Package org.springframework.security.saml2.provider.service.registration

Class RelyingPartyRegistration

  • public final class RelyingPartyRegistration
extends java.lang.Object
    Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.

    Each RP/AP pair is uniquely identified using a registrationId, an arbitrary string.

    A fully configured registration may look like: 

            String registrationId = "simplesamlphp";

        String relyingPartyEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
        String assertionConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}";
        Saml2X509Credential relyingPartySigningCredential = ...;

        String assertingPartyEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
        String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
        Saml2X509Credential assertingPartyVerificationCredential = ...;


        RelyingPartyRegistration rp = RelyingPartyRegistration.withRegistrationId(registrationId)
                        .entityId(relyingPartyEntityId)
                        .assertionConsumerServiceLocation(assertingConsumerServiceLocation)
                        .signingX509Credentials((c) -> c.add(relyingPartySigningCredential))
                        .assertingPartyDetails((details) -> details
                                .entityId(assertingPartyEntityId));
                                .singleSignOnServiceLocation(singleSignOnServiceLocation))
                                .verifyingX509Credentials((c) -> c.add(assertingPartyVerificationCredential))
                        .build();
    Since:
    5.2

    • Method Detail

      • getRegistrationId

        public java.lang.String getRegistrationId()
        Get the unique registration id for this RP/AP pair
        Returns:
        the unique registration id for this RP/AP pair

      • getEntityId

        public java.lang.String getEntityId()
        Get the relying party's EntityID.

        Equivalent to the value found in the relying party's <EntityDescriptor EntityID="..."/>

        This value may contain a number of placeholders, which need to be resolved before use. They are baseUrl, registrationId, baseScheme, baseHost, and basePort.

        Returns:
        the relying party's EntityID
        Since:
        5.4

      • getAssertionConsumerServiceLocation

        public java.lang.String getAssertionConsumerServiceLocation()
        Get the AssertionConsumerService Location. Equivalent to the value found in <AssertionConsumerService Location="..."/> in the relying party's <SPSSODescriptor>. This value may contain a number of placeholders, which need to be resolved before use. They are baseUrl, registrationId, baseScheme, baseHost, and basePort.
        Returns:
        the AssertionConsumerService Location
        Since:
        5.4

      • getAssertionConsumerServiceBinding

        public Saml2MessageBinding getAssertionConsumerServiceBinding()
        Get the AssertionConsumerService Binding. Equivalent to the value found in <AssertionConsumerService Binding="..."/> in the relying party's <SPSSODescriptor>.
        Returns:
        the AssertionConsumerService Binding
        Since:
        5.4

      • getSingleLogoutServiceBinding

        public Saml2MessageBinding getSingleLogoutServiceBinding()
        Get the SingleLogoutService Binding

        Equivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.

        Returns:
        the SingleLogoutService Binding
        Since:
        5.6

      • getSingleLogoutServiceBindings

        public java.util.Collection<Saml2MessageBinding> getSingleLogoutServiceBindings()
        Get the SingleLogoutService Binding

        Equivalent to the value found in <SingleLogoutService Binding="..."/> in the relying party's <SPSSODescriptor>.

        Returns:
        the SingleLogoutService Binding
        Since:
        5.8

      • getSingleLogoutServiceLocation

        public java.lang.String getSingleLogoutServiceLocation()
        Get the SingleLogoutService Location

        Equivalent to the value found in <SingleLogoutService Location="..."/> in the relying party's <SPSSODescriptor>.

        Returns:
        the SingleLogoutService Location
        Since:
        5.6

      • getSingleLogoutServiceResponseLocation

        public java.lang.String getSingleLogoutServiceResponseLocation()
        Get the SingleLogoutService Response Location

        Equivalent to the value found in <SingleLogoutService ResponseLocation="..."/> in the relying party's <SPSSODescriptor>.

        Returns:
        the SingleLogoutService Response Location
        Since:
        5.6

      • getNameIdFormat

        public java.lang.String getNameIdFormat()
        Get the NameID format.
        Returns:
        the NameID format
        Since:
        5.7

      • getDecryptionX509Credentials

        public java.util.Collection<Saml2X509Credential> getDecryptionX509Credentials()
        Get the Collection of decryption Saml2X509Credentials associated with this relying party
        Returns:
        the Collection of decryption Saml2X509Credentials associated with this relying party
        Since:
        5.4

      • getSigningX509Credentials

        public java.util.Collection<Saml2X509Credential> getSigningX509Credentials()
        Get the Collection of signing Saml2X509Credentials associated with this relying party
        Returns:
        the Collection of signing Saml2X509Credentials associated with this relying party
        Since:
        5.4

      • getAssertionConsumerServiceUrlTemplate

        @Deprecated
public java.lang.String getAssertionConsumerServiceUrlTemplate()
        Deprecated.
        Use getAssertionConsumerServiceLocation() instead
        returns the URL template for which ACS URL authentication requests should contain Possible variables are baseUrl, registrationId, baseScheme, baseHost, and basePort.
        Returns:
        string containing the ACS URL template, with or without variables present

      • getLocalEntityIdTemplate

        @Deprecated
public java.lang.String getLocalEntityIdTemplate()
        Deprecated.
        Use getEntityId() instead
        The local relying party, or Service Provider, can generate it's entity ID based on possible variables of baseUrl, registrationId, baseScheme, baseHost, and basePort, for example {baseUrl}/saml2/service-provider-metadata/{registrationId}
        Returns:
        a string containing the entity ID or entity ID template

      • getCredentials

        @Deprecated
public java.util.List<Saml2X509Credential> getCredentials()
        Deprecated.
        Instead of retrieving all credentials, use the appropriate method for obtaining the correct type
        Returns a list of configured credentials to be used in message exchanges between relying party, SP, and asserting party, IDP.
        Returns:
        a list of credentials

      • withRegistrationId

        public static RelyingPartyRegistration.Builder withRegistrationId​(java.lang.String registrationId)
        Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a known registrationId
        Parameters:
        registrationId - a string identifier for the RelyingPartyRegistration
        Returns:
        Builder to create a RelyingPartyRegistration object