Package org.springframework.security.saml2.provider.service.registration

Class RelyingPartyRegistration

java.lang.Object

org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

OpenSamlRelyingPartyRegistration

public class RelyingPartyRegistration
extends Object
implements Serializable

Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.

Each RP/AP pair is uniquely identified using a registrationId, an arbitrary string.

A fully configured registration may look like:

        String registrationId = "simplesamlphp";

        String relyingPartyEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
        String assertionConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}";
        Saml2X509Credential relyingPartySigningCredential = ...;

        String assertingPartyEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
        String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
        Saml2X509Credential assertingPartyVerificationCredential = ...;


        RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId)
                        .entityId(relyingPartyEntityId)
                        .assertionConsumerServiceLocation(assertingConsumerServiceLocation)
                        .signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
                        .assertingPartyDetails((details) -> details
                                .entityId(assertingPartyEntityId));
                                .singleSignOnServiceLocation(singleSignOnServiceLocation))
                                .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
                        .build();
 

Since:

5.2

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RelyingPartyRegistration.AssertingPartyDetails	The configuration metadata of the Asserting party
static class	RelyingPartyRegistration.Builder

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	RelyingPartyRegistration(String registrationId, String entityId, String assertionConsumerServiceLocation, Saml2MessageBinding assertionConsumerServiceBinding, String singleLogoutServiceLocation, String singleLogoutServiceResponseLocation, Collection<Saml2MessageBinding> singleLogoutServiceBindings, RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails, String nameIdFormat, boolean authnRequestsSigned, Collection<Saml2X509Credential> decryptionX509Credentials, Collection<Saml2X509Credential> signingX509Credentials)

Method Summary

Modifier and Type	Method	Description
RelyingPartyRegistration.AssertingPartyDetails	getAssertingPartyDetails()	Deprecated. Use getAssertingPartyMetadata() instead
AssertingPartyMetadata	getAssertingPartyMetadata()	Get the metadata for the Asserting Party
Saml2MessageBinding	getAssertionConsumerServiceBinding()	Get the AssertionConsumerService Binding.
String	getAssertionConsumerServiceLocation()	Get the AssertionConsumerService Location.
Collection<Saml2X509Credential>	getDecryptionX509Credentials()	Get the Collection of decryption Saml2X509Credentials associated with this relying party
String	getEntityId()	Get the relying party's EntityID.
String	getNameIdFormat()	Get the NameID format.
String	getRegistrationId()	Get the unique registration id for this RP/AP pair
Collection<Saml2X509Credential>	getSigningX509Credentials()	Get the Collection of signing Saml2X509Credentials associated with this relying party
Saml2MessageBinding	getSingleLogoutServiceBinding()	Get the SingleLogoutService Binding
Collection<Saml2MessageBinding>	getSingleLogoutServiceBindings()	Get the SingleLogoutService Binding
String	getSingleLogoutServiceLocation()	Get the SingleLogoutService Location
String	getSingleLogoutServiceResponseLocation()	Get the SingleLogoutService Response Location
boolean	isAuthnRequestsSigned()	Get the AuthnRequestsSigned setting.
RelyingPartyRegistration.Builder	mutate()	Copy the properties in this RelyingPartyRegistration into a RelyingPartyRegistration.Builder
static RelyingPartyRegistration.Builder	withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails)	Deprecated, for removal: This API element is subject to removal in a future version. Use withAssertingPartyMetadata(org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata) instead
static RelyingPartyRegistration.Builder	withAssertingPartyMetadata(AssertingPartyMetadata metadata)	Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a registrationId equivalent to the asserting party entity id.
static RelyingPartyRegistration.Builder	withRegistrationId(String registrationId)	Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a known registrationId
static RelyingPartyRegistration.Builder	withRelyingPartyRegistration(RelyingPartyRegistration registration)	Deprecated, for removal: This API element is subject to removal in a future version. Use mutate() instead

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RelyingPartyRegistration

protected RelyingPartyRegistration(String registrationId,
 String entityId,
 String assertionConsumerServiceLocation,
 Saml2MessageBinding assertionConsumerServiceBinding,
 String singleLogoutServiceLocation,
 String singleLogoutServiceResponseLocation,
 Collection<Saml2MessageBinding> singleLogoutServiceBindings,
 RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails,
 String nameIdFormat,
 boolean authnRequestsSigned,
 Collection<Saml2X509Credential> decryptionX509Credentials,
 Collection<Saml2X509Credential> signingX509Credentials)

Method Details

mutate

public RelyingPartyRegistration.Builder mutate()

Copy the properties in this RelyingPartyRegistration into a RelyingPartyRegistration.Builder

Returns:

a RelyingPartyRegistration.Builder based off of the properties in this RelyingPartyRegistration

Since:

6.1

getRegistrationId

public String getRegistrationId()

Get the unique registration id for this RP/AP pair

Returns:

the unique registration id for this RP/AP pair

getEntityId

public String getEntityId()

Get the relying party's EntityID.

Equivalent to the value found in the relying party's <EntityDescriptor EntityID="..."/>

This value may contain a number of placeholders, which need to be resolved before use. They are baseUrl, registrationId, baseScheme, baseHost, and basePort.

Returns:

the relying party's EntityID

Since:

5.4

getAssertionConsumerServiceLocation

public String getAssertionConsumerServiceLocation()

Get the AssertionConsumerService Location. Equivalent to the value found in <AssertionConsumerService Location="..."/> in the relying party's <SPSSODescriptor>. This value may contain a number of placeholders, which need to be resolved before use. They are baseUrl, registrationId, baseScheme, baseHost, and basePort.

Returns:

the AssertionConsumerService Location

Since:

5.4

getAssertionConsumerServiceBinding

public Saml2MessageBinding getAssertionConsumerServiceBinding()

Get the AssertionConsumerService Binding. Equivalent to the value found in <AssertionConsumerService Binding="..."/> in the relying party's <SPSSODescriptor>.

Returns:

the AssertionConsumerService Binding

Since:

5.4

getSingleLogoutServiceBinding

public Saml2MessageBinding getSingleLogoutServiceBinding()

Get the SingleLogoutService Binding

Equivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.

Returns:

the SingleLogoutService Binding

Since:

5.6

getSingleLogoutServiceBindings

public Collection<Saml2MessageBinding> getSingleLogoutServiceBindings()

Get the SingleLogoutService Binding

Equivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.

Returns:

the SingleLogoutService Binding

Since:

5.8

getSingleLogoutServiceLocation

public String getSingleLogoutServiceLocation()

Get the SingleLogoutService Location

Equivalent to the value found in <SingleLogoutService Location="..."/> in the relying party's <SPSSODescriptor>.

Returns:

the SingleLogoutService Location

Since:

5.6

getSingleLogoutServiceResponseLocation

public String getSingleLogoutServiceResponseLocation()

Get the SingleLogoutService Response Location

Equivalent to the value found in <SingleLogoutService ResponseLocation="..."/> in the relying party's <SPSSODescriptor>.

Returns:

the SingleLogoutService Response Location

Since:

5.6

getNameIdFormat

public String getNameIdFormat()

Get the NameID format.

Returns:

the NameID format

Since:

5.7

isAuthnRequestsSigned

public boolean isAuthnRequestsSigned()

Get the AuthnRequestsSigned setting. If true, the relying party will sign all AuthnRequests, regardless of asserting party preference.

Note that Spring Security will sign the request if either isAuthnRequestsSigned() is true or RelyingPartyRegistration.AssertingPartyDetails.getWantAuthnRequestsSigned() is true.

Returns:

the relying-party preference

Since:

6.1

getDecryptionX509Credentials

public Collection<Saml2X509Credential> getDecryptionX509Credentials()

Get the Collection of decryption Saml2X509Credentials associated with this relying party

Returns:

the Collection of decryption Saml2X509Credentials associated with this relying party

Since:

5.4

getSigningX509Credentials

public Collection<Saml2X509Credential> getSigningX509Credentials()

Get the Collection of signing Saml2X509Credentials associated with this relying party

Returns:

the Collection of signing Saml2X509Credentials associated with this relying party

Since:

5.4

getAssertingPartyDetails

@Deprecated
public RelyingPartyRegistration.AssertingPartyDetails getAssertingPartyDetails()

Deprecated.

Use getAssertingPartyMetadata() instead

Get the configuration details for the Asserting Party

Returns:

the RelyingPartyRegistration.AssertingPartyDetails

Since:

5.4

getAssertingPartyMetadata

public AssertingPartyMetadata getAssertingPartyMetadata()

Get the metadata for the Asserting Party

Returns:

the RelyingPartyRegistration.AssertingPartyDetails

Since:

6.4

withRegistrationId

public static RelyingPartyRegistration.Builder withRegistrationId(String registrationId)

Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a known registrationId

Parameters:

registrationId - a string identifier for the RelyingPartyRegistration

Returns:

Builder to create a RelyingPartyRegistration object

withAssertingPartyDetails

@Deprecated(forRemoval=true,
            since="6.4")
public static RelyingPartyRegistration.Builder withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails)

Deprecated, for removal: This API element is subject to removal in a future version.

Use withAssertingPartyMetadata(org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata) instead

Parameters:

assertingPartyDetails - the asserting party metadata

Returns:

Builder to create a RelyingPartyRegistration object

withAssertingPartyMetadata

public static RelyingPartyRegistration.Builder withAssertingPartyMetadata(AssertingPartyMetadata metadata)

Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a registrationId equivalent to the asserting party entity id. Also initializes to the contents of the given AssertingPartyMetadata.

Presented as a convenience method when working with AssertingPartyMetadataRepository return values. As such, only supports AssertingPartyMetadata instances of type RelyingPartyRegistration.AssertingPartyDetails.

Parameters:

metadata - the metadata used to initialize the RelyingPartyRegistration RelyingPartyRegistration.Builder

Returns:

RelyingPartyRegistration.Builder to create a RelyingPartyRegistration object

Since:

6.4

withRelyingPartyRegistration

@Deprecated(forRemoval=true,
            since="6.1")
public static RelyingPartyRegistration.Builder withRelyingPartyRegistration(RelyingPartyRegistration registration)

Deprecated, for removal: This API element is subject to removal in a future version.

Use mutate() instead

Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder based on an existing object

Parameters:

registration - the RelyingPartyRegistration

Returns:

Builder to create a RelyingPartyRegistration object