com.iland.core.web.rest.response.sso

Class SAMLIdentityProviderResponse

java.lang.Object

com.iland.core.web.rest.response.sso.IdentityProviderResponse

com.iland.core.web.rest.response.sso.SAMLIdentityProviderResponse

Direct Known Subclasses:

ImmutableSAMLIdentityProviderResponse

public abstract class SAMLIdentityProviderResponse
extends IdentityProviderResponse

SAML Identity Provider Response.

Author:

Nick Kasprzak

Constructor Summary

Constructors

Constructor and Description
SAMLIdentityProviderResponse()

Method Summary

Modifier and Type	Method and Description
abstract Optional<String>	allowedClockSkew() Gets clock skew in seconds that is tolerated when validating identity provider tokens.
abstract Optional<Boolean>	backchannelSupported() Enable if your SAML IDP supports backchannel logout.
abstract Optional<Boolean>	forceAuthn() Indicates that the user will be forced to enter their credentials at the external IDP even if they are already logged in.
abstract Optional<SAMLNameIDPolicyFormat>	nameIdPolicyFormat() Specifies the URI reference corresponding to a name identifier format.
abstract Optional<Boolean>	postBindingAuthnRequest() When this realm requests authentication from the external SAML IDP, which SAML binding should be used? If set to off, then the Redirect Binding will be used.
abstract Optional<Boolean>	postBindingLogout() Indicates whether to respond to requests using HTTP-POST binding.
abstract Optional<Boolean>	postBindingResponse() When this realm responds to any SAML requests sent by the external IDP, which SAML binding should be used? If set to off, then the Redirect Binding will be used.
abstract Optional<String>	principalAttribute() Way to identify and track external users from the assertion.
abstract Optional<String>	principalType() Specifies which part of the SAML assertion will be used to identify and track external user identities.
abstract Optional<String>	samlXmlKeyNameTranformer() Signed SAML documents contain identification of signing key in KeyName element.
abstract Optional<String>	signatureAlgorithm() If Want AuthnRequests Signed is on, then you can also pick the signature algorithm to use.
abstract Optional<String>	signingCertificate() The public certificate that will be used to validate the signatures of SAML requests and responses from the external IDP.
abstract Optional<String>	singleLogoutServiceUrl() This is an optional field that specifies the SAML logout endpoint.
abstract String	singleSignOnServiceUrl() This is a required field and specifies the SAML endpoint to start the authentication process.
IdentityProviderType	type() The identity provider type.
abstract Optional<Boolean>	validateSignature() Whether or not the realm should expect that SAML requests and responses from the external IDP to be digitally signed.
abstract Optional<Boolean>	wantAssertionsEncrypted() Indicates whether this service provider expects an encrypted Assertion.
abstract Optional<Boolean>	wantAssertionsSigned() If Want AuthnRequests Signed is on, then you can also pick the signature algorithm to use.
abstract Optional<Boolean>	wantAuthnRequestsSigned() If true, it will use the realm’s keypair to sign requests sent to the external SAML IDP.

Methods inherited from class com.iland.core.web.rest.response.sso.IdentityProviderResponse

enabled, enforceSso

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAMLIdentityProviderResponse

public SAMLIdentityProviderResponse()

Method Detail

singleSignOnServiceUrl

public abstract String singleSignOnServiceUrl()

This is a required field and specifies the SAML endpoint to start the authentication process. If your SAML IDP publishes an IDP entity descriptor, the value of this field will be specified there.

nameIdPolicyFormat

public abstract Optional<SAMLNameIDPolicyFormat> nameIdPolicyFormat()

Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

principalType

public abstract Optional<String> principalType()

Specifies which part of the SAML assertion will be used to identify and track external user identities. Can be either Subject NameID or SAML attribute (either by name or by friendly name).

principalAttribute

public abstract Optional<String> principalAttribute()

Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.

signatureAlgorithm

public abstract Optional<String> signatureAlgorithm()

If Want AuthnRequests Signed is on, then you can also pick the signature algorithm to use.

samlXmlKeyNameTranformer

public abstract Optional<String> samlXmlKeyNameTranformer()

Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.

backchannelSupported

public abstract Optional<Boolean> backchannelSupported()

Enable if your SAML IDP supports backchannel logout.

postBindingResponse

public abstract Optional<Boolean> postBindingResponse()

When this realm responds to any SAML requests sent by the external IDP, which SAML binding should be used? If set to off, then the Redirect Binding will be used.

postBindingAuthnRequest

public abstract Optional<Boolean> postBindingAuthnRequest()

When this realm requests authentication from the external SAML IDP, which SAML binding should be used? If set to off, then the Redirect Binding will be used.

postBindingLogout

public abstract Optional<Boolean> postBindingLogout()

Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.

wantAuthnRequestsSigned

public abstract Optional<Boolean> wantAuthnRequestsSigned()

If true, it will use the realm’s keypair to sign requests sent to the external SAML IDP.

wantAssertionsSigned

public abstract Optional<Boolean> wantAssertionsSigned()

If Want AuthnRequests Signed is on, then you can also pick the signature algorithm to use.

wantAssertionsEncrypted

public abstract Optional<Boolean> wantAssertionsEncrypted()

Indicates whether this service provider expects an encrypted Assertion.

forceAuthn

public abstract Optional<Boolean> forceAuthn()

Indicates that the user will be forced to enter their credentials at the external IDP even if they are already logged in.

validateSignature

public abstract Optional<Boolean> validateSignature()

Whether or not the realm should expect that SAML requests and responses from the external IDP to be digitally signed. It is highly recommended you turn this on!

allowedClockSkew

public abstract Optional<String> allowedClockSkew()

Gets clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.

singleLogoutServiceUrl

public abstract Optional<String> singleLogoutServiceUrl()

This is an optional field that specifies the SAML logout endpoint. If your SAML IDP publishes an IDP entity descriptor, the value of this field will be specified there.

signingCertificate

public abstract Optional<String> signingCertificate()

The public certificate that will be used to validate the signatures of SAML requests and responses from the external IDP.

type

public IdentityProviderType type()

Description copied from class: IdentityProviderResponse

The identity provider type.

Specified by:

type in class IdentityProviderResponse