Package org.apache.syncope.common.lib.auth

Class SAML2IdPAuthModuleConf

    • Field Detail

      • userIdAttribute

        protected String userIdAttribute
        The attribute value that should be used for the authenticated username, upon a successful authentication attempt.

      • destinationBinding

        protected SAML2BindingType destinationBinding
        The destination binding to use when creating authentication requests.

      • serviceProviderMetadataPath

        protected String serviceProviderMetadataPath
        The Service Provider metadata path.

      • keystorePath

        protected String keystorePath
        The path to the keystore.

      • keystorePassword

        protected String keystorePassword
        The password to use when generating the SP keystore.

      • protectedKeyPassword

        protected String protectedKeyPassword
        The password to use when generating the private key for the SP keystore.

      • identityProviderMetadataPath

        protected String identityProviderMetadataPath
        The metadata location of the identity provider that is to handle authentications.

      • nameIdPolicyAllowCreate

        protected String nameIdPolicyAllowCreate
        Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined. Accepted values are true, false or undefined.

      • maximumAuthenticationLifetime

        protected String maximumAuthenticationLifetime
        Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you. By default, the SAML client will accept assertions based on a previous authentication for one hour. You can adjust this behavior by modifying this setting. The unit of time here is seconds.

      • acceptedSkew

        protected String acceptedSkew
        Maximum skew in seconds between SP and IDP clocks. This skew is added onto the NotOnOrAfter field in seconds for the SAML response validation.

      • serviceProviderEntityId

        protected String serviceProviderEntityId
        The entity id of the SP that is used in the SP metadata generation process.

      • forceAuth

        protected boolean forceAuth
        Whether authentication requests should be tagged as forced auth.

      • passive

        protected boolean passive
        Whether authentication requests should be tagged as passive.

      • authnContextClassRefs

        protected final List<String> authnContextClassRefs
        Requested authentication context class in authn requests.

      • authnContextComparisonType

        protected String authnContextComparisonType
        Specifies the comparison rule that should be used to evaluate the specified authentication methods. For example, if exact is specified, the authentication method used must match one of the authentication methods specified by the AuthnContextClassRef elements. AuthContextClassRef element require comparison rule to be used to evaluate the specified authentication methods. If not explicitly specified "exact" rule will be used by default. Other acceptable values are minimum, maximum, better.

      • keystoreAlias

        protected String keystoreAlias
        The key alias used in the keystore.

      • nameIdPolicyFormat

        protected String nameIdPolicyFormat
        NameID policy to request in the authentication requests.

      • responsesSigned

        protected boolean responsesSigned
        Whether metadata should be marked to request response signed.

      • wantsAssertionsSigned

        protected boolean wantsAssertionsSigned
        Whether metadata should be marked to request sign assertions.

      • attributeConsumingServiceIndex

        protected int attributeConsumingServiceIndex
        AttributeConsumingServiceIndex attribute of AuthnRequest element. The given index points out a specific AttributeConsumingService structure, declared into the Service Provider (SP)'s metadata, to be used to specify all the attributes that the Service Provider is asking to be released within the authentication assertion returned by the Identity Provider (IdP). This attribute won't be sent with the request unless a positive value (including 0) is defined.

      • assertionConsumerServiceIndex

        protected int assertionConsumerServiceIndex
        Allows the SAML client to select a specific ACS url from the metadata, if defined. A negative value de-activates the selection process and is the default.

      • useNameQualifier

        protected boolean useNameQualifier
        Whether name qualifiers should be produced in the final saml response.

      • signServiceProviderMetadata

        protected boolean signServiceProviderMetadata
        Whether or not SAML SP metadata should be signed when generated.

      • signAuthnRequest

        protected boolean signAuthnRequest
        Whether or not the authnRequest should be signed.

      • signServiceProviderLogoutRequest

        protected boolean signServiceProviderLogoutRequest
        Whether or not the Logout Request sent from the SP should be signed.

      • blockedSignatureSigningAlgorithms

        protected final List<String> blockedSignatureSigningAlgorithms
        Collection of signing signature blacklisted algorithms, if any, to override the global defaults.

      • signatureAlgorithms

        protected final List<String> signatureAlgorithms
        Collection of signing signature algorithms, if any, to override the global defaults.

      • signatureReferenceDigestMethods

        protected final List<String> signatureReferenceDigestMethods
        Collection of signing signature reference digest methods, if any, to override the global defaults.

      • signatureCanonicalizationAlgorithm

        protected String signatureCanonicalizationAlgorithm
        The signing signature canonicalization algorithm, if any, to override the global defaults.

      • providerName

        protected String providerName
        Provider name set for the saml authentication request. Sets the human-readable name of the requester for use by the presenter's user agent or the identity provider.

    • Constructor Detail

      • SAML2IdPAuthModuleConf

        public SAML2IdPAuthModuleConf()

    • Method Detail

      • getUserIdAttribute

        public String getUserIdAttribute()

      • setUserIdAttribute

        public void setUserIdAttribute​(String userIdAttribute)

      • setDestinationBinding

        public void setDestinationBinding​(SAML2BindingType destinationBinding)

      • getServiceProviderMetadataPath

        public String getServiceProviderMetadataPath()

      • setServiceProviderMetadataPath

        public void setServiceProviderMetadataPath​(String serviceProviderMetadataPath)

      • getKeystorePath

        public String getKeystorePath()

      • setKeystorePath

        public void setKeystorePath​(String keystorePath)

      • getKeystorePassword

        public String getKeystorePassword()

      • setKeystorePassword

        public void setKeystorePassword​(String keystorePassword)

      • getPrivateKeyPassword

        public String getPrivateKeyPassword()

      • setPrivateKeyPassword

        public void setPrivateKeyPassword​(String protectedKeyPassword)

      • getIdentityProviderMetadataPath

        public String getIdentityProviderMetadataPath()

      • setIdentityProviderMetadataPath

        public void setIdentityProviderMetadataPath​(String identityProviderMetadataPath)

      • getMaximumAuthenticationLifetime

        public String getMaximumAuthenticationLifetime()

      • setMaximumAuthenticationLifetime

        public void setMaximumAuthenticationLifetime​(String maximumAuthenticationLifetime)

      • getAcceptedSkew

        public String getAcceptedSkew()

      • setAcceptedSkew

        public void setAcceptedSkew​(String acceptedSkew)

      • getServiceProviderEntityId

        public String getServiceProviderEntityId()

      • setServiceProviderEntityId

        public void setServiceProviderEntityId​(String serviceProviderEntityId)

      • isForceAuth

        public boolean isForceAuth()

      • setForceAuth

        public void setForceAuth​(boolean forceAuth)

      • isPassive

        public boolean isPassive()

      • setPassive

        public void setPassive​(boolean passive)

      • getNameIdPolicyAllowCreate

        public String getNameIdPolicyAllowCreate()

      • setNameIdPolicyAllowCreate

        public void setNameIdPolicyAllowCreate​(String nameIdPolicyAllowCreate)

      • getAuthnContextClassRefs

        public List<String> getAuthnContextClassRefs()

      • getAuthnContextComparisonType

        public String getAuthnContextComparisonType()

      • setAuthnContextComparisonType

        public void setAuthnContextComparisonType​(String authnContextComparisonType)

      • getKeystoreAlias

        public String getKeystoreAlias()

      • setKeystoreAlias

        public void setKeystoreAlias​(String keystoreAlias)

      • getNameIdPolicyFormat

        public String getNameIdPolicyFormat()

      • setNameIdPolicyFormat

        public void setNameIdPolicyFormat​(String nameIdPolicyFormat)

      • isResponsesSigned

        public boolean isResponsesSigned()

      • setResponsesSigned

        public void setResponsesSigned​(boolean responsesSigned)

      • isWantsAssertionsSigned

        public boolean isWantsAssertionsSigned()

      • setWantsAssertionsSigned

        public void setWantsAssertionsSigned​(boolean wantsAssertionsSigned)

      • getAttributeConsumingServiceIndex

        public int getAttributeConsumingServiceIndex()

      • setAttributeConsumingServiceIndex

        public void setAttributeConsumingServiceIndex​(int attributeConsumingServiceIndex)

      • getAssertionConsumerServiceIndex

        public int getAssertionConsumerServiceIndex()

      • setAssertionConsumerServiceIndex

        public void setAssertionConsumerServiceIndex​(int assertionConsumerServiceIndex)

      • isUseNameQualifier

        public boolean isUseNameQualifier()

      • setUseNameQualifier

        public void setUseNameQualifier​(boolean useNameQualifier)

      • isSignServiceProviderMetadata

        public boolean isSignServiceProviderMetadata()

      • setSignServiceProviderMetadata

        public void setSignServiceProviderMetadata​(boolean signServiceProviderMetadata)

      • isSignAuthnRequest

        public boolean isSignAuthnRequest()

      • setSignAuthnRequest

        public void setSignAuthnRequest​(boolean signAuthnRequest)

      • isSignServiceProviderLogoutRequest

        public boolean isSignServiceProviderLogoutRequest()

      • setSignServiceProviderLogoutRequest

        public void setSignServiceProviderLogoutRequest​(boolean signServiceProviderLogoutRequest)

      • getBlockedSignatureSigningAlgorithms

        public List<String> getBlockedSignatureSigningAlgorithms()

      • getSignatureAlgorithms

        public List<String> getSignatureAlgorithms()

      • getSignatureReferenceDigestMethods

        public List<String> getSignatureReferenceDigestMethods()

      • getSignatureCanonicalizationAlgorithm

        public String getSignatureCanonicalizationAlgorithm()

      • setSignatureCanonicalizationAlgorithm

        public void setSignatureCanonicalizationAlgorithm​(String signatureCanonicalizationAlgorithm)

      • getProviderName

        public String getProviderName()

      • setProviderName

        public void setProviderName​(String providerName)