Module org.codelibs.saml2.core
Package org.codelibs.saml2.core.settings

Class Saml2Settings

java.lang.Object
org.codelibs.saml2.core.settings.Saml2Settings
public class Saml2Settings extends Object
Saml2Settings class of Java Toolkit. A class that implements the settings handler

  • Constructor Details

    • Saml2Settings

      public Saml2Settings()

  • Method Details

    • isStrict

      public final boolean isStrict()
      Returns:
      the strict setting value

    • getSpEntityId

      public final String getSpEntityId()
      Returns:
      the spEntityId setting value

    • getSpAssertionConsumerServiceUrl

      public final URL getSpAssertionConsumerServiceUrl()
      Returns:
      the spAssertionConsumerServiceUrl

    • getSpAssertionConsumerServiceBinding

      public final String getSpAssertionConsumerServiceBinding()
      Returns:
      the spAssertionConsumerServiceBinding setting value

    • getSpSingleLogoutServiceUrl

      public final URL getSpSingleLogoutServiceUrl()
      Returns:
      the spSingleLogoutServiceUrl setting value

    • getSpSingleLogoutServiceBinding

      public final String getSpSingleLogoutServiceBinding()
      Returns:
      the spSingleLogoutServiceBinding setting value

    • getSpNameIDFormat

      public final String getSpNameIDFormat()
      Returns:
      the spNameIDFormat setting value

    • isAllowRepeatAttributeName

      public boolean isAllowRepeatAttributeName()
      Returns:
      the allowRepeatAttributeName setting value

    • getRejectDeprecatedAlg

      public boolean getRejectDeprecatedAlg()
      Returns:
      the rejectDeprecatedAlg setting value

    • getSPcert

      public final X509Certificate getSPcert()
      Returns:
      the spX509cert setting value

    • getSPcertNew

      public final X509Certificate getSPcertNew()
      Returns:
      the spX509certNew setting value

    • getSPkey

      public final PrivateKey getSPkey()
      Returns:
      the spPrivateKey setting value

    • getIdpEntityId

      public final String getIdpEntityId()
      Returns:
      the idpEntityId setting value

    • getIdpSingleSignOnServiceUrl

      public final URL getIdpSingleSignOnServiceUrl()
      Returns:
      the idpSingleSignOnServiceUrl setting value

    • getIdpSingleSignOnServiceBinding

      public final String getIdpSingleSignOnServiceBinding()
      Returns:
      the idpSingleSignOnServiceBinding setting value

    • getIdpSingleLogoutServiceUrl

      public final URL getIdpSingleLogoutServiceUrl()
      Returns:
      the idpSingleLogoutServiceUrl setting value

    • getIdpSingleLogoutServiceResponseUrl

      public final URL getIdpSingleLogoutServiceResponseUrl()
      Returns:
      the idpSingleLogoutServiceResponseUrl setting value

    • getIdpSingleLogoutServiceBinding

      public final String getIdpSingleLogoutServiceBinding()
      Returns:
      the idpSingleLogoutServiceBinding setting value

    • getIdpx509cert

      public final X509Certificate getIdpx509cert()
      Returns:
      the idpx509cert setting value

    • getIdpCertFingerprint

      public final String getIdpCertFingerprint()
      Returns:
      the idpCertFingerprint setting value

    • getIdpCertFingerprintAlgorithm

      public final String getIdpCertFingerprintAlgorithm()
      Returns:
      the idpCertFingerprintAlgorithm setting value

    • getIdpx509certMulti

      public List<X509Certificate> getIdpx509certMulti()
      Returns:
      the idpx509certMulti setting value

    • getNameIdEncrypted

      public boolean getNameIdEncrypted()
      Returns:
      the nameIdEncrypted setting value

    • getAuthnRequestsSigned

      public boolean getAuthnRequestsSigned()
      Returns:
      the authnRequestsSigned setting value

    • getLogoutRequestSigned

      public boolean getLogoutRequestSigned()
      Returns:
      the logoutRequestSigned setting value

    • getLogoutResponseSigned

      public boolean getLogoutResponseSigned()
      Returns:
      the logoutResponseSigned setting value

    • getWantMessagesSigned

      public boolean getWantMessagesSigned()
      Returns:
      the wantMessagesSigned setting value

    • getWantAssertionsSigned

      public boolean getWantAssertionsSigned()
      Returns:
      the wantAssertionsSigned setting value

    • getWantAssertionsEncrypted

      public boolean getWantAssertionsEncrypted()
      Returns:
      the wantAssertionsEncrypted setting value

    • getWantNameId

      public boolean getWantNameId()
      Returns:
      the wantNameId setting value

    • getWantNameIdEncrypted

      public boolean getWantNameIdEncrypted()
      Returns:
      the wantNameIdEncrypted setting value

    • getSignMetadata

      public boolean getSignMetadata()
      Returns:
      the signMetadata setting value

    • getRequestedAuthnContext

      public List<String> getRequestedAuthnContext()
      Returns:
      the requestedAuthnContext setting value

    • getRequestedAuthnContextComparison

      public String getRequestedAuthnContextComparison()
      Returns:
      the requestedAuthnContextComparison setting value

    • getWantXMLValidation

      public boolean getWantXMLValidation()
      Returns:
      the wantXMLValidation setting value

    • getSignatureAlgorithm

      public String getSignatureAlgorithm()
      Returns:
      the signatureAlgorithm setting value

    • getDigestAlgorithm

      public String getDigestAlgorithm()
      Returns:
      the digestAlgorithm setting value

    • getContacts

      public List<Contact> getContacts()
      Returns:
      SP Contact info

    • getOrganization

      public Organization getOrganization()
      Returns:
      SP Organization info

    • getUniqueIDPrefix

      public String getUniqueIDPrefix()
      Returns:
      Unique ID prefix

    • getHsm

      public HSM getHsm()
      Returns:
      The HSM setting value.

    • isDebugActive

      public boolean isDebugActive()
      Returns:
      if the debug is active or not

    • setStrict

      public void setStrict(boolean strict)
      Set the strict setting value
      Parameters:
      strict - the strict to be set

    • setDebug

      public void setDebug(boolean debug)
      Set the debug setting value
      Parameters:
      debug - the debug mode to be set

    • setHsm

      public void setHsm(HSM hsm)
      Sets the HSM setting value.
      Parameters:
      hsm - The HSM object to be set.

    • setSpEntityId

      protected final void setSpEntityId(String spEntityId)
      Set the spEntityId setting value
      Parameters:
      spEntityId - the spEntityId value to be set

    • setSpAssertionConsumerServiceUrl

      protected final void setSpAssertionConsumerServiceUrl(URL spAssertionConsumerServiceUrl)
      Set the spAssertionConsumerServiceUrl setting value
      Parameters:
      spAssertionConsumerServiceUrl - the spAssertionConsumerServiceUrl value to be set

    • setSpAssertionConsumerServiceBinding

      protected final void setSpAssertionConsumerServiceBinding(String spAssertionConsumerServiceBinding)
      Set the spAssertionConsumerServiceBinding setting value
      Parameters:
      spAssertionConsumerServiceBinding - the spAssertionConsumerServiceBinding value to be set

    • setSpSingleLogoutServiceUrl

      protected final void setSpSingleLogoutServiceUrl(URL spSingleLogoutServiceUrl)
      Set the spSingleLogoutServiceUrl setting value
      Parameters:
      spSingleLogoutServiceUrl - the spSingleLogoutServiceUrl value to be set

    • setSpSingleLogoutServiceBinding

      protected final void setSpSingleLogoutServiceBinding(String spSingleLogoutServiceBinding)
      Set the spSingleLogoutServiceBinding setting value
      Parameters:
      spSingleLogoutServiceBinding - the spSingleLogoutServiceBinding value to be set

    • setSpNameIDFormat

      protected final void setSpNameIDFormat(String spNameIDFormat)
      Set the spNameIDFormat setting value
      Parameters:
      spNameIDFormat - the spNameIDFormat value to be set

    • setAllowRepeatAttributeName

      public void setAllowRepeatAttributeName(boolean allowRepeatAttributeName)
      Set the allowRepeatAttributeName setting value
      Parameters:
      allowRepeatAttributeName - the allowRepeatAttributeName value to be set

    • setRejectDeprecatedAlg

      public void setRejectDeprecatedAlg(boolean rejectDeprecatedAlg)
      Set the rejectDeprecatedAlg setting value
      Parameters:
      rejectDeprecatedAlg - the rejectDeprecatedAlg value to be set

    • setSpX509cert

      protected final void setSpX509cert(X509Certificate spX509cert)
      Set the spX509cert setting value provided as X509Certificate object
      Parameters:
      spX509cert - the spX509cert value to be set in X509Certificate format

    • setSpX509certNew

      protected final void setSpX509certNew(X509Certificate spX509certNew)
      Set the spX509certNew setting value provided as X509Certificate object
      Parameters:
      spX509certNew - the spX509certNew value to be set in X509Certificate format

    • setSpPrivateKey

      protected final void setSpPrivateKey(PrivateKey spPrivateKey)
      Set the spPrivateKey setting value provided as a PrivateKey object
      Parameters:
      spPrivateKey - the spprivateKey value to be set in PrivateKey format

    • setUniqueIDPrefix

      protected final void setUniqueIDPrefix(String uniqueIDPrefix)
      Set the uniqueIDPrefix setting value
      Parameters:
      uniqueIDPrefix - the Unique ID prefix used when generating Unique ID

    • setIdpEntityId

      protected final void setIdpEntityId(String idpEntityId)
      Set the idpEntityId setting value
      Parameters:
      idpEntityId - the idpEntityId value to be set

    • setIdpSingleSignOnServiceUrl

      protected final void setIdpSingleSignOnServiceUrl(URL idpSingleSignOnServiceUrl)
      Set the idpSingleSignOnServiceUrl setting value
      Parameters:
      idpSingleSignOnServiceUrl - the idpSingleSignOnServiceUrl value to be set

    • setIdpSingleSignOnServiceBinding

      protected final void setIdpSingleSignOnServiceBinding(String idpSingleSignOnServiceBinding)
      Set the idpSingleSignOnServiceBinding setting value
      Parameters:
      idpSingleSignOnServiceBinding - the idpSingleSignOnServiceBinding value to be set

    • setIdpSingleLogoutServiceUrl

      protected final void setIdpSingleLogoutServiceUrl(URL idpSingleLogoutServiceUrl)
      Set the idpSingleLogoutServiceUrl setting value
      Parameters:
      idpSingleLogoutServiceUrl - the idpSingleLogoutServiceUrl value to be set

    • setIdpSingleLogoutServiceResponseUrl

      protected final void setIdpSingleLogoutServiceResponseUrl(URL idpSingleLogoutServiceResponseUrl)
      Set the idpSingleLogoutServiceUrl setting value
      Parameters:
      idpSingleLogoutServiceResponseUrl - the idpSingleLogoutServiceUrl value to be set

    • setIdpSingleLogoutServiceBinding

      protected final void setIdpSingleLogoutServiceBinding(String idpSingleLogoutServiceBinding)
      Set the idpSingleLogoutServiceBinding setting value
      Parameters:
      idpSingleLogoutServiceBinding - the idpSingleLogoutServiceBinding value to be set

    • setIdpx509cert

      protected final void setIdpx509cert(X509Certificate idpX509cert)
      Set the idpX509cert setting value provided as a X509Certificate object
      Parameters:
      idpX509cert - the idpX509cert value to be set in X509Certificate format

    • setIdpCertFingerprint

      protected final void setIdpCertFingerprint(String idpCertFingerprint)
      Set the idpCertFingerprint setting value
      Parameters:
      idpCertFingerprint - the idpCertFingerprint value to be set

    • setIdpCertFingerprintAlgorithm

      protected final void setIdpCertFingerprintAlgorithm(String idpCertFingerprintAlgorithm)
      Set the idpCertFingerprintAlgorithm setting value
      Parameters:
      idpCertFingerprintAlgorithm - the idpCertFingerprintAlgorithm value to be set.

    • setIdpx509certMulti

      public void setIdpx509certMulti(List<X509Certificate> idpx509certMulti)
      Set the idpx509certMulti setting value
      Parameters:
      idpx509certMulti - the idpx509certMulti to set

    • setNameIdEncrypted

      public void setNameIdEncrypted(boolean nameIdEncrypted)
      Set the nameIdEncrypted setting value
      Parameters:
      nameIdEncrypted - the nameIdEncrypted value to be set. Based on it the SP will encrypt the NameID or not

    • setAuthnRequestsSigned

      public void setAuthnRequestsSigned(boolean authnRequestsSigned)
      Set the authnRequestsSigned setting value
      Parameters:
      authnRequestsSigned - the authnRequestsSigned value to be set. Based on it the SP will sign Logout Request or not

    • setLogoutRequestSigned

      public void setLogoutRequestSigned(boolean logoutRequestSigned)
      Set the logoutRequestSigned setting value
      Parameters:
      logoutRequestSigned - the logoutRequestSigned value to be set. Based on it the SP will sign Logout Request or not

    • setLogoutResponseSigned

      public void setLogoutResponseSigned(boolean logoutResponseSigned)
      Set the logoutResponseSigned setting value
      Parameters:
      logoutResponseSigned - the logoutResponseSigned value to be set. Based on it the SP will sign Logout Response or not

    • setWantMessagesSigned

      public void setWantMessagesSigned(boolean wantMessagesSigned)
      Set the wantMessagesSigned setting value
      Parameters:
      wantMessagesSigned - the wantMessagesSigned value to be set. Based on it the SP expects the SAML Messages to be signed or not

    • setWantAssertionsSigned

      public void setWantAssertionsSigned(boolean wantAssertionsSigned)
      Set the wantAssertionsSigned setting value
      Parameters:
      wantAssertionsSigned - the wantAssertionsSigned value to be set. Based on it the SP expects the SAML Assertions to be signed or not

    • setWantAssertionsEncrypted

      public void setWantAssertionsEncrypted(boolean wantAssertionsEncrypted)
      Set the wantAssertionsEncrypted setting value
      Parameters:
      wantAssertionsEncrypted - the wantAssertionsEncrypted value to be set. Based on it the SP expects the SAML Assertions to be encrypted or not

    • setWantNameId

      public void setWantNameId(boolean wantNameId)
      Set the wantNameId setting value
      Parameters:
      wantNameId - the wantNameId value to be set. Based on it the SP expects a NameID

    • setWantNameIdEncrypted

      public void setWantNameIdEncrypted(boolean wantNameIdEncrypted)
      Set the wantNameIdEncrypted setting value
      Parameters:
      wantNameIdEncrypted - the wantNameIdEncrypted value to be set. Based on it the SP expects the NameID to be encrypted or not

    • setSignMetadata

      public void setSignMetadata(boolean signMetadata)
      Set the signMetadata setting value
      Parameters:
      signMetadata - the signMetadata value to be set. Based on it the SP will sign or not the metadata with the SP PrivateKey/Certificate

    • setRequestedAuthnContext

      public void setRequestedAuthnContext(List<String> requestedAuthnContext)
      Set the requestedAuthnContext setting value
      Parameters:
      requestedAuthnContext - the requestedAuthnContext value to be set on the AuthNRequest.

    • setRequestedAuthnContextComparison

      public void setRequestedAuthnContextComparison(String requestedAuthnContextComparison)
      Set the requestedAuthnContextComparison setting value
      Parameters:
      requestedAuthnContextComparison - the requestedAuthnContextComparison value to be set.

    • setWantXMLValidation

      public void setWantXMLValidation(boolean wantXMLValidation)
      Set the wantXMLValidation setting value
      Parameters:
      wantXMLValidation - the wantXMLValidation value to be set. Based on it the SP will validate SAML messages against the XML scheme

    • setSignatureAlgorithm

      public void setSignatureAlgorithm(String signatureAlgorithm)
      Set the signatureAlgorithm setting value
      Parameters:
      signatureAlgorithm - the signatureAlgorithm value to be set.

    • setDigestAlgorithm

      public void setDigestAlgorithm(String digestAlgorithm)
      Set the digestAlgorithm setting value
      Parameters:
      digestAlgorithm - the digestAlgorithm value to be set.

    • setRejectUnsolicitedResponsesWithInResponseTo

      public void setRejectUnsolicitedResponsesWithInResponseTo(boolean rejectUnsolicitedResponsesWithInResponseTo)
      Controls if unsolicited Responses are rejected if they contain an InResponseTo value. If false using a validate method SamlResponse.isValid(String) with a null argument will accept messages with any (or none) InResponseTo value. If true using these methods with a null argument will only accept messages with no InRespoonseTo value, and reject messages where the value is set. In all cases using validate with a specified request ID will only accept responses that have the same InResponseTo id set.
      Parameters:
      rejectUnsolicitedResponsesWithInResponseTo - whether to strictly check the InResponseTo attribute

    • isRejectUnsolicitedResponsesWithInResponseTo

      public boolean isRejectUnsolicitedResponsesWithInResponseTo()

    • setCompressRequest

      public void setCompressRequest(boolean compressRequest)
      Set the compressRequest setting value
      Parameters:
      compressRequest - the compressRequest value to be set.

    • isCompressRequestEnabled

      public boolean isCompressRequestEnabled()
      Returns:
      the compressRequest setting value

    • setCompressResponse

      public void setCompressResponse(boolean compressResponse)
      Set the compressResponse setting value
      Parameters:
      compressResponse - the compressResponse value to be set.

    • isCompressResponseEnabled

      public boolean isCompressResponseEnabled()
      Returns:
      the compressResponse setting value

    • setTrimNameIds

      public void setTrimNameIds(boolean trimNameIds)
      Sets whether Name IDs in parsed SAML messages should be trimmed.

      Default is false, that is Name IDs are kept intact, as the SAML specification prescribes.

      Parameters:
      trimNameIds - set to true to trim parsed Name IDs, set to false to keep them intact

    • isTrimNameIds

      public boolean isTrimNameIds()
      Determines whether Name IDs should trimmed when extracting them from parsed SAML messages.

      Default is false, that is Name IDs are kept intact, as the SAML specification prescribes.

      Returns:
      true if Name IDs should be trimmed, false otherwise

    • setTrimAttributeValues

      public void setTrimAttributeValues(boolean trimAttributeValues)
      Sets whether attribute values in parsed SAML messages should be trimmed.

      Default is false.

      Parameters:
      trimAttributeValues - set to true to trim parsed attribute values, set to false to keep them intact

    • isTrimAttributeValues

      public boolean isTrimAttributeValues()
      Determines whether attribute values should be trimmed when extracting them from parsed SAML messages.

      Default is false.

      Returns:
      true if attribute values should be trimmed, false otherwise

    • setContacts

      protected final void setContacts(List<Contact> contacts)
      Set contacts info that will be listed on the Service Provider metadata
      Parameters:
      contacts - the contacts to set

    • setOrganization

      protected final void setOrganization(Organization organization)
      Set the organization info that will be published on the Service Provider metadata
      Parameters:
      organization - the organization to set

    • checkSettings

      public List<String> checkSettings()
      Checks the settings .
      Returns:
      errors found on the settings data

    • checkIdPSettings

      public List<String> checkIdPSettings()
      Checks the IdP settings .
      Returns:
      errors found on the IdP settings data

    • checkSPSettings

      public List<String> checkSPSettings()
      Checks the SP settings .
      Returns:
      errors found on the SP settings data

    • checkSPCerts

      public boolean checkSPCerts()
      Checks the x509 certficate/private key SP settings .
      Returns:
      true if the SP settings are valid

    • setSPValidationOnly

      public void setSPValidationOnly(boolean spValidationOnly)
      Set the spValidationOnly value, used to check IdP data on checkSettings method
      Parameters:
      spValidationOnly - the spValidationOnly value to be set

    • getSPValidationOnly

      public boolean getSPValidationOnly()
      Returns:
      the spValidationOnly value

    • getSPMetadata

      public String getSPMetadata()
      Gets the SP metadata. The XML representation.
      Returns:
      the SP metadata (xml)

    • validateMetadata

      public static List<String> validateMetadata(String metadataString)
      Validates an XML SP Metadata.
      Parameters:
      metadataString - Metadata's XML that will be validate
      Returns:
      Array The list of found errors