Class SAML2AssertionDetails
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.assertions.AssertionDetails
-
- com.nimbusds.oauth2.sdk.assertions.saml2.SAML2AssertionDetails
-
@Immutable public class SAML2AssertionDetails extends AssertionDetails
SAML 2.0 bearer assertion details for OAuth 2.0 client authentication and authorisation grants.Used for
SAML 2.0 bearer assertion grants
.Example SAML 2.0 assertion:
<Assertion IssueInstant="2010-10-01T20:07:34.619Z" ID="ef1xsbZxPV2oqjd7HTLRLIBlBb7" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> <Issuer>https://saml-idp.example.com</Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> [...omitted for brevity...] </ds:Signature> <Subject> <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> [email protected] </NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData NotOnOrAfter="2010-10-01T20:12:34.619Z" Recipient="https://authz.example.net/token.oauth2"/> </SubjectConfirmation> </Subject> <Conditions> <AudienceRestriction> <Audience>https://saml-sp.example.net</Audience> </AudienceRestriction> </Conditions> <AuthnStatement AuthnInstant="2010-10-01T20:07:34.371Z"> <AuthnContext> <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion>
Related specifications:
- Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522), section 3.
-
-
Constructor Summary
Constructors Constructor Description SAML2AssertionDetails(Issuer issuer, Subject subject, Audience audience)
Creates a new SAML 2.0 bearer assertion details instance.SAML2AssertionDetails(Issuer issuer, Subject subject, String subjectFormat, Date subjectAuthTime, ACR subjectACR, List<Audience> audience, Date exp, Date nbf, Date iat, Identifier id, InetAddress clientAddress, Map<String,List<String>> attrStatement)
Creates a new SAML 2.0 bearer assertion details instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Map<String,List<String>>
getAttributeStatement()
Returns the optional attribute statement.InetAddress
getClientInetAddress()
Returns the optional client address to which this assertion is bound.Date
getNotBeforeTime()
Returns the optional not-before time.ACR
getSubjectACR()
Returns the optional subject Authentication Context Class Reference (ACR).Date
getSubjectAuthenticationTime()
Returns the optional subject authentication time.String
getSubjectFormat()
Returns the optional subject format.static SAML2AssertionDetails
parse(org.opensaml.saml.saml2.core.Assertion assertion)
Parses a SAML 2.0 bearer assertion details instance from the specified assertion object.org.opensaml.saml.saml2.core.Assertion
toSAML2Assertion()
Returns a SAML 2.0 assertion (unsigned) representation of this assertion details instance.-
Methods inherited from class com.nimbusds.oauth2.sdk.assertions.AssertionDetails
getAudience, getExpirationTime, getID, getIssuer, getIssueTime, getSubject
-
-
-
-
Constructor Detail
-
SAML2AssertionDetails
public SAML2AssertionDetails(Issuer issuer, Subject subject, Audience audience)
Creates a new SAML 2.0 bearer assertion details instance. The expiration time is set to five minutes from the current system time. Generates a default identifier for the assertion. The issue time is set to the current system time.- Parameters:
issuer
- The issuer. Must not benull
.subject
- The subject. Must not benull
.audience
- The audience, typically the URI of the authorisation server's token endpoint. Must not benull
.
-
SAML2AssertionDetails
public SAML2AssertionDetails(Issuer issuer, Subject subject, String subjectFormat, Date subjectAuthTime, ACR subjectACR, List<Audience> audience, Date exp, Date nbf, Date iat, Identifier id, InetAddress clientAddress, Map<String,List<String>> attrStatement)
Creates a new SAML 2.0 bearer assertion details instance.- Parameters:
issuer
- The issuer. Must not benull
.subject
- The subject. Must not benull
.subjectFormat
- The subject format,null
if not specified.subjectAuthTime
- The subject authentication time,null
if not specified.subjectACR
- The subject Authentication Context Class Reference (ACR),null
if not specified.audience
- The audience, typically including the URI of the authorisation server's token endpoint. Must not benull
.exp
- The expiration time. Must not benull
.nbf
- The time before which the assertion must not be accepted for processing,null
if not specified.iat
- The time at which the assertion was issued. Must not benull
.id
- Unique identifier for the assertion. Must not benull
.clientAddress
- The client address,null
if not specified.attrStatement
- The attribute statement (in simplified form),null
if not specified.
-
-
Method Detail
-
getSubjectFormat
public String getSubjectFormat()
Returns the optional subject format.- Returns:
- The subject format,
null
if not specified.
-
getSubjectAuthenticationTime
public Date getSubjectAuthenticationTime()
Returns the optional subject authentication time.- Returns:
- The subject authentication time,
null
if not specified.
-
getSubjectACR
public ACR getSubjectACR()
Returns the optional subject Authentication Context Class Reference (ACR).- Returns:
- The subject ACR,
null
if not specified.
-
getNotBeforeTime
public Date getNotBeforeTime()
Returns the optional not-before time.- Returns:
- The not-before time,
null
if not specified.
-
getClientInetAddress
public InetAddress getClientInetAddress()
Returns the optional client address to which this assertion is bound.- Returns:
- The client address,
null
if not specified.
-
getAttributeStatement
public Map<String,List<String>> getAttributeStatement()
Returns the optional attribute statement.- Returns:
- The attribute statement (in simplified form),
null
if not specified.
-
toSAML2Assertion
public org.opensaml.saml.saml2.core.Assertion toSAML2Assertion() throws SerializeException
Returns a SAML 2.0 assertion (unsigned) representation of this assertion details instance.- Returns:
- The SAML 2.0 assertion (with no signature element).
- Throws:
SerializeException
- If serialisation failed.
-
parse
public static SAML2AssertionDetails parse(org.opensaml.saml.saml2.core.Assertion assertion) throws ParseException
Parses a SAML 2.0 bearer assertion details instance from the specified assertion object.- Parameters:
assertion
- The assertion. Must not benull
.- Returns:
- The SAML 2.0 bearer assertion details.
- Throws:
ParseException
- If the assertion couldn't be parsed to a SAML 2.0 bearer assertion details instance.
-
-