com.github.ulisesbocchio.spring.boot.security.saml.configurer

Class ServiceProviderBuilder

java.lang.Object

org.springframework.security.config.annotation.AbstractSecurityBuilder<O>

org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder<Void,ServiceProviderBuilder>

com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderBuilder

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityBuilder<Void>

public class ServiceProviderBuilder
extends org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder<Void,ServiceProviderBuilder>

Class for internal usage of this Spring Boot Plugin. It deals with all the nitty-gritty of wiring all required Spring Security SAML beans, while also exposing most aspects of its configuration through 2 different methods:

• Custom Beans
• A java DSL using Spring Security's builder classes
• Exposed configuration properties through SAMLSSOProperties

all three methods can be used exclusively or mixed. Explicit Bean Definition always takes precedence. Explicit configuration through the DSL always takes precedence over the properties. Most options provide configuration overrides by specifying a Bean of certain type, but not everything. Check with the Javadoc of each method for further details.

Author:

Ulises Bocchio

Constructor Summary

Constructors

Constructor and Description
ServiceProviderBuilder()

Method Summary

Modifier and Type	Method and Description
AuthenticationProviderConfigurer	authenticationProvider() Returns a AuthenticationProviderConfigurer for customization of the SAMLAuthenticationProvider default implementation SAMLAuthenticationProvider.
ServiceProviderBuilder	authenticationProvider(org.springframework.security.saml.SAMLAuthenticationProvider provider) Provide a specific SAMLAuthenticationProvider.
protected void	beforeInit()
WebSSOProfileECPConfigurer	ecpProfile() Returns a WebSSOProfileECPConfigurer for customization of the WebSSOProfileECPImpl default implementation WebSSOProfileECPImpl.
ServiceProviderBuilder	ecpProfile(org.springframework.security.saml.websso.WebSSOProfileECPImpl ecpProfile) Provide a specific WebSSOProfileECPImpl.
ExtendedMetadataConfigurer	extendedMetadata() Returns a ExtendedMetadataConfigurer for customization of the ExtendedMetadata default implementation.
ServiceProviderBuilder	extendedMetadata(org.springframework.security.saml.metadata.ExtendedMetadata extendedMetadata) Provide a specific ExtendedMetadata.
WebSSOProfileHoKConfigurer	hokProfile() Returns a WebSSOProfileHoKConfigurer for customization of the WebSSOProfileHoKImpl default implementation WebSSOProfileHoKImpl.
ServiceProviderBuilder	hokProfile(org.springframework.security.saml.websso.WebSSOProfileHoKImpl hokProfile) Provide a specific WebSSOProfileHoKImpl.
WebSSOProfileHoKConsumerConfigurer	hokProfileConsumer() Returns a WebSSOProfileHoKConsumerConfigurer for customization of the WebSSOProfileConsumerHoKImpl default implementation WebSSOProfileConsumerHoKImpl.
ServiceProviderBuilder	hokProfileConsumer(org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl hokProfileConsumer) Provide a specific WebSSOProfileConsumerHoKImpl.
org.springframework.security.config.annotation.web.builders.HttpSecurity	http() Returns the original HttpSecurity to continue chaining configuration.
ServiceProviderBuilder	http(FunctionalUtils.CheckedConsumer<org.springframework.security.config.annotation.web.builders.HttpSecurity,Exception> httpConsumer) Allows for processing the original HttpSecurity AFTER the Service Provider configurer is configured.
KeyManagerConfigurer	keyManager() Returns a KeyManagerConfigurer for customization of the KeyManager default implementation JKSKeyManager.
ServiceProviderBuilder	keyManager(org.springframework.security.saml.key.KeyManager keyManager) Provide a specific KeyManager.
LocalExtendedMetadataConfigurer	localExtendedMetadata() Returns a ExtendedMetadataConfigurer for customization of the LocalExtendedMetadata default.
ServiceProviderBuilder	localExtendedMetadata(LocalExtendedMetadata extendedMetadata) Provide a specific LocalExtendedMetadata.
LogoutConfigurer	logout() Returns a LogoutConfigurer for customization of the SAMLLogoutFilter and SAMLProcessingFilter.
MetadataGeneratorConfigurer	metadataGenerator() Returns a MetadataGeneratorConfigurer for customization of the MetadataGenerator, MetadataGeneratorFilter and MetadataDisplayFilter.
MetadataGeneratorConfigurer	metadataGenerator(org.springframework.security.saml.metadata.MetadataGenerator metadataGenerator) Provide a specific MetadataGenerator.
MetadataManagerConfigurer	metadataManager() Returns a MetadataManagerConfigurer for customization of the MetadataManager default implementation CachingMetadataManager.
ServiceProviderBuilder	metadataManager(org.springframework.security.saml.metadata.MetadataManager metadataManager) Provide a specific MetadataManager.
protected Void	performBuild()
SAMLContextProviderConfigurer	samlContextProvider() Returns a SAMLContextProviderConfigurer for customization of the SAMLContextProvider default implementation SAMLContextProviderImpl.
ServiceProviderBuilder	samlContextProvider(org.springframework.security.saml.context.SAMLContextProvider samlContextProvider) Provide a specific SAMLContextProvider.
SAMLContextProviderLBConfigurer	samlContextProviderLb() Returns a SAMLContextProviderLBConfigurer for customization of the SAMLContextProvider default implementation SAMLContextProviderLB.
ServiceProviderBuilder	samlContextProviderLb(org.springframework.security.saml.context.SAMLContextProviderLB samlContextProviderLb) Provide a specific SAMLContextProviderLB.
SAMLProcessorConfigurer	samlProcessor() Returns a SAMLProcessorConfigurer for customization of the SAMLProcessor default implementation SAMLProcessorImpl.
ServiceProviderBuilder	samlProcessor(org.springframework.security.saml.processor.SAMLProcessor samlProcessor) Provide a specific SAMLProcessor.
<C> void	setSharedObject(Class<C> sharedType, C object)
SingleLogoutProfileConfigurer	sloProfile() Returns a SingleLogoutProfileConfigurer for customization of the SingleLogoutProfile default implementation SingleLogoutProfileImpl.
ServiceProviderBuilder	sloProfile(org.springframework.security.saml.websso.SingleLogoutProfile sloProfile) Provide a specific SingleLogoutProfile.
SSOConfigurer	sso() Returns a MetadataGeneratorConfigurer for customization of the SAMLEntryPoint, SAMLProcessingFilter, SAMLWebSSOHoKProcessingFilter and SAMLDiscovery.
WebSSOProfileConfigurer	ssoProfile() Returns a WebSSOProfileConfigurer for customization of the WebSSOProfile default implementation WebSSOProfileImpl.
ServiceProviderBuilder	ssoProfile(org.springframework.security.saml.websso.WebSSOProfile ssoProfile) Provide a specific WebSSOProfile.
WebSSOProfileConsumerConfigurer	ssoProfileConsumer() Returns a WebSSOProfileConsumerConfigurer for customization of the WebSSOProfileConsumer default implementation WebSSOProfileConsumerImpl.
ServiceProviderBuilder	ssoProfileConsumer(org.springframework.security.saml.websso.WebSSOProfileConsumer ssoProfileConsumer) Provide a specific WebSSOProfileConsumer.
TLSConfigurer	tls() Returns a TLSConfigurer for customization of the TLSProtocolConfigurer.

Methods inherited from class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

apply, apply, beforeConfigure, doBuild, getConfigurer, getConfigurers, getOrBuild, getSharedObject, getSharedObjects, objectPostProcessor, postProcess, removeConfigurer, removeConfigurers

Methods inherited from class org.springframework.security.config.annotation.AbstractSecurityBuilder

build, getObject

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ServiceProviderBuilder

public ServiceProviderBuilder()

Method Detail

setSharedObject

public <C> void setSharedObject(Class<C> sharedType,
                                C object)

Overrides:

setSharedObject in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder<Void,ServiceProviderBuilder>

beforeInit

protected void beforeInit()
                   throws Exception

Overrides:

beforeInit in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder<Void,ServiceProviderBuilder>

Throws:

Exception

performBuild

protected Void performBuild()
                     throws Exception

Specified by:

performBuild in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder<Void,ServiceProviderBuilder>

Throws:

Exception

samlContextProvider

public SAMLContextProviderConfigurer samlContextProvider()

Returns a SAMLContextProviderConfigurer for customization of the SAMLContextProvider default implementation SAMLContextProviderImpl. Either use this method or samlContextProvider(SAMLContextProvider). Alternatively define a DSLSAMLContextProviderImpl bean.

The Context Provider is responsible for parsing HttpRequest/Response and determining which local entity (IDP/SP) is responsible for its handling.

Returns:

the SAMLContextProvider configurer.

Throws:

Exception - Any exception during configuration.

samlContextProvider

public ServiceProviderBuilder samlContextProvider(org.springframework.security.saml.context.SAMLContextProvider samlContextProvider)

Provide a specific SAMLContextProvider. Either use this method or samlContextProvider(). Alternatively define a DSLSAMLContextProviderImpl bean.

The Context Provider is responsible for parsing HttpRequest/Response and determining which local entity (IDP/SP) is responsible for its handling.

Parameters:

samlContextProvider - the context provider to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

samlContextProviderLb

public SAMLContextProviderLBConfigurer samlContextProviderLb()

Returns a SAMLContextProviderLBConfigurer for customization of the SAMLContextProvider default implementation SAMLContextProviderLB. Either use this method or samlContextProviderLb(SAMLContextProviderLB). Alternatively define a DSLSAMLContextProviderLB bean.

The Context Provider is responsible for parsing HttpRequest/Response and determining which local entity (IDP/SP) is responsible for its handling.

Returns:

the SAMLContextProviderLB configurer.

Throws:

Exception - Any exception during configuration.

samlContextProviderLb

public ServiceProviderBuilder samlContextProviderLb(org.springframework.security.saml.context.SAMLContextProviderLB samlContextProviderLb)

Provide a specific SAMLContextProviderLB. Either use this method or samlContextProvider(). Alternatively define a DSLSAMLContextProviderLB bean.

The Context Provider is responsible for parsing HttpRequest/Response and determining which local entity (IDP/SP) is responsible for its handling.

Parameters:

samlContextProviderLb - the context provider to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

metadataManager

public MetadataManagerConfigurer metadataManager()

Returns a MetadataManagerConfigurer for customization of the MetadataManager default implementation CachingMetadataManager. Either use this method or metadataManager(MetadataManager). Alternatively use properties exposed at: SAMLSSOProperties#getMetadataManager() and SAMLSSOProperties#getExtendedDelegate(). Alternatively define a MetadataManager bean.

Metadata Manager keeps track of all available identity and service providers configured inside the chained metadata providers. Exactly one service provider can be determined as hosted.

Returns:

the MetadataManager configurer.

Throws:

Exception - Any exception during configuration.

metadataManager

public ServiceProviderBuilder metadataManager(org.springframework.security.saml.metadata.MetadataManager metadataManager)

Provide a specific MetadataManager. Either use this method or metadataManager(). Alternatively define a MetadataManager bean.

Metadata Manager keeps track of all available identity and service providers configured inside the chained metadata providers. Exactly one service provider can be determined as hosted.

Parameters:

metadataManager - the metadata Manager to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

keyManager

public KeyManagerConfigurer keyManager()

Returns a KeyManagerConfigurer for customization of the KeyManager default implementation JKSKeyManager. Either use this method or keyManager(KeyManager). Alternatively use properties exposed at: SAMLSSOProperties#getKeyManager(). Alternatively define a KeyManager bean.

KeyManager provides access to private and trusted keys for SAML Extension configuration. Keys are stored in the underlying KeyStore object.

Returns:

the KeyManager configurer.

Throws:

Exception - Any exception during configuration.

keyManager

public ServiceProviderBuilder keyManager(org.springframework.security.saml.key.KeyManager keyManager)

Provide a specific KeyManager. Either use this method or keyManager(). Alternatively define a KeyManager bean.

KeyManager provides access to private and trusted keys for SAML Extension configuration. Keys are stored in the underlying KeyStore object.

Parameters:

keyManager - the key Manager to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

samlProcessor

public SAMLProcessorConfigurer samlProcessor()

Returns a SAMLProcessorConfigurer for customization of the SAMLProcessor default implementation SAMLProcessorImpl. Either use this method or samlProcessor(SAMLProcessor). Alternatively use properties exposed at: SAMLSSOProperties#getSamlProcessor(). Alternatively define a SAMLProcessor bean.

SAML Processor is capable of parsing SAML message from HttpServletRequest and populate the SAMLMessageContext for further validations.

Returns:

the SAMLProcessor configurer.

Throws:

Exception - Any exception during configuration.

samlProcessor

public ServiceProviderBuilder samlProcessor(org.springframework.security.saml.processor.SAMLProcessor samlProcessor)

Provide a specific SAMLProcessor. Either use this method or samlProcessor(). Alternatively define a SAMLProcessor bean.

SAML Processor is capable of parsing SAML message from HttpServletRequest and populate the SAMLMessageContext for further validations.

Parameters:

samlProcessor - the saml Processor to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

ssoProfileConsumer

public WebSSOProfileConsumerConfigurer ssoProfileConsumer()

Returns a WebSSOProfileConsumerConfigurer for customization of the WebSSOProfileConsumer default implementation WebSSOProfileConsumerImpl. Either use this method or ssoProfileConsumer(WebSSOProfileConsumer). Alternatively define a WebSSOProfileConsumer bean with name webSSOprofileConsumer.

Web SSO Profile Consumer is able to process Response objects returned from the IDP after SP initialized SSO or unsolicited response from IDP. In case the response is correctly validated and no errors are found the SAMLCredential is created.

Returns:

the WebSSOProfileConsumer configurer.

Throws:

Exception - Any exception during configuration.

ssoProfileConsumer

public ServiceProviderBuilder ssoProfileConsumer(org.springframework.security.saml.websso.WebSSOProfileConsumer ssoProfileConsumer)

Provide a specific WebSSOProfileConsumer. Either use this method or ssoProfileConsumer(). Alternatively define a WebSSOProfileConsumer bean with name webSSOprofileConsumer.

Web SSO Profile Consumer is able to process Response objects returned from the IDP after SP initialized SSO or unsolicited response from IDP. In case the response is correctly validated and no errors are found the SAMLCredential is created.

Parameters:

ssoProfileConsumer - the sso Profile Consumer to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

hokProfileConsumer

public WebSSOProfileHoKConsumerConfigurer hokProfileConsumer()

Returns a WebSSOProfileHoKConsumerConfigurer for customization of the WebSSOProfileConsumerHoKImpl default implementation WebSSOProfileConsumerHoKImpl. Either use this method or hokProfileConsumer(WebSSOProfileConsumerHoKImpl). Alternatively define a WebSSOProfileConsumerHoKImpl bean with name hokWebSSOprofileConsumer.

Web SSO Profile Consumer HOK implements processing of the SAML Holder-of-Key Browser SSO profile as per http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-holder-of-key-browser-sso-cs-02.pdf.

Returns:

the WebSSOProfileConsumerHoKImpl configurer.

Throws:

Exception - Any exception during configuration.

hokProfileConsumer

public ServiceProviderBuilder hokProfileConsumer(org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl hokProfileConsumer)

Provide a specific WebSSOProfileConsumerHoKImpl. Either use this method or hokProfileConsumer(). Alternatively define a WebSSOProfileConsumerHoKImpl bean with name hokWebSSOprofileConsumer.

Web SSO Profile Consumer HOK implements processing of the SAML Holder-of-Key Browser SSO profile as per http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-holder-of-key-browser-sso-cs-02.pdf.

Parameters:

hokProfileConsumer - the hok Profile Consumer to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

ssoProfile

public WebSSOProfileConfigurer ssoProfile()

Returns a WebSSOProfileConfigurer for customization of the WebSSOProfile default implementation WebSSOProfileImpl. Either use this method or ssoProfile(WebSSOProfile). Alternatively define a WebSSOProfile bean with name webSSOprofile.

Web SSO Profile implements WebSSO profile and offers capabilities for SP initialized SSO and process Response coming from IDP or IDP initialized SSO. HTTP-POST and HTTP-Redirect bindings are supported.

Returns:

the WebSSOProfile configurer.

Throws:

Exception - Any exception during configuration.

ssoProfile

public ServiceProviderBuilder ssoProfile(org.springframework.security.saml.websso.WebSSOProfile ssoProfile)

Provide a specific WebSSOProfile. Either use this method or ssoProfile(). Alternatively define a WebSSOProfile bean with name webSSOprofile.

Web SSO Profile implements WebSSO profile and offers capabilities for SP initialized SSO and process Response coming from IDP or IDP initialized SSO. HTTP-POST and HTTP-Redirect bindings are supported.

Parameters:

ssoProfile - the sso Profile to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

ecpProfile

public WebSSOProfileECPConfigurer ecpProfile()

Returns a WebSSOProfileECPConfigurer for customization of the WebSSOProfileECPImpl default implementation WebSSOProfileECPImpl. Either use this method or ecpProfile(WebSSOProfileECPImpl). Alternatively define a WebSSOProfileECPImpl bean with name ecpProfile.

Profile that implements the SAML ECP Profile and offers capabilities for SP initialized SSO and process Response coming from IDP or IDP initialized SSO. PAOS Binding is supported.

Returns:

the WebSSOProfileECPImpl configurer.

Throws:

Exception - Any exception during configuration.

ecpProfile

public ServiceProviderBuilder ecpProfile(org.springframework.security.saml.websso.WebSSOProfileECPImpl ecpProfile)

Provide a specific WebSSOProfileECPImpl. Either use this method or ecpProfile(). Alternatively define a WebSSOProfileECPImpl bean with name ecpProfile.

Profile that implements the SAML ECP Profile and offers capabilities for SP initialized SSO and process Response coming from IDP or IDP initialized SSO. PAOS Binding is supported.

Parameters:

ecpProfile - the ecp Profile to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

hokProfile

public WebSSOProfileHoKConfigurer hokProfile()

Returns a WebSSOProfileHoKConfigurer for customization of the WebSSOProfileHoKImpl default implementation WebSSOProfileHoKImpl. Either use this method or hokProfile(WebSSOProfileHoKImpl). Alternatively define a WebSSOProfileHoKImpl bean with name hokWebSSOProfile.

Profile that implements WebSSO profile and offers capabilities for SP initialized SSO and process Response coming from IDP or IDP initialized SSO. HTTP-POST and HTTP-Redirect bindings are supported.

Returns:

the WebSSOProfileHoKImpl configurer.

Throws:

Exception - Any exception during configuration.

hokProfile

public ServiceProviderBuilder hokProfile(org.springframework.security.saml.websso.WebSSOProfileHoKImpl hokProfile)

Provide a specific WebSSOProfileHoKImpl. Either use this method or hokProfile(). Alternatively define a WebSSOProfileHoKImpl bean with name hokWebSSOProfile.

Profile that implements WebSSO profile and offers capabilities for SP initialized SSO and process Response coming from IDP or IDP initialized SSO. HTTP-POST and HTTP-Redirect bindings are supported.

Parameters:

hokProfile - the hok Profile to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

sloProfile

public SingleLogoutProfileConfigurer sloProfile()

Returns a SingleLogoutProfileConfigurer for customization of the SingleLogoutProfile default implementation SingleLogoutProfileImpl. Either use this method or sloProfile(SingleLogoutProfile). Alternatively define a SingleLogoutProfile bean.

SLO Profile provides SAML Single Logout functionality according to SAML 2.0 Profiles specification.

Returns:

the SingleLogoutProfileImpl configurer.

Throws:

Exception - Any exception during configuration.

sloProfile

public ServiceProviderBuilder sloProfile(org.springframework.security.saml.websso.SingleLogoutProfile sloProfile)

Provide a specific SingleLogoutProfile. Either use this method or sloProfile(). Alternatively define a SingleLogoutProfile bean.

SLO Profile provides SAML Single Logout functionality according to SAML 2.0 Profiles specification.

Parameters:

sloProfile - the slo Profile to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

extendedMetadata

public ExtendedMetadataConfigurer extendedMetadata()

Returns a ExtendedMetadataConfigurer for customization of the ExtendedMetadata default implementation. Either use this method or extendedMetadata(ExtendedMetadata). Alternatively define a ExtendedMetadata bean.

Extended Metadata contains additional information describing a SAML entity. This Metadata is only for remote entities (the ones user can interact with like IDPs).

Returns:

the ExtendedMetadata configurer.

Throws:

Exception - Any exception during configuration.

localExtendedMetadata

public LocalExtendedMetadataConfigurer localExtendedMetadata()

Returns a ExtendedMetadataConfigurer for customization of the LocalExtendedMetadata default. Either use this method or localExtendedMetadata(LocalExtendedMetadata). Alternatively define a LocalExtendedMetadata bean.

Extended Metadata contains additional information describing a SAML entity. This metadata is for local entities (the ones accessible as part of the deployed application using the SAML Extension).

Returns:

the LocalExtendedMetadataConfigurer configurer.

Throws:

Exception - Any exception during configuration.

extendedMetadata

public ServiceProviderBuilder extendedMetadata(org.springframework.security.saml.metadata.ExtendedMetadata extendedMetadata)

Provide a specific ExtendedMetadata. Either use this method or extendedMetadata(). Alternatively define a ExtendedMetadata bean.

Extended Metadata contains additional information describing a SAML entity. This Metadata is only for remote entities (the ones user can interact with like IDPs).

Parameters:

extendedMetadata - the extended Metadata to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

localExtendedMetadata

public ServiceProviderBuilder localExtendedMetadata(LocalExtendedMetadata extendedMetadata)

Provide a specific LocalExtendedMetadata. Either use this method or localExtendedMetadata(). Alternatively define a LocalExtendedMetadata bean.

Extended Metadata contains additional information describing a SAML entity. This metadata is for local entities (the ones accessible as part of the deployed application using the SAML Extension).

Parameters:

extendedMetadata - the extended Metadata to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

authenticationProvider

public AuthenticationProviderConfigurer authenticationProvider()

Returns a AuthenticationProviderConfigurer for customization of the SAMLAuthenticationProvider default implementation SAMLAuthenticationProvider. Either use this method or authenticationProvider(SAMLAuthenticationProvider). Alternatively use properties exposed at SAMLSSOProperties#getAuthenticationProvider(). Alternatively define a SAMLAuthenticationProvider bean.

SAML Authentication provider is capable of verifying validity of a SAMLAuthenticationToken and in case the token is valid to create an authenticated UsernamePasswordAuthenticationToken.

Returns:

the SAMLAuthenticationProvider configurer.

Throws:

Exception - Any exception during configuration.

authenticationProvider

public ServiceProviderBuilder authenticationProvider(org.springframework.security.saml.SAMLAuthenticationProvider provider)

Provide a specific SAMLAuthenticationProvider. Either use this method or authenticationProvider(). Alternatively define a SAMLAuthenticationProvider bean.

SAML Authentication provider is capable of verifying validity of a SAMLAuthenticationToken and in case the token is valid to create an authenticated UsernamePasswordAuthenticationToken.

Parameters:

provider - the authentication Provider to use.

Returns:

this builder for further customization.

Throws:

Exception - Any exception during configuration.

logout

public LogoutConfigurer logout()

Returns a LogoutConfigurer for customization of the SAMLLogoutFilter and SAMLProcessingFilter. Alternatively use properties exposed at SAMLSSOProperties#getLogout().

Returns:

the LogoutConfigurer

Throws:

Exception - Any exception during configuration.

metadataGenerator

public MetadataGeneratorConfigurer metadataGenerator()

Returns a MetadataGeneratorConfigurer for customization of the MetadataGenerator, MetadataGeneratorFilter and MetadataDisplayFilter. Alternatively use properties exposed at SAMLSSOProperties#getMetadataGenerator().

Metadata Generator is for generation of service provider metadata describing the application in the current deployment environment. All the URLs in the metadata will be derived from information in the ServletContext.
Metadata Generator Filter and Metadata Display Filter expect calls on configured URL and presents user with SAML2 metadata representing this application deployment. In case the application is configured to automatically generate metadata, the generation occurs upon first invocation of this filter (first request made to the server).

Returns:

the MetadataGeneratorConfigurer

Throws:

Exception - Any exception during configuration.

metadataGenerator

public MetadataGeneratorConfigurer metadataGenerator(org.springframework.security.saml.metadata.MetadataGenerator metadataGenerator)

Provide a specific MetadataGenerator. Either use this method or sloProfile(). Alternatively define a MetadataGenerator bean.

Returns a MetadataGeneratorConfigurer for customization of the MetadataGenerator, MetadataGeneratorFilter and MetadataDisplayFilter. Alternatively use properties exposed at SAMLSSOProperties#getMetadataGenerator().

Metadata Generator is for generation of service provider metadata describing the application in the current deployment environment. All the URLs in the metadata will be derived from information in the ServletContext.
Metadata Generator Filter and Metadata Display Filter expect calls on configured URL and presents user with SAML2 metadata representing this application deployment. In case the application is configured to automatically generate metadata, the generation occurs upon first invocation of this filter (first request made to the server).

Returns:

the MetadataGeneratorConfigurer

Throws:

Exception - Any exception during configuration.

sso

public SSOConfigurer sso()

Returns a MetadataGeneratorConfigurer for customization of the SAMLEntryPoint, SAMLProcessingFilter, SAMLWebSSOHoKProcessingFilter and SAMLDiscovery. Alternatively use properties exposed at SAMLSSOProperties.

SAML Entry Point initializes SAML WebSSO Profile, IDP Discovery or ECP Profile from the SP side. Configuration of the local service provider and incoming request determines which profile will get invoked. There are two ways the entry point can get invoked. Either user accesses a URL configured to require some degree of authentication and throws AuthenticationException which is handled and invokes the entry point. The other way is direct invocation of the entry point by accessing the /saml/login URL.
SAML Processor Filter processes arriving SAML messages by delegating to the WebSSOProfile. After the SAMLAuthenticationToken is obtained, authentication providers are asked to authenticate it.
SAML HOK Processing Filter processes messages sent from IDP as part of the WebSSO Holder-of-Key profile.
SAML Discovery implements Identity Provider Discovery Service and Profile as defined in http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf.

Returns:

the SSOConfigurer

Throws:

Exception - Any exception during configuration.

tls

public TLSConfigurer tls()

Returns a TLSConfigurer for customization of the TLSProtocolConfigurer. Alternatively use properties exposed at SAMLSSOProperties#getTls().

TLS Protocol Configurer initializes instance of TLSProtocolSocketFactory and registers is at one of the protocol inside HTTP Client. It also automatically makes the MetadataManager dependant on this bean.

Returns:

the TLSConfigurer

Throws:

Exception - Any exception during configuration.

http

public org.springframework.security.config.annotation.web.builders.HttpSecurity http()

Returns the original HttpSecurity to continue chaining configuration.

http

public ServiceProviderBuilder http(FunctionalUtils.CheckedConsumer<org.springframework.security.config.annotation.web.builders.HttpSecurity,Exception> httpConsumer)

Allows for processing the original HttpSecurity AFTER the Service Provider configurer is configured. This is a workaround to allow configuration to be chained after the configuration of the Service Provider has taken effect since Spring Security Configurers are evaluated late in the game.