Package org.nuxeo.ecm.platform.auth.saml

Class SAMLConfiguration

java.lang.Object
org.nuxeo.ecm.platform.auth.saml.SAMLConfiguration
public class SAMLConfiguration extends Object
Configuration class that retrieves the SAML configuration from plugin parameters.

SP refers to Service Provider (here Nuxeo) and IdP refers to Identity Provider.

Since:
7.3

  • Field Details

  • Constructor Details

    • SAMLConfiguration

      public SAMLConfiguration(Map<String,String> parameters)

  • Method Details

    • isDefault

      public boolean isDefault()
      The plugin defines as the default is:
      • the one not declaring entityId parameter
      • the one having the entityId parameter equals to the nuxeo.conf parameter
      Returns:
      whether this plugin is the default one

    • getSPEntityId

      @Nonnull public String getSPEntityId()
      Returns:
      the SAML entityId to use for this plugin
      Since:
      2025.7

    • getSPEntityIdFromNuxeoConf

      protected String getSPEntityIdFromNuxeoConf()
      Since:
      2025.7

    • isSPAuthnRequestsSigned

      public boolean isSPAuthnRequestsSigned()
      Returns:
      whether the SP signed the authn requests.
      Since:
      2025.7

    • isSPWantAssertionsSigned

      public boolean isSPWantAssertionsSigned()
      Returns:
      whether the SP requires the assertions to be signed
      Since:
      2025.7

    • getSPDigestAlgorithm

      public Optional<String> getSPDigestAlgorithm()
      Since:
      2025.7

    • getSPSignatureAlgorithms

      @Nonnull public List<String> getSPSignatureAlgorithms()
      Since:
      2025.7

    • getSPSkewTime

      @Nonnull public Duration getSPSkewTime()
      Since:
      2025.7

    • getSPKeyHolder

      public Optional<KeyHolder> getSPKeyHolder()
      Since:
      2025.7

    • createSPEntityDescriptor

      @Nonnull public org.opensaml.saml.saml2.metadata.EntityDescriptor createSPEntityDescriptor(String baseURL)
      Since:
      2025.7

    • createSPSSODescriptor

      protected org.opensaml.saml.saml2.metadata.SPSSODescriptor createSPSSODescriptor(String baseURL)
      Since:
      2025.7

    • getSPLoginBindings

      protected List<String> getSPLoginBindings()

    • getIdPMetadataUri

      @Nullable public String getIdPMetadataUri()
      Returns:
      the Idp metadata URI, it could either be an HTTP URL or a filesystem location
      Since:
      2025.7

    • getIdPMetadataTimeout

      @Nonnull public Duration getIdPMetadataTimeout()
      Returns:
      the timeout to use when fetching the IdP metadata
      Since:
      2025.7

    • isIdPSignatureMandatory

      public boolean isIdPSignatureMandatory()

    • instantiateUserResolver

      @Nonnull public UserResolver instantiateUserResolver()
      Since:
      2025.7

    • isLoginScreenButtonEnabled

      public boolean isLoginScreenButtonEnabled()
      Since:
      2025.7

    • getLoginScreenName

      @Nullable public String getLoginScreenName()
      Since:
      2025.7

    • getLoginScreenDescription

      @Nullable public String getLoginScreenDescription()
      Since:
      2025.7

    • getLoginScreenIcon

      @Nullable public String getLoginScreenIcon()
      Since:
      2025.7

    • getLoginScreenLabel

      @Nullable public String getLoginScreenLabel()
      Since:
      2025.7

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getEntityId

      @Deprecated(since="2025.7", forRemoval=true) public static String getEntityId()
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use getSPEntityId() instead

    • getLoginBindings

      @Deprecated(since="2025.7", forRemoval=true) public static List<String> getLoginBindings()
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use getSPLoginBindings() instead

    • getAuthnRequestsSigned

      @Deprecated(since="2025.7", forRemoval=true) public static boolean getAuthnRequestsSigned()
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use isSPAuthnRequestsSigned() instead

    • getWantAssertionsSigned

      @Deprecated(since="2025.7", forRemoval=true) public static boolean getWantAssertionsSigned()
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use isSPWantAssertionsSigned() instead

    • getSkewTimeMillis

      @Deprecated(since="2025.7", forRemoval=true) public static int getSkewTimeMillis()
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use getSPSkewTime() instead

    • getEntityDescriptor

      @Deprecated(since="2025.7", forRemoval=true) public static org.opensaml.saml.saml2.metadata.EntityDescriptor getEntityDescriptor(String baseURL)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use createSPEntityDescriptor(java.lang.String) instead
      Returns the EntityDescriptor for the Nuxeo Service Provider

    • getSPSSODescriptor

      @Deprecated(since="2025.7", forRemoval=true) public static org.opensaml.saml.saml2.metadata.SPSSODescriptor getSPSSODescriptor(String baseURL)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 2025.7, use createSPSSODescriptor(java.lang.String) instead
      Returns the SPSSODescriptor for the Nuxeo Service Provider

    • retrieveDefaultPluginConfiguration

      public static SAMLConfiguration retrieveDefaultPluginConfiguration()
      Retrieves the SAMLConfiguration for the default contributed SAML plugin.

      The plugin defines as the default is:

      • the one not declaring entityId parameter
      • the one having the entityId parameter equals to the nuxeo.conf parameter
      Returns:
      the SAMLConfiguration for the default contributed SAML plugin
      Since:
      2025.7