Package org.springframework.security.saml2.provider.service.authentication

Class OpenSaml5AuthenticationProvider.ResponseAuthenticationConverter

java.lang.Object

org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider.ResponseAuthenticationConverter

All Implemented Interfaces:

org.springframework.core.convert.converter.Converter<OpenSaml5AuthenticationProvider.ResponseToken,Saml2Authentication>

Enclosing class:

OpenSaml5AuthenticationProvider

public static final class OpenSaml5AuthenticationProvider.ResponseAuthenticationConverter
extends Object
implements org.springframework.core.convert.converter.Converter<OpenSaml5AuthenticationProvider.ResponseToken,Saml2Authentication>

A default implementation of OpenSaml5AuthenticationProvider's response authentication converter. It will take the principal name from the NameID element. It will also extract the assertion attributes and session indexes. You can either configure the principal name converter and granted authorities converter in this class or you can post-process this class's result through delegation.

Since:

6.5

Constructor Summary

Constructors

Constructor	Description
ResponseAuthenticationConverter()

Method Summary

Modifier and Type	Method	Description
Saml2Authentication	convert(OpenSaml5AuthenticationProvider.ResponseToken responseToken)
void	setGrantedAuthoritiesConverter(org.springframework.core.convert.converter.Converter<org.opensaml.saml.saml2.core.Assertion,Collection<org.springframework.security.core.GrantedAuthority>> grantedAuthoritiesConverter)	Use this strategy to grant authorities to a principal given the first Assertion in the response.
void	setPrincipalNameConverter(org.springframework.core.convert.converter.Converter<org.opensaml.saml.saml2.core.Assertion,String> principalNameConverter)	Use this strategy to extract the principal name from the Assertion.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.core.convert.converter.Converter

andThen

Constructor Details

ResponseAuthenticationConverter

public ResponseAuthenticationConverter()

Method Details

convert

public Saml2Authentication convert(OpenSaml5AuthenticationProvider.ResponseToken responseToken)

Specified by:

convert in interface org.springframework.core.convert.converter.Converter<OpenSaml5AuthenticationProvider.ResponseToken,Saml2Authentication>

setPrincipalNameConverter

public void setPrincipalNameConverter(org.springframework.core.convert.converter.Converter<org.opensaml.saml.saml2.core.Assertion,String> principalNameConverter)

Use this strategy to extract the principal name from the Assertion. By default, this will retrieve it from the Subject's NameID value.

Note that because of this, if there is no NameID present, then the default throws an exception.

Parameters:

principalNameConverter - the conversion strategy to use

setGrantedAuthoritiesConverter

public void setGrantedAuthoritiesConverter(org.springframework.core.convert.converter.Converter<org.opensaml.saml.saml2.core.Assertion,Collection<org.springframework.security.core.GrantedAuthority>> grantedAuthoritiesConverter)

Use this strategy to grant authorities to a principal given the first Assertion in the response. By default, this will grant ROLE_USER.

Parameters:

grantedAuthoritiesConverter - the conversion strategy to use