com.github.ulisesbocchio.spring.boot.security.saml.properties.WebSSOProfileOptionProperties Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of spring-boot-security-saml Show documentation
Show all versions of spring-boot-security-saml Show documentation
Eases Integration between Spring Boot and spring-security-saml through properties and adapters
The newest version!
package com.github.ulisesbocchio.spring.boot.security.saml.properties;
import lombok.Data;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import java.util.List;
import java.util.Set;
/**
* Configuration Properties for {@link org.springframework.security.saml.websso.WebSSOProfileOptions}
*
* @author Ulises Bocchio
*/
@Data
public class WebSSOProfileOptionProperties {
/**
* Spring boot binding-friendly version of {@link AuthnContextComparisonTypeEnumeration}
*/
public enum AuthnContextComparisonType {
MINIMUM(AuthnContextComparisonTypeEnumeration.MINIMUM),
EXACT(AuthnContextComparisonTypeEnumeration.EXACT),
BETTER(AuthnContextComparisonTypeEnumeration.BETTER),
MAXIMUM(AuthnContextComparisonTypeEnumeration.MAXIMUM);
private final AuthnContextComparisonTypeEnumeration typeEnumeration;
AuthnContextComparisonType(AuthnContextComparisonTypeEnumeration typeEnumeration) {
this.typeEnumeration = typeEnumeration;
}
public AuthnContextComparisonTypeEnumeration getType() {
return this.typeEnumeration;
}
}
/**
* Binding to be used for for sending SAML message to IDP.
*/
private String binding;
/**
* List of IDPs which are allowed to process the created AuthnRequest. IDP the request will be sent to is added
* automatically. In case value is null the allowedIdps will not be included in the Scoping element.
*
* Property includeScoping must be enabled for this value to take any effect.
*
*/
private Set allowedIdps;
/**
* Human readable name of the local entity.
*/
private String providerName;
/**
* When set determines assertionConsumerService and binding to which should IDP send response. By default
* service is determined automatically. Available indexes can be found in metadata of this service provider.
*/
private Integer assertionConsumerIndex;
/**
* NameID to used or null to omit NameIDPolicy from request.
*/
private String nameId;
/**
* Flag indicating whether IDP can create new user based on the current authentication request. Null value will
* omit field from the request.
*/
private Boolean allowCreate;
/**
* Whether the IdP should refrain from interacting with the user during the authentication process. Boolean
* values will be marshalled to either "true" or "false".
*/
private Boolean passive = false;
/**
* Whether to always force Authentication when redirected to the IDP or to allow IDP-managed sessions (basically disables Single Sign On for the local entity).
*/
private Boolean forceAuthn = false;
/**
* True if scoping element should be included in the requests sent to IDP.
*/
private Boolean includeScoping = true;
/**
* Null to skip proxyCount, 0 to disable proxying, >0 to allow proxying
*/
private Integer proxyCount = 2;
/**
* Relay state sent to the IDP as part of the authentication request. Value will be returned by IDP and made available
* in the SAMLCredential after successful authentication.
*/
private String relayState;
/**
* Enable different {@link org.opensaml.saml2.core.AuthnContext} to be sent and validated based on {@code authnContextComparison}.
*/
private List authnContexts;
/**
* Comparison to use for WebSSO requests. No change for null values.
*/
private AuthnContextComparisonType authnContextComparison = AuthnContextComparisonType.EXACT;
}