Package org.keycloak.broker.saml
Class SAMLIdentityProviderConfig
java.lang.Object
org.keycloak.models.IdentityProviderModel
org.keycloak.broker.saml.SAMLIdentityProviderConfig
- All Implemented Interfaces:
Serializable
- Author:
- Pedro Igor
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final XmlKeyInfoKeyNameTransformer
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
Fields inherited from class org.keycloak.models.IdentityProviderModel
addReadTokenRoleOnCreate, ALIAS, ALIAS_NOT_IN, ALLOWED_CLOCK_SKEW, AUTHENTICATE_BY_DEFAULT, CASE_SENSITIVE_ORIGINAL_USERNAME, CLAIM_FILTER_NAME, CLAIM_FILTER_VALUE, DEFAULT_MIN_VALIDITY_TOKEN, DISPLAY_NAME, DO_NOT_STORE_USERS, ENABLED, FILTERED_BY_CLAIMS, FIRST_BROKER_LOGIN_FLOW_ID, HIDE_ON_LOGIN, LEGACY_HIDE_ON_LOGIN_ATTR, LINK_ONLY, linkOnly, LOGIN_HINT, METADATA_DESCRIPTOR_URL, MIN_VALIDITY_TOKEN, ORGANIZATION_ID, ORGANIZATION_ID_NOT_NULL, PASS_MAX_AGE, POST_BROKER_LOGIN_FLOW_ID, SEARCH, SYNC_MODE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addSigningCertificate
(String signingCertificate) int
Deprecated.String[]
Always returns non-null
result.boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
boolean
void
setAddExtensionsElementWithKeyInfo
(boolean addExtensionsElementWithKeyInfo) void
setAllowCreated
(boolean allowCreate) void
setAllowedClockSkew
(int allowedClockSkew) void
setArtifactBindingResponse
(boolean backchannel) void
setArtifactResolutionServiceUrl
(String artifactResolutionServiceUrl) void
setAttributeConsumingServiceIndex
(Integer attributeConsumingServiceIndex) void
setAttributeConsumingServiceName
(String attributeConsumingServiceName) void
setAuthnContextClassRefs
(String authnContextClassRefs) void
setAuthnContextComparisonType
(AuthnContextComparisonType authnContextComparisonType) void
setAuthnContextDeclRefs
(String authnContextDeclRefs) void
setBackchannelSupported
(boolean backchannel) void
setEnabledFromMetadata
(boolean enabled) void
setEncryptionAlgorithm
(String encryptionAlgorithm) void
setEncryptionPublicKey
(String encryptionPublicKey) void
setEntityId
(String entityId) void
setForceAuthn
(boolean forceAuthn) void
setIdpEntityId
(String idpEntityId) void
setNameIDPolicyFormat
(String nameIDPolicyFormat) void
setPostBindingAuthnRequest
(boolean postBindingAuthnRequest) void
setPostBindingLogout
(boolean postBindingLogout) void
setPostBindingResponse
(boolean postBindingResponse) void
setPrincipalAttribute
(String principalAttribute) void
setPrincipalType
(SamlPrincipalType principalType) void
setSignatureAlgorithm
(String signatureAlgorithm) void
setSigningCertificate
(String signingCertificate) Deprecated.PreferaddSigningCertificate(String)
}void
setSignSpMetadata
(boolean signSpMetadata) void
setSingleLogoutServiceUrl
(String singleLogoutServiceUrl) void
setSingleSignOnServiceUrl
(String singleSignOnServiceUrl) void
setUseMetadataDescriptorUrl
(Boolean useDescriptorUrl) void
setValidateSignature
(boolean validateSignature) void
setWantAssertionsEncrypted
(boolean wantAssertionsEncrypted) void
setWantAssertionsSigned
(boolean wantAssertionsSigned) void
setWantAuthnRequestsSigned
(boolean wantAuthnRequestsSigned) void
setXmlSigKeyInfoKeyNameTransformer
(XmlKeyInfoKeyNameTransformer xmlSigKeyInfoKeyNameTransformer) void
validate
(RealmModel realm) Validates this configuration.Methods inherited from class org.keycloak.models.IdentityProviderModel
equals, getAlias, getClaimFilterName, getClaimFilterValue, getConfig, getDisplayIconClasses, getDisplayName, getFirstBrokerLoginFlowId, getInternalId, getMetadataDescriptorUrl, getMinValidityToken, getOrganizationId, getPostBrokerLoginFlowId, getProviderId, getSyncMode, hashCode, isAddReadTokenRoleOnCreate, isAuthenticateByDefault, isCaseSensitiveOriginalUsername, isEnabled, isFilteredByClaims, isHideOnLogin, isLinkOnly, isLoginHint, isPassMaxAge, isStoreToken, isTransientUsers, isTrustEmail, setAddReadTokenRoleOnCreate, setAlias, setAuthenticateByDefault, setCaseSensitiveOriginalUsername, setClaimFilterName, setClaimFilterValue, setConfig, setDisplayName, setEnabled, setFilteredByClaims, setFirstBrokerLoginFlowId, setHideOnLogin, setInternalId, setLinkOnly, setLoginHint, setMetadataDescriptorUrl, setMinValidityToken, setOrganizationId, setPassMaxAge, setPostBrokerLoginFlowId, setProviderId, setStoreToken, setSyncMode, setTransientUsers, setTrustEmail
-
Field Details
-
DEFAULT_XML_KEY_INFO_KEY_NAME_TRANSFORMER
-
ENTITY_ID
- See Also:
-
IDP_ENTITY_ID
- See Also:
-
ADD_EXTENSIONS_ELEMENT_WITH_KEY_INFO
- See Also:
-
BACKCHANNEL_SUPPORTED
- See Also:
-
ENCRYPTION_PUBLIC_KEY
- See Also:
-
FORCE_AUTHN
- See Also:
-
NAME_ID_POLICY_FORMAT
- See Also:
-
POST_BINDING_AUTHN_REQUEST
- See Also:
-
POST_BINDING_LOGOUT
- See Also:
-
POST_BINDING_RESPONSE
- See Also:
-
ARTIFACT_BINDING_RESPONSE
- See Also:
-
SIGNATURE_ALGORITHM
- See Also:
-
ENCRYPTION_ALGORITHM
- See Also:
-
SIGNING_CERTIFICATE_KEY
- See Also:
-
SINGLE_LOGOUT_SERVICE_URL
- See Also:
-
SINGLE_SIGN_ON_SERVICE_URL
- See Also:
-
ARTIFACT_RESOLUTION_SERVICE_URL
- See Also:
-
VALIDATE_SIGNATURE
- See Also:
-
PRINCIPAL_TYPE
- See Also:
-
PRINCIPAL_ATTRIBUTE
- See Also:
-
WANT_ASSERTIONS_ENCRYPTED
- See Also:
-
WANT_ASSERTIONS_SIGNED
- See Also:
-
WANT_AUTHN_REQUESTS_SIGNED
- See Also:
-
XML_SIG_KEY_INFO_KEY_NAME_TRANSFORMER
- See Also:
-
ENABLED_FROM_METADATA
- See Also:
-
AUTHN_CONTEXT_COMPARISON_TYPE
- See Also:
-
AUTHN_CONTEXT_CLASS_REFS
- See Also:
-
AUTHN_CONTEXT_DECL_REFS
- See Also:
-
SIGN_SP_METADATA
- See Also:
-
ALLOW_CREATE
- See Also:
-
ATTRIBUTE_CONSUMING_SERVICE_INDEX
- See Also:
-
ATTRIBUTE_CONSUMING_SERVICE_NAME
- See Also:
-
USE_METADATA_DESCRIPTOR_URL
- See Also:
-
-
Constructor Details
-
SAMLIdentityProviderConfig
public SAMLIdentityProviderConfig() -
SAMLIdentityProviderConfig
-
-
Method Details
-
getEntityId
-
setEntityId
-
getIdpEntityId
-
setIdpEntityId
-
getSingleSignOnServiceUrl
-
setSingleSignOnServiceUrl
-
getArtifactResolutionServiceUrl
-
setArtifactResolutionServiceUrl
-
getSingleLogoutServiceUrl
-
setSingleLogoutServiceUrl
-
isValidateSignature
public boolean isValidateSignature() -
setValidateSignature
public void setValidateSignature(boolean validateSignature) -
isForceAuthn
public boolean isForceAuthn() -
setForceAuthn
public void setForceAuthn(boolean forceAuthn) -
getSigningCertificate
Deprecated.PrefergetSigningCertificates()
}- Parameters:
signingCertificate
-
-
setSigningCertificate
Deprecated.PreferaddSigningCertificate(String)
}- Parameters:
signingCertificate
-
-
addSigningCertificate
-
getSigningCertificates
-
getNameIDPolicyFormat
-
setNameIDPolicyFormat
-
isWantAuthnRequestsSigned
public boolean isWantAuthnRequestsSigned() -
setWantAuthnRequestsSigned
public void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned) -
isWantAssertionsSigned
public boolean isWantAssertionsSigned() -
setWantAssertionsSigned
public void setWantAssertionsSigned(boolean wantAssertionsSigned) -
isWantAssertionsEncrypted
public boolean isWantAssertionsEncrypted() -
setWantAssertionsEncrypted
public void setWantAssertionsEncrypted(boolean wantAssertionsEncrypted) -
isAddExtensionsElementWithKeyInfo
public boolean isAddExtensionsElementWithKeyInfo() -
setAddExtensionsElementWithKeyInfo
public void setAddExtensionsElementWithKeyInfo(boolean addExtensionsElementWithKeyInfo) -
getSignatureAlgorithm
-
setSignatureAlgorithm
-
getEncryptionAlgorithm
-
setEncryptionAlgorithm
-
getEncryptionPublicKey
-
setEncryptionPublicKey
-
isPostBindingAuthnRequest
public boolean isPostBindingAuthnRequest() -
setPostBindingAuthnRequest
public void setPostBindingAuthnRequest(boolean postBindingAuthnRequest) -
isPostBindingResponse
public boolean isPostBindingResponse() -
setPostBindingResponse
public void setPostBindingResponse(boolean postBindingResponse) -
isPostBindingLogout
public boolean isPostBindingLogout() -
setPostBindingLogout
public void setPostBindingLogout(boolean postBindingLogout) -
isBackchannelSupported
public boolean isBackchannelSupported() -
setBackchannelSupported
public void setBackchannelSupported(boolean backchannel) -
isArtifactBindingResponse
public boolean isArtifactBindingResponse() -
setArtifactBindingResponse
public void setArtifactBindingResponse(boolean backchannel) -
getXmlSigKeyInfoKeyNameTransformer
Always returns non-null
result.- Returns:
- Configured ransformer of
DEFAULT_XML_KEY_INFO_KEY_NAME_TRANSFORMER
if not set.
-
setXmlSigKeyInfoKeyNameTransformer
public void setXmlSigKeyInfoKeyNameTransformer(XmlKeyInfoKeyNameTransformer xmlSigKeyInfoKeyNameTransformer) -
getAllowedClockSkew
public int getAllowedClockSkew() -
setAllowedClockSkew
public void setAllowedClockSkew(int allowedClockSkew) -
getPrincipalType
-
setPrincipalType
-
getPrincipalAttribute
-
setPrincipalAttribute
-
isEnabledFromMetadata
public boolean isEnabledFromMetadata() -
setEnabledFromMetadata
public void setEnabledFromMetadata(boolean enabled) -
getAuthnContextComparisonType
-
setAuthnContextComparisonType
-
getAuthnContextClassRefs
-
setAuthnContextClassRefs
-
getAuthnContextDeclRefs
-
setAuthnContextDeclRefs
-
isSignSpMetadata
public boolean isSignSpMetadata() -
setSignSpMetadata
public void setSignSpMetadata(boolean signSpMetadata) -
isAllowCreate
public boolean isAllowCreate() -
setAllowCreated
public void setAllowCreated(boolean allowCreate) -
getAttributeConsumingServiceIndex
-
setAttributeConsumingServiceIndex
-
setAttributeConsumingServiceName
-
getAttributeConsumingServiceName
-
setUseMetadataDescriptorUrl
-
isUseMetadataDescriptorUrl
public boolean isUseMetadataDescriptorUrl() -
validate
Description copied from class:IdentityProviderModel
Validates this configuration.
Sub-classes can override this method in order to enforce provider specific validations.
- Overrides:
validate
in classIdentityProviderModel
- Parameters:
realm
- the realm
-
getSigningCertificates()
}