    Generator used to generate various secure IDs (e.g., message identifiers).
  - sigValidateConfig
```
@Nullable
private org.opensaml.xmlsec.SignatureValidationConfiguration sigValidateConfig
```
    Configuration used when validating protocol message signatures.
  - sigSigningConfig
```
@Nullable
private org.opensaml.xmlsec.SignatureSigningConfiguration sigSigningConfig
```
    Configuration used when generating protocol message signatures.
  - decryptConfig
```
@Nullable
private org.opensaml.xmlsec.DecryptionConfiguration decryptConfig
```
    Configuration used when decrypting protocol message information.
  - encryptConfig
```
@Nullable
private org.opensaml.xmlsec.EncryptionConfiguration encryptConfig
```
    Configuration used when encrypting protocol message information.
  - clientTLSConfig
```
@Nullable
private org.opensaml.security.x509.tls.ClientTLSValidationConfiguration clientTLSConfig
```
    Configuration used when validating client TLS X509Credentials.
- Constructor Detail
  - SecurityConfiguration
```
public SecurityConfiguration()
```
    Constructor. Initializes the clock skew to 5 minutes and the identifier generator to SecureRandomIdentifierGenerationStrategy using the SHA1PRNG algorithm.
  - SecurityConfiguration
```
public SecurityConfiguration(@Duration@Positive
                     long skew,
                     @Nonnull
                     net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy generator)
```
    Constructor.
    
    Parameters:
    skew - the clock skew, must be greater than 0
    generator - the identifier generator, must not be null
- Method Detail
  - getClockSkew
```
@Positive
public long getClockSkew()
```
    Get the acceptable clock skew expressed in milliseconds.
    
    Returns:
    acceptable clock skew expressed in milliseconds
  - getIdGenerator
```
@Nonnull
public net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy getIdGenerator()
```
    Get the generator used to generate secure identifiers.
    
    Returns:
    generator used to generate secure identifiers
  - getSignatureValidationConfiguration
```
@Nullable
public org.opensaml.xmlsec.SignatureValidationConfiguration getSignatureValidationConfiguration()
```
    Get the configuration used when validating protocol message signatures.
    
    Returns:
    configuration used when validating protocol message signatures, or null
  - setSignatureValidationConfiguration
```
public void setSignatureValidationConfiguration(@Nullable
                                       org.opensaml.xmlsec.SignatureValidationConfiguration config)
```
    Set the configuration used when validating protocol message signatures.
    
    Parameters:
    config - configuration used when validating protocol message signatures, or null
  - getSignatureSigningConfiguration
```
@Nullable
public org.opensaml.xmlsec.SignatureSigningConfiguration getSignatureSigningConfiguration()
```
    Get the configuration used when generating protocol message signatures.
    
    Returns:
    configuration used when generating protocol message signatures, or null
  - setSignatureSigningConfiguration
```
public void setSignatureSigningConfiguration(@Nullable
                                    org.opensaml.xmlsec.SignatureSigningConfiguration config)
```
    Set the configuration used when generating protocol message signatures.
    
    Parameters:
    config - configuration used when generating protocol message signatures, or null
  - getDecryptionConfiguration
```
@Nullable
public org.opensaml.xmlsec.DecryptionConfiguration getDecryptionConfiguration()
```
    Get the configuration used when decrypting protocol message information.
    
    Returns:
    configuration used when decrypting protocol message information, or null
  - setDecryptionConfiguration
```
public void setDecryptionConfiguration(@Nullable
                              org.opensaml.xmlsec.DecryptionConfiguration config)
```
    Set the configuration used when decrypting protocol message information.
    
    Parameters:
    config - configuration used when decrypting protocol message information, or null
  - getEncryptionConfiguration
```
@Nullable
public org.opensaml.xmlsec.EncryptionConfiguration getEncryptionConfiguration()
```
    Get the configuration used when encrypting protocol message information.
    
    Returns:
    configuration used when encrypting protocol message information, or null
  - setEncryptionConfiguration
```
public void setEncryptionConfiguration(@Nullable
                              org.opensaml.xmlsec.EncryptionConfiguration config)
```
    Set the configuration used when encrypting protocol message information.
    
    Parameters:
    config - configuration used when encrypting protocol message information, or null
  - getClientTLSValidationConfiguration
```
public org.opensaml.security.x509.tls.ClientTLSValidationConfiguration getClientTLSValidationConfiguration()
```
    Get the configuration used when validating client TLS X509Credentials.
    
    Returns:
    configuration used when validating client TLS X509Credentials, or null
  - setClientTLSValidationConfiguration
```
public void setClientTLSValidationConfiguration(org.opensaml.security.x509.tls.ClientTLSValidationConfiguration config)
```
    Set the configuration used when validating client TLS X509Credentials.
    
    Parameters:
    config - configuration used when validating client TLS X509Credentials, or null

Class SecurityConfiguration

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

clockSkew

idGenerator

sigValidateConfig

sigSigningConfig

decryptConfig

encryptConfig

clientTLSConfig

Constructor Detail

SecurityConfiguration

SecurityConfiguration

Method Detail

getClockSkew

getIdGenerator

getSignatureValidationConfiguration

setSignatureValidationConfiguration

getSignatureSigningConfiguration

setSignatureSigningConfiguration

getDecryptionConfiguration

setDecryptionConfiguration

getEncryptionConfiguration

setEncryptionConfiguration

getClientTLSValidationConfiguration

setClientTLSValidationConfiguration