Package org.apache.syncope.common.lib.auth

Class SAML2IdPAuthModuleConf

java.lang.Object
org.apache.syncope.common.lib.auth.Pac4jAuthModuleConf
org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf
All Implemented Interfaces:
Serializable, AuthModuleConf, BaseBean
public class SAML2IdPAuthModuleConf extends Pac4jAuthModuleConf implements AuthModuleConf
See Also:

  • Field Details

    • userIdAttribute

      protected String userIdAttribute
      The attribute value that should be used for the authenticated username, upon a successful authentication attempt.

    • destinationBinding

      protected SAML2BindingType destinationBinding
      The destination binding to use when creating authentication requests.

    • serviceProviderMetadataPath

      protected String serviceProviderMetadataPath
      The Service Provider metadata path.

    • keystorePath

      protected String keystorePath
      The path to the keystore.

    • keystorePassword

      protected String keystorePassword
      The password to use when generating the SP keystore.

    • protectedKeyPassword

      protected String protectedKeyPassword
      The password to use when generating the private key for the SP keystore.

    • identityProviderMetadataPath

      protected String identityProviderMetadataPath
      The metadata location of the identity provider that is to handle authentications.

    • nameIdPolicyAllowCreate

      protected String nameIdPolicyAllowCreate
      Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined. Accepted values are true, false or undefined.

    • maximumAuthenticationLifetime

      protected String maximumAuthenticationLifetime
      Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you. By default, the SAML client will accept assertions based on a previous authentication for one hour. You can adjust this behavior by modifying this setting. The unit of time here is seconds.

    • acceptedSkew

      protected String acceptedSkew
      Maximum skew in seconds between SP and IDP clocks. This skew is added onto the NotOnOrAfter field in seconds for the SAML response validation.

    • serviceProviderEntityId

      protected String serviceProviderEntityId
      The entity id of the SP that is used in the SP metadata generation process.

    • forceAuth

      protected boolean forceAuth
      Whether authentication requests should be tagged as forced auth.

    • passive

      protected boolean passive
      Whether authentication requests should be tagged as passive.

    • authnContextClassRefs

      protected final List<String> authnContextClassRefs
      Requested authentication context class in authn requests.

    • authnContextComparisonType

      protected String authnContextComparisonType
      Specifies the comparison rule that should be used to evaluate the specified authentication methods. For example, if exact is specified, the authentication method used must match one of the authentication methods specified by the AuthnContextClassRef elements. AuthContextClassRef element require comparison rule to be used to evaluate the specified authentication methods. If not explicitly specified "exact" rule will be used by default. Other acceptable values are minimum, maximum, better.

    • nameIdPolicyFormat

      protected String nameIdPolicyFormat
      NameID policy to request in the authentication requests.

    • responsesSigned

      protected boolean responsesSigned
      Whether metadata should be marked to request response signed.

    • wantsAssertionsSigned

      protected boolean wantsAssertionsSigned
      Whether metadata should be marked to request sign assertions.

    • attributeConsumingServiceIndex

      protected int attributeConsumingServiceIndex
      AttributeConsumingServiceIndex attribute of AuthnRequest element. The given index points out a specific AttributeConsumingService structure, declared into the Service Provider (SP)'s metadata, to be used to specify all the attributes that the Service Provider is asking to be released within the authentication assertion returned by the Identity Provider (IdP). This attribute won't be sent with the request unless a positive value (including 0) is defined.

    • assertionConsumerServiceIndex

      protected int assertionConsumerServiceIndex
      Allows the SAML client to select a specific ACS url from the metadata, if defined. A negative value de-activates the selection process and is the default.

    • useNameQualifier

      protected boolean useNameQualifier
      Whether name qualifiers should be produced in the final saml response.

    • signServiceProviderMetadata

      protected boolean signServiceProviderMetadata
      Whether or not SAML SP metadata should be signed when generated.

    • signAuthnRequest

      protected boolean signAuthnRequest
      Whether or not the authnRequest should be signed.

    • signServiceProviderLogoutRequest

      protected boolean signServiceProviderLogoutRequest
      Whether or not the Logout Request sent from the SP should be signed.

    • blockedSignatureSigningAlgorithms

      protected final List<String> blockedSignatureSigningAlgorithms
      Collection of signing signature blacklisted algorithms, if any, to override the global defaults.

    • signatureAlgorithms

      protected final List<String> signatureAlgorithms
      Collection of signing signature algorithms, if any, to override the global defaults.

    • signatureReferenceDigestMethods

      protected final List<String> signatureReferenceDigestMethods
      Collection of signing signature reference digest methods, if any, to override the global defaults.

    • signatureCanonicalizationAlgorithm

      protected String signatureCanonicalizationAlgorithm
      The signing signature canonicalization algorithm, if any, to override the global defaults.

    • providerName

      protected String providerName
      Provider name set for the saml authentication request. Sets the human-readable name of the requester for use by the presenter's user agent or the identity provider.

  • Constructor Details

    • SAML2IdPAuthModuleConf

      public SAML2IdPAuthModuleConf()

  • Method Details

    • getUserIdAttribute

      public String getUserIdAttribute()

    • setUserIdAttribute

      public void setUserIdAttribute(String userIdAttribute)

    • getDestinationBinding

      public SAML2BindingType getDestinationBinding()

    • setDestinationBinding

      public void setDestinationBinding(SAML2BindingType destinationBinding)

    • getServiceProviderMetadataPath

      public String getServiceProviderMetadataPath()

    • setServiceProviderMetadataPath

      public void setServiceProviderMetadataPath(String serviceProviderMetadataPath)

    • getKeystorePath

      public String getKeystorePath()

    • setKeystorePath

      public void setKeystorePath(String keystorePath)

    • getKeystorePassword

      public String getKeystorePassword()

    • setKeystorePassword

      public void setKeystorePassword(String keystorePassword)

    • getPrivateKeyPassword

      public String getPrivateKeyPassword()

    • setPrivateKeyPassword

      public void setPrivateKeyPassword(String protectedKeyPassword)

    • getIdentityProviderMetadataPath

      public String getIdentityProviderMetadataPath()

    • setIdentityProviderMetadataPath

      public void setIdentityProviderMetadataPath(String identityProviderMetadataPath)

    • getMaximumAuthenticationLifetime

      public String getMaximumAuthenticationLifetime()

    • setMaximumAuthenticationLifetime

      public void setMaximumAuthenticationLifetime(String maximumAuthenticationLifetime)

    • getAcceptedSkew

      public String getAcceptedSkew()

    • setAcceptedSkew

      public void setAcceptedSkew(String acceptedSkew)

    • getServiceProviderEntityId

      public String getServiceProviderEntityId()

    • setServiceProviderEntityId

      public void setServiceProviderEntityId(String serviceProviderEntityId)

    • isForceAuth

      public boolean isForceAuth()

    • setForceAuth

      public void setForceAuth(boolean forceAuth)

    • isPassive

      public boolean isPassive()

    • setPassive

      public void setPassive(boolean passive)

    • getNameIdPolicyAllowCreate

      public String getNameIdPolicyAllowCreate()

    • setNameIdPolicyAllowCreate

      public void setNameIdPolicyAllowCreate(String nameIdPolicyAllowCreate)

    • getAuthnContextClassRefs

      public List<String> getAuthnContextClassRefs()

    • getAuthnContextComparisonType

      public String getAuthnContextComparisonType()

    • setAuthnContextComparisonType

      public void setAuthnContextComparisonType(String authnContextComparisonType)

    • getNameIdPolicyFormat

      public String getNameIdPolicyFormat()

    • setNameIdPolicyFormat

      public void setNameIdPolicyFormat(String nameIdPolicyFormat)

    • isResponsesSigned

      public boolean isResponsesSigned()

    • setResponsesSigned

      public void setResponsesSigned(boolean responsesSigned)

    • isWantsAssertionsSigned

      public boolean isWantsAssertionsSigned()

    • setWantsAssertionsSigned

      public void setWantsAssertionsSigned(boolean wantsAssertionsSigned)

    • getAttributeConsumingServiceIndex

      public int getAttributeConsumingServiceIndex()

    • setAttributeConsumingServiceIndex

      public void setAttributeConsumingServiceIndex(int attributeConsumingServiceIndex)

    • getAssertionConsumerServiceIndex

      public int getAssertionConsumerServiceIndex()

    • setAssertionConsumerServiceIndex

      public void setAssertionConsumerServiceIndex(int assertionConsumerServiceIndex)

    • isUseNameQualifier

      public boolean isUseNameQualifier()

    • setUseNameQualifier

      public void setUseNameQualifier(boolean useNameQualifier)

    • isSignServiceProviderMetadata

      public boolean isSignServiceProviderMetadata()

    • setSignServiceProviderMetadata

      public void setSignServiceProviderMetadata(boolean signServiceProviderMetadata)

    • isSignAuthnRequest

      public boolean isSignAuthnRequest()

    • setSignAuthnRequest

      public void setSignAuthnRequest(boolean signAuthnRequest)

    • isSignServiceProviderLogoutRequest

      public boolean isSignServiceProviderLogoutRequest()

    • setSignServiceProviderLogoutRequest

      public void setSignServiceProviderLogoutRequest(boolean signServiceProviderLogoutRequest)

    • getBlockedSignatureSigningAlgorithms

      public List<String> getBlockedSignatureSigningAlgorithms()

    • getSignatureAlgorithms

      public List<String> getSignatureAlgorithms()

    • getSignatureReferenceDigestMethods

      public List<String> getSignatureReferenceDigestMethods()

    • getSignatureCanonicalizationAlgorithm

      public String getSignatureCanonicalizationAlgorithm()

    • setSignatureCanonicalizationAlgorithm

      public void setSignatureCanonicalizationAlgorithm(String signatureCanonicalizationAlgorithm)

    • getProviderName

      public String getProviderName()

    • setProviderName

      public void setProviderName(String providerName)

    • map

      public Map<String,Object> map(AuthModuleTO authModule, AuthModuleConf.Mapper mapper)
      Specified by:
      map in interface AuthModuleConf