Package net.shibboleth.saml.saml2.profile.config

Interface BrowserSSOProfileConfiguration

All Superinterfaces:
Component, IdentifiedComponent, ProfileConfiguration, SAML2ProfileConfiguration, SAMLArtifactConsumerProfileConfiguration, SAMLAssertionConsumingProfileConfiguration, SAMLProfileConfiguration
All Known Subinterfaces:
ECPProfileConfiguration
public interface BrowserSSOProfileConfiguration extends SAMLArtifactConsumerProfileConfiguration, SAML2ProfileConfiguration, SAMLAssertionConsumingProfileConfiguration
Configuration for SAML 2.0 Browser SSO profile.

Note that this interface extends SAMLAssertionConsumingProfileConfiguration due to both IdP and SP functionality including that step, but not the "producing" interface, as that is IdP-only.

  • Field Details

    • PROFILE_ID

      @Nonnull @NotEmpty static final String PROFILE_ID
      ID for this profile configuration.
      See Also:

    • FEATURE_AUTHNCONTEXT

      static final int FEATURE_AUTHNCONTEXT
      Bit constant for RequestedAuthnContext feature.
      See Also:

    • FEATURE_SCOPING

      static final int FEATURE_SCOPING
      Bit constant for Scoping feature.
      See Also:

    • FEATURE_NAMEIDFORMAT

      static final int FEATURE_NAMEIDFORMAT
      Bit constant for NameIDPolicy Format feature.
      See Also:

    • FEATURE_SPNAMEQUALIFIER

      static final int FEATURE_SPNAMEQUALIFIER
      Bit constant for NameIDPolicy SPNameQualifier feature.
      See Also:

    • FEATURE_FORCEAUTHN

      static final int FEATURE_FORCEAUTHN
      Bit constant for ForceAuthn feature.
      See Also:

  • Method Details

    • isForceAuthn

      @ConfigurationSetting(name="forceAuthn") boolean isForceAuthn(@Nullable ProfileRequestContext profileRequestContext)
      Get whether a fresh user presence proof should be required for this request.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff a fresh user presence proof should be required for this request

    • isCheckAddress

      @ConfigurationSetting(name="checkAddress") boolean isCheckAddress(@Nullable ProfileRequestContext profileRequestContext)
      Get whether the client's address must match the address in an inbound SubjectLocality element during inbound SSO.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      whether to compare addresses

    • getMaximumTimeSinceAuthn

      @ConfigurationSetting(name="maximumTimeSinceAuthn") @NonNegative @Nullable Duration getMaximumTimeSinceAuthn(@Nullable ProfileRequestContext profileRequestContext)
      Get the maximum amount of time allowed to have elapsed since an incoming AuthnInstant.

      A null or 0 is interpreted as an unlimited amount.

      Parameters:
      profileRequestContext - current profile request context
      Returns:
      max time since inbound AuthnInstant

    • getProxyCount

      @ConfigurationSetting(name="proxyCount") @NonNegative @Nullable Integer getProxyCount(@Nullable ProfileRequestContext profileRequestContext)
      Gets the maximum number of times an assertion may be proxied to signal in the SAML request.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      maximum number of times an assertion may be proxied

    • getAuthnContextComparison

      @ConfigurationSetting(name="authnContextComparison") @Nullable AuthnContextComparisonTypeEnumeration getAuthnContextComparison(@Nullable ProfileRequestContext profileRequestContext)
      Get the comparison operator to use when issuing SAML requests containing requested context classes.

      The actual context(s) requested is left to IdP- and SP-specific interfaces because of the differences in representation.

      Parameters:
      profileRequestContext - profile request context
      Returns:
      comparison value or null

    • getSPNameQualifier

      @ConfigurationSetting(name="sPNameQualifier") @Nullable String getSPNameQualifier(@Nullable ProfileRequestContext profileRequestContext)
      Get the SPNameQualifier to include in the SAML request.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      requested SPNameQualifier

    • getAttributeIndex

      @ConfigurationSetting(name="attributeIndex") @Nullable Integer getAttributeIndex(@Nullable ProfileRequestContext profileRequestContext)
      Get the AttributeConsumingServiceIndex to include in the SAML request.
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      the AttributeConsumingServiceIndex

    • getRequestedAttributes

      @ConfigurationSetting(name="requestedAttributes") @Nonnull @Unmodifiable @NotLive Collection<RequestedAttribute> getRequestedAttributes(@Nullable ProfileRequestContext profileRequestContext)
      Get the list of RequestedAttribute objects to include in the SAML request (via extension).
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      the requested attributes