Package org.springframework.security.saml2.provider.service.registration

Class RelyingPartyRegistrations

java.lang.Object
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
public final class RelyingPartyRegistrations extends Object
A utility class for constructing instances of RelyingPartyRegistration
Since:
5.4

  • Method Details

    • fromMetadataLocation

      public static RelyingPartyRegistration.Builder fromMetadataLocation(String metadataLocation)
      Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata location. Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some valid endpoints might include: 
         metadataLocation = "classpath:asserting-party-metadata.xml";
   metadataLocation = "file:asserting-party-metadata.xml";
   metadataLocation = "https://ap.example.org/metadata";
      Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so: 
              RelyingPartyRegistration registration = RelyingPartyRegistrations
                .fromMetadataLocation(metadataLocation)
                .registrationId("registration-id")
                .build();
      Also note that an IDPSSODescriptor typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.
      Parameters:
      metadataLocation - The classpath- or file-based locations or HTTP endpoints of the asserting party metadata file
      Returns:
      the RelyingPartyRegistration.Builder for further configuration

    • fromMetadata

      public static RelyingPartyRegistration.Builder fromMetadata(InputStream source)
      Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata.

      This method is intended for scenarios when the metadata is looked up by a separate mechanism. One such example is when the metadata is stored in a database.

      The callers of this method are accountable for closing the InputStream source.

      Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so: 
              String xml = fromDatabase();
        try (InputStream source = new ByteArrayInputStream(xml.getBytes())) {
                RelyingPartyRegistration registration = RelyingPartyRegistrations
                        .fromMetadata(source)
                        .registrationId("registration-id")
                        .build();
        }
      Also note that an IDPSSODescriptor typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.
      Parameters:
      source - the InputStream source containing the asserting party metadata
      Returns:
      the RelyingPartyRegistration.Builder for further configuration
      Since:
      5.6

    • collectionFromMetadataLocation

      public static Collection<RelyingPartyRegistration.Builder> collectionFromMetadataLocation(String location)
      Return a Collection of RelyingPartyRegistration.Builders based off of the given SAML 2.0 Asserting Party (IDP) metadata location. Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some valid endpoints might include: 
         metadataLocation = "classpath:asserting-party-metadata.xml";
   metadataLocation = "file:asserting-party-metadata.xml";
   metadataLocation = "https://ap.example.org/metadata";
      Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so: 
              Iterable<RelyingPartyRegistration> registrations = RelyingPartyRegistrations
                        .collectionFromMetadataLocation(location).iterator();
        RelyingPartyRegistration one = registrations.next().registrationId("one").build();
        RelyingPartyRegistration two = registrations.next().registrationId("two").build();
        return new InMemoryRelyingPartyRegistrationRepository(one, two);
      Also note that an IDPSSODescriptor typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.
      Parameters:
      location - The classpath- or file-based locations or HTTP endpoints of the asserting party metadata file
      Returns:
      the Collection of RelyingPartyRegistration.Builders for further configuration
      Since:
      5.7

    • collectionFromMetadata

      public static Collection<RelyingPartyRegistration.Builder> collectionFromMetadata(InputStream source)
      Return a Collection of RelyingPartyRegistration.Builders based off of the given SAML 2.0 Asserting Party (IDP) metadata.

      This method is intended for scenarios when the metadata is looked up by a separate mechanism. One such example is when the metadata is stored in a database.

      The callers of this method are accountable for closing the InputStream source.

      Note that by default the registrationId is set to be the given metadata location, but this will most often not be sufficient. To complete the configuration, most applications will also need to provide a registrationId, like so: 
              String xml = fromDatabase();
        try (InputStream source = new ByteArrayInputStream(xml.getBytes())) {
                Iterator<RelyingPartyRegistration> registrations = RelyingPartyRegistrations
                                .collectionFromMetadata(source).iterator();
                RelyingPartyRegistration one = registrations.next().registrationId("one").build();
                RelyingPartyRegistration two = registrations.next().registrationId("two").build();
                return new InMemoryRelyingPartyRegistrationRepository(one, two);
        }
      Also note that an IDPSSODescriptor typically only contains information about the asserting party. Thus, you will need to remember to still populate anything about the relying party, like any private keys the relying party will use for signing AuthnRequests.
      Parameters:
      source - the InputStream source containing the asserting party metadata
      Returns:
      the Collection of RelyingPartyRegistration.Builders for further configuration
      Since:
      5.7