Package net.shibboleth.oidc.profile.config

Interface OIDCAuthenticationRelyingPartyProfileConfiguration

All Superinterfaces:

net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration, Component, net.shibboleth.idp.profile.config.ConditionalProfileConfiguration, IdentifiedComponent, OAuth2AuthorizationProfileConfiguration, OAuth2ClientAuthenticableClientProfileConfiguration, OAuth2FlowAwareProfileConfiguration, OAuth2ProfileConfiguration, OAuth2TokenEncryptionProfileConfiguration, OIDCAuthenticationProfileConfiguration, OIDCFlowAwareProfileConfiguration, OIDCProfileConfiguration, OIDCSSOProfileConfiguration, OIDCSSORelyingPartyConfiguration, net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration

public interface OIDCAuthenticationRelyingPartyProfileConfiguration
extends OIDCAuthenticationProfileConfiguration, OIDCSSORelyingPartyConfiguration

Configuration of an OIDC 1.0 authentication request.

This is specific to the role of the RelyingParty (RP).

Nested Class Summary

Nested classes/interfaces inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AuthorizationProfileConfiguration

OAuth2AuthorizationProfileConfiguration.HttpRequestMethod

Field Summary

Fields inherited from interface net.shibboleth.oidc.profile.config.OIDCAuthenticationProfileConfiguration

PROFILE_ID

Fields inherited from interface net.shibboleth.oidc.profile.config.OIDCSSOProfileConfiguration

PROFILE_ID

Method Summary

Modifier and Type	Method	Description
String	getRedirectUriOverride(ProfileRequestContext profileRequestContext)	Get the redirect_uri override if set.
OAuth2AuthorizationProfileConfiguration.HttpRequestMethod	getUserInfoHttpRequestMethod(ProfileRequestContext profileRequestContext)	Get the HTTP request method for the UserInfo request.
boolean	isEncryptRequestObject(ProfileRequestContext profileRequestContext)	Should the RequestObject (if configured) be encrypted?
boolean	isProxiedAuthnInstant(ProfileRequestContext profileRequestContext)	Gets whether authentication results produced by use of this profile should carry the proxied assertion's auth_time from the id_token, rather than the current time.
boolean	isRetrieveUserInfoEndpointClaims(ProfileRequestContext profileRequestContext)	Get whether to make a request to the UserInfo Endpoint to obtain authenticated End-User claims.
boolean	isSignRequestObject(ProfileRequestContext profileRequestContext)	Should the RequestObject (if configured) be signed?
boolean	isTlsServerValidationSufficient(ProfileRequestContext profileRequestContext)	Is TLS server validation of the token endpoint sufficient to verify an id_token without checking the id_token signature.

Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration

getAuthenticationFlows, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, isForceAuthn, isLocal

Methods inherited from interface net.shibboleth.idp.profile.config.ConditionalProfileConfiguration

getActivationCondition

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AuthorizationProfileConfiguration

getHttpRequestMethod, getResponseMode, getResponseType, getScopes

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2ClientAuthenticableClientProfileConfiguration

getClientCredential, getClientId, getTokenEndpointAuthMethod

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2FlowAwareProfileConfiguration

isAuthorizationCodeFlowEnabled, isImplicitFlowEnabled, isRefreshTokensEnabled

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenEncryptionProfileConfiguration

isEncryptionOptional

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCAuthenticationProfileConfiguration

getAuthenticationContextClassReferenceTranslationStrategy, getAuthenticationMethodsReferencesTranslationStrategy, getLoginHint, getMaxAuthenticationAge, isUseRequestObject

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCFlowAwareProfileConfiguration

isHybridFlowEnabled

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCSSOProfileConfiguration

isAllowPKCEPlain, isForcePKCE

Methods inherited from interface net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration

getIssuer

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Method Detail

getUserInfoHttpRequestMethod

@Nullable
OAuth2AuthorizationProfileConfiguration.HttpRequestMethod getUserInfoHttpRequestMethod(@Nullable
                                                                                       ProfileRequestContext profileRequestContext)

Get the HTTP request method for the UserInfo request. Both GET and POST are supported.

Parameters:

profileRequestContext - current profile request context

Returns:

the UserInfo HTTP request method

Since:

2.2.0

isRetrieveUserInfoEndpointClaims

boolean isRetrieveUserInfoEndpointClaims(@Nonnull
                                         ProfileRequestContext profileRequestContext)

Get whether to make a request to the UserInfo Endpoint to obtain authenticated End-User claims.

Parameters:

profileRequestContext - current profile request context

Returns:

whether to make a request to the UserInfo Endpoint

Since:

2.2.0

isSignRequestObject

boolean isSignRequestObject(@Nullable
                            ProfileRequestContext profileRequestContext)

Should the RequestObject (if configured) be signed?

Parameters:

profileRequestContext - the profile request context

Returns:

true iff the RequestObject should be signed, false otherwise.

Since:

2.2.0

isEncryptRequestObject

boolean isEncryptRequestObject(@Nullable
                               ProfileRequestContext profileRequestContext)

Should the RequestObject (if configured) be encrypted?

Parameters:

profileRequestContext - the profile request context

Returns:

true iff the RequestObject should be encrypted, false otherwise.

Since:

2.2.0

isProxiedAuthnInstant

boolean isProxiedAuthnInstant(@Nullable
                              ProfileRequestContext profileRequestContext)

Gets whether authentication results produced by use of this profile should carry the proxied assertion's auth_time from the id_token, rather than the current time.

Defaults to true.

Parameters:

profileRequestContext - current profile request context

Returns:

whether to proxy across the inbound auth_time

Since:

2.2.0

getRedirectUriOverride

@Nullable
@NotEmpty
String getRedirectUriOverride(@Nullable
                              ProfileRequestContext profileRequestContext)

Get the redirect_uri override if set.

Parameters:

profileRequestContext - profile request context

Returns:

the redirect_uri override

Since:

2.2.0

isTlsServerValidationSufficient

boolean isTlsServerValidationSufficient(@Nullable
                                        ProfileRequestContext profileRequestContext)

Is TLS server validation of the token endpoint sufficient to verify an id_token without checking the id_token signature.

Parameters:

profileRequestContext - profile request context

Returns:

true if TLS server validation is required to verify the id_token. False if the token signature should be validated.

Since:

2.2.0