Class Pac4jSamlClientProperties
java.lang.Object
org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties
- All Implemented Interfaces:
Serializable
,CasFeatureModule
@RequiresModule(name="cas-server-support-pac4j-webflow")
public class Pac4jSamlClientProperties
extends Pac4jBaseClientProperties
This is
Pac4jSamlClientProperties
.- Since:
- 5.2.0
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
Pac4jBaseClientProperties.CallbackUrlTypes
Nested classes/interfaces inherited from interface org.apereo.cas.configuration.features.CasFeatureModule
CasFeatureModule.FeatureCatalog
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionMaximum skew in seconds between SP and IDP clocks.int
Allows the SAML client to select a specific ACS url from the metadata, if defined.int
AttributeConsumingServiceIndex attribute of AuthnRequest element.Requested authentication context class in authn requests.Specifies the comparison rule that should be used to evaluate the specified authentication methods.Collection of signing signature blocked algorithms, if any, to override the global defaults.int
Define the validity period for the certificate in number of days.A name to append to signing certificates generated.Certificate signature algorithm to use when generating the certificate.The destination binding to use when creating authentication requests.The password to use when generating the SP/CAS keystore.Location of the keystore to use and generate the SP/CAS keystore.The destination binding to use when creating logout requests.Control the logout response binding type during logout operations as invoked by an external IdP and in response to logout requests.Describes the map of attributes that are to be fetched from the credential (map keys) and then transformed/renamed using map values before they are put into a profile.Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you.Factory implementing this interface provides services for storing and retrieval of SAML messages for e.g.Metadata configuration properties.The attribute name that should be used and extracted from the SAML2 response to identify and build a NameID value, when the response is processed and consumed.Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined.NameID policy to request in the authentication requests.The password to use when generating the private key for the SP/CAS keystore.Provider name set for the saml authentication request.List of attributes requested by the service provider that would be put into the service provider metadata.When generating SAML2 metadata, configure and set the request initiator location attribute.The SAML2 response binding type to use when generating metadata.Controls the way SAML2 attributes are converted from the authentication response into pac4j attributes.The entity id of the SP/CAS that is used in the SP metadata generation process.Collection of signing signature algorithms, if any, to override the global defaults.The signing signature canonicalization algorithm, if any, to override the global defaults.Collection of signing signature reference digest methods, if any, to override the global defaults.When generating SAML2 metadata, configure and set the single logout service URL attribute.When generating SAML2 metadata, configure and set the list of supported protocols in the metadata.boolean
Whether the signature validation should be disabled.boolean
Whether authentication requests should be tagged as forced auth.boolean
Force generation of the keystore.boolean
Logouts are only successful if the IdP was able to inform all services, otherwise it will respond withPartialLogout
.boolean
Whether authentication requests should be tagged as passive.boolean
When validating the response, ensure it has a value set for theDestination
attribute.boolean
Whether or not the authnRequest should be signed.boolean
Whether or not the Logout Request sent from the SP should be signed.boolean
Whether or not SAML SP metadata should be signed when generated.boolean
Whether name qualifiers should be produced in the final saml response.boolean
Whether metadata should be marked to request sign assertions.boolean
Whether a response has to be mandatory signed.setAcceptedSkew
(String acceptedSkew) Maximum skew in seconds between SP and IDP clocks.setAllSignatureValidationDisabled
(boolean allSignatureValidationDisabled) Whether the signature validation should be disabled.setAssertionConsumerServiceIndex
(int assertionConsumerServiceIndex) Allows the SAML client to select a specific ACS url from the metadata, if defined.setAttributeConsumingServiceIndex
(int attributeConsumingServiceIndex) AttributeConsumingServiceIndex attribute of AuthnRequest element.setAuthnContextClassRef
(List<String> authnContextClassRef) Requested authentication context class in authn requests.setAuthnContextComparisonType
(String authnContextComparisonType) Specifies the comparison rule that should be used to evaluate the specified authentication methods.setBlockedSignatureSigningAlgorithms
(List<String> blockedSignatureSigningAlgorithms) Collection of signing signature blocked algorithms, if any, to override the global defaults.setCertificateExpirationDays
(int certificateExpirationDays) Define the validity period for the certificate in number of days.setCertificateNameToAppend
(String certificateNameToAppend) A name to append to signing certificates generated.setCertificateSignatureAlg
(String certificateSignatureAlg) Certificate signature algorithm to use when generating the certificate.setDestinationBinding
(String destinationBinding) The destination binding to use when creating authentication requests.setForceAuth
(boolean forceAuth) Whether authentication requests should be tagged as forced auth.setForceKeystoreGeneration
(boolean forceKeystoreGeneration) Force generation of the keystore.setKeystorePassword
(String keystorePassword) The password to use when generating the SP/CAS keystore.setKeystorePath
(String keystorePath) Location of the keystore to use and generate the SP/CAS keystore.setLogoutRequestBinding
(String logoutRequestBinding) The destination binding to use when creating logout requests.setLogoutResponseBindingType
(String logoutResponseBindingType) Control the logout response binding type during logout operations as invoked by an external IdP and in response to logout requests.setMappedAttributes
(List<String> mappedAttributes) Describes the map of attributes that are to be fetched from the credential (map keys) and then transformed/renamed using map values before they are put into a profile.setMaximumAuthenticationLifetime
(String maximumAuthenticationLifetime) Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you.setMessageStoreFactory
(String messageStoreFactory) Factory implementing this interface provides services for storing and retrieval of SAML messages for e.g.setMetadata
(Pac4jSamlClientMetadataProperties metadata) Metadata configuration properties.setNameIdAttribute
(String nameIdAttribute) The attribute name that should be used and extracted from the SAML2 response to identify and build a NameID value, when the response is processed and consumed.setNameIdPolicyAllowCreate
(TriStateBoolean nameIdPolicyAllowCreate) Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined.setNameIdPolicyFormat
(String nameIdPolicyFormat) NameID policy to request in the authentication requests.setPartialLogoutAsSuccess
(boolean partialLogoutAsSuccess) Logouts are only successful if the IdP was able to inform all services, otherwise it will respond withPartialLogout
.setPassive
(boolean passive) Whether authentication requests should be tagged as passive.setPrivateKeyPassword
(String privateKeyPassword) The password to use when generating the private key for the SP/CAS keystore.setProviderName
(String providerName) Provider name set for the saml authentication request.setRequestedAttributes
(List<Pac4jSamlServiceProviderRequestedAttribute> requestedAttributes) List of attributes requested by the service provider that would be put into the service provider metadata.setRequestInitiatorUrl
(String requestInitiatorUrl) When generating SAML2 metadata, configure and set the request initiator location attribute.setResponseBindingType
(String responseBindingType) The SAML2 response binding type to use when generating metadata.setResponseDestinationMandatory
(boolean responseDestinationMandatory) When validating the response, ensure it has a value set for theDestination
attribute.setSaml2AttributeConverter
(String saml2AttributeConverter) Controls the way SAML2 attributes are converted from the authentication response into pac4j attributes.setServiceProviderEntityId
(String serviceProviderEntityId) The entity id of the SP/CAS that is used in the SP metadata generation process.setSignatureAlgorithms
(List<String> signatureAlgorithms) Collection of signing signature algorithms, if any, to override the global defaults.setSignatureCanonicalizationAlgorithm
(String signatureCanonicalizationAlgorithm) The signing signature canonicalization algorithm, if any, to override the global defaults.setSignatureReferenceDigestMethods
(List<String> signatureReferenceDigestMethods) Collection of signing signature reference digest methods, if any, to override the global defaults.setSignAuthnRequest
(boolean signAuthnRequest) Whether or not the authnRequest should be signed.setSignServiceProviderLogoutRequest
(boolean signServiceProviderLogoutRequest) Whether or not the Logout Request sent from the SP should be signed.setSignServiceProviderMetadata
(boolean signServiceProviderMetadata) Whether or not SAML SP metadata should be signed when generated.setSingleLogoutServiceUrl
(String singleLogoutServiceUrl) When generating SAML2 metadata, configure and set the single logout service URL attribute.setSupportedProtocols
(List<String> supportedProtocols) When generating SAML2 metadata, configure and set the list of supported protocols in the metadata.setUseNameQualifier
(boolean useNameQualifier) Whether name qualifiers should be produced in the final saml response.setWantsAssertionsSigned
(boolean wantsAssertionsSigned) Whether metadata should be marked to request sign assertions.setWantsResponsesSigned
(boolean wantsResponsesSigned) Whether a response has to be mandatory signed.Methods inherited from class org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
getAutoRedirectType, getCallbackUrl, getCallbackUrlType, getClientName, getCssClass, getDisplayName, getPrincipalIdAttribute, isEnabled, setAutoRedirectType, setCallbackUrl, setCallbackUrlType, setClientName, setCssClass, setDisplayName, setEnabled, setPrincipalIdAttribute
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apereo.cas.configuration.features.CasFeatureModule
isDefined, isUndefined
-
Constructor Details
-
Pac4jSamlClientProperties
public Pac4jSamlClientProperties()
-
-
Method Details
-
getMetadata
Metadata configuration properties. -
getDestinationBinding
The destination binding to use when creating authentication requests. -
getLogoutRequestBinding
The destination binding to use when creating logout requests. -
getKeystorePassword
The password to use when generating the SP/CAS keystore. -
getPrivateKeyPassword
The password to use when generating the private key for the SP/CAS keystore. -
getKeystorePath
Location of the keystore to use and generate the SP/CAS keystore. -
getMaximumAuthenticationLifetime
Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you. By default, the SAML client will accept assertions based on a previous authentication for one hour. You can adjust this behavior by modifying this setting. The unit of time here is seconds. -
getAcceptedSkew
Maximum skew in seconds between SP and IDP clocks. This skew is added onto theNotOnOrAfter
field in seconds for the SAML response validation. -
getMappedAttributes
Describes the map of attributes that are to be fetched from the credential (map keys) and then transformed/renamed using map values before they are put into a profile. An example might be to fetchgivenName
from credential and rename it tourn:oid:2.5.4.42
or vice versa. Note that this setting only applies to attribute names, and not friendly-names. List arbitrary mappings of claims. Uses a "directed list" where the allowed syntax would begivenName->urn:oid:2.5.4.42
. -
getServiceProviderEntityId
The entity id of the SP/CAS that is used in the SP metadata generation process. -
isForceAuth
public boolean isForceAuth()Whether authentication requests should be tagged as forced auth. -
isPassive
public boolean isPassive()Whether authentication requests should be tagged as passive. -
getAuthnContextClassRef
Requested authentication context class in authn requests. -
getAuthnContextComparisonType
Specifies the comparison rule that should be used to evaluate the specified authentication methods. For example, if exact is specified, the authentication method used must match one of the authentication methods specified by the AuthnContextClassRef elements. AuthContextClassRef element require comparison rule to be used to evaluate the specified authentication methods. If not explicitly specified "exact" rule will be used by default. Other acceptable values are minimum, maximum, better. -
isForceKeystoreGeneration
public boolean isForceKeystoreGeneration()Force generation of the keystore. -
getResponseBindingType
The SAML2 response binding type to use when generating metadata. This ultimately controls the binding type of the assertion consumer service in the metadata. Default value is typicallyurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
. -
getCertificateExpirationDays
public int getCertificateExpirationDays()Define the validity period for the certificate in number of days. The end-date of the certificate is controlled by this setting, when defined as a value greater than zero. -
getCertificateSignatureAlg
Certificate signature algorithm to use when generating the certificate. -
getCertificateNameToAppend
A name to append to signing certificates generated. The named part appended can be useful to identify for which clientName it was generated If no name is provided the default certificate name will be used. -
getNameIdPolicyFormat
NameID policy to request in the authentication requests. -
getNameIdPolicyAllowCreate
Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined. -
isWantsAssertionsSigned
public boolean isWantsAssertionsSigned()Whether metadata should be marked to request sign assertions. -
isWantsResponsesSigned
public boolean isWantsResponsesSigned()Whether a response has to be mandatory signed. -
isAllSignatureValidationDisabled
public boolean isAllSignatureValidationDisabled()Whether the signature validation should be disabled. Never set this property totrue
in production. -
getAttributeConsumingServiceIndex
public int getAttributeConsumingServiceIndex()AttributeConsumingServiceIndex attribute of AuthnRequest element. The given index points out a specific AttributeConsumingService structure, declared into the Service Provider (SP)'s metadata, to be used to specify all the attributes that the Service Provider is asking to be released within the authentication assertion returned by the Identity Provider (IdP). This attribute won't be sent with the request unless a positive value (including 0) is defined. -
getAssertionConsumerServiceIndex
public int getAssertionConsumerServiceIndex()Allows the SAML client to select a specific ACS url from the metadata, if defined. A negative value de-activates the selection process and is the default. -
isUseNameQualifier
public boolean isUseNameQualifier()Whether name qualifiers should be produced in the final saml response. -
isSignServiceProviderMetadata
public boolean isSignServiceProviderMetadata()Whether or not SAML SP metadata should be signed when generated. -
isSignAuthnRequest
public boolean isSignAuthnRequest()Whether or not the authnRequest should be signed. -
isSignServiceProviderLogoutRequest
public boolean isSignServiceProviderLogoutRequest()Whether or not the Logout Request sent from the SP should be signed. -
getRequestedAttributes
List of attributes requested by the service provider that would be put into the service provider metadata. -
getBlockedSignatureSigningAlgorithms
Collection of signing signature blocked algorithms, if any, to override the global defaults. -
getSignatureAlgorithms
Collection of signing signature algorithms, if any, to override the global defaults. -
getSignatureReferenceDigestMethods
Collection of signing signature reference digest methods, if any, to override the global defaults. -
getSignatureCanonicalizationAlgorithm
The signing signature canonicalization algorithm, if any, to override the global defaults. -
getNameIdAttribute
The attribute name that should be used and extracted from the SAML2 response to identify and build a NameID value, when the response is processed and consumed. -
getProviderName
Provider name set for the saml authentication request. Sets the human-readable name of the requester for use by the presenter's user agent or the identity provider. -
getMessageStoreFactory
Factory implementing this interface provides services for storing and retrieval of SAML messages for e.g. verification of retrieved responses. The default factory is an always empty store. You may chooseorg.pac4j.saml.store.HttpSessionStore
instead which allows SAML messages to be stored in a distributed session store specially required for high availability deployments and validation operations.Available options are:
EMPTY
: Uses theEmptyStoreFactory
SESSION
: Uses theHttpSessionStore
- Fully-qualified class name of the message store implementation.
Also note that the message store implementation can be supplied and configured at runtime as a Spring
@Bean
with the typeSAMLMessageStoreFactory
which, if found in the available application context, will override all other options. -
getSaml2AttributeConverter
Controls the way SAML2 attributes are converted from the authentication response into pac4j attributes. By default, values of complex types are serialized into a single attribute. To change this behaviour, a converter class implementing theAttributeConverter
interface.- See Also:
-
isPartialLogoutAsSuccess
public boolean isPartialLogoutAsSuccess()Logouts are only successful if the IdP was able to inform all services, otherwise it will respond withPartialLogout
. This setting allows clients such as CAS to ignore such server-side behavior. If the IdP reports back a partial logout, this setting instructs CAS whether it should accept or deny that response. -
isResponseDestinationMandatory
public boolean isResponseDestinationMandatory()When validating the response, ensure it has a value set for theDestination
attribute. -
getRequestInitiatorUrl
When generating SAML2 metadata, configure and set the request initiator location attribute. -
getSingleLogoutServiceUrl
When generating SAML2 metadata, configure and set the single logout service URL attribute. -
getLogoutResponseBindingType
Control the logout response binding type during logout operations as invoked by an external IdP and in response to logout requests. -
getSupportedProtocols
When generating SAML2 metadata, configure and set the list of supported protocols in the metadata. -
setMetadata
Metadata configuration properties.- Returns:
this
.
-
setDestinationBinding
The destination binding to use when creating authentication requests.- Returns:
this
.
-
setLogoutRequestBinding
The destination binding to use when creating logout requests.- Returns:
this
.
-
setKeystorePassword
The password to use when generating the SP/CAS keystore.- Returns:
this
.
-
setPrivateKeyPassword
The password to use when generating the private key for the SP/CAS keystore.- Returns:
this
.
-
setKeystorePath
Location of the keystore to use and generate the SP/CAS keystore.- Returns:
this
.
-
setMaximumAuthenticationLifetime
public Pac4jSamlClientProperties setMaximumAuthenticationLifetime(String maximumAuthenticationLifetime) Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you. By default, the SAML client will accept assertions based on a previous authentication for one hour. You can adjust this behavior by modifying this setting. The unit of time here is seconds.- Returns:
this
.
-
setAcceptedSkew
Maximum skew in seconds between SP and IDP clocks. This skew is added onto theNotOnOrAfter
field in seconds for the SAML response validation.- Returns:
this
.
-
setMappedAttributes
Describes the map of attributes that are to be fetched from the credential (map keys) and then transformed/renamed using map values before they are put into a profile. An example might be to fetchgivenName
from credential and rename it tourn:oid:2.5.4.42
or vice versa. Note that this setting only applies to attribute names, and not friendly-names. List arbitrary mappings of claims. Uses a "directed list" where the allowed syntax would begivenName->urn:oid:2.5.4.42
.- Returns:
this
.
-
setServiceProviderEntityId
The entity id of the SP/CAS that is used in the SP metadata generation process.- Returns:
this
.
-
setForceAuth
Whether authentication requests should be tagged as forced auth.- Returns:
this
.
-
setPassive
Whether authentication requests should be tagged as passive.- Returns:
this
.
-
setAuthnContextClassRef
Requested authentication context class in authn requests.- Returns:
this
.
-
setAuthnContextComparisonType
Specifies the comparison rule that should be used to evaluate the specified authentication methods. For example, if exact is specified, the authentication method used must match one of the authentication methods specified by the AuthnContextClassRef elements. AuthContextClassRef element require comparison rule to be used to evaluate the specified authentication methods. If not explicitly specified "exact" rule will be used by default. Other acceptable values are minimum, maximum, better.- Returns:
this
.
-
setForceKeystoreGeneration
Force generation of the keystore.- Returns:
this
.
-
setResponseBindingType
The SAML2 response binding type to use when generating metadata. This ultimately controls the binding type of the assertion consumer service in the metadata. Default value is typicallyurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
.- Returns:
this
.
-
setCertificateExpirationDays
Define the validity period for the certificate in number of days. The end-date of the certificate is controlled by this setting, when defined as a value greater than zero.- Returns:
this
.
-
setCertificateSignatureAlg
Certificate signature algorithm to use when generating the certificate.- Returns:
this
.
-
setCertificateNameToAppend
A name to append to signing certificates generated. The named part appended can be useful to identify for which clientName it was generated If no name is provided the default certificate name will be used.- Returns:
this
.
-
setNameIdPolicyFormat
NameID policy to request in the authentication requests.- Returns:
this
.
-
setNameIdPolicyAllowCreate
public Pac4jSamlClientProperties setNameIdPolicyAllowCreate(TriStateBoolean nameIdPolicyAllowCreate) Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined.- Returns:
this
.
-
setWantsAssertionsSigned
Whether metadata should be marked to request sign assertions.- Returns:
this
.
-
setWantsResponsesSigned
Whether a response has to be mandatory signed.- Returns:
this
.
-
setAllSignatureValidationDisabled
public Pac4jSamlClientProperties setAllSignatureValidationDisabled(boolean allSignatureValidationDisabled) Whether the signature validation should be disabled. Never set this property totrue
in production.- Returns:
this
.
-
setAttributeConsumingServiceIndex
public Pac4jSamlClientProperties setAttributeConsumingServiceIndex(int attributeConsumingServiceIndex) AttributeConsumingServiceIndex attribute of AuthnRequest element. The given index points out a specific AttributeConsumingService structure, declared into the Service Provider (SP)'s metadata, to be used to specify all the attributes that the Service Provider is asking to be released within the authentication assertion returned by the Identity Provider (IdP). This attribute won't be sent with the request unless a positive value (including 0) is defined.- Returns:
this
.
-
setAssertionConsumerServiceIndex
public Pac4jSamlClientProperties setAssertionConsumerServiceIndex(int assertionConsumerServiceIndex) Allows the SAML client to select a specific ACS url from the metadata, if defined. A negative value de-activates the selection process and is the default.- Returns:
this
.
-
setUseNameQualifier
Whether name qualifiers should be produced in the final saml response.- Returns:
this
.
-
setSignServiceProviderMetadata
public Pac4jSamlClientProperties setSignServiceProviderMetadata(boolean signServiceProviderMetadata) Whether or not SAML SP metadata should be signed when generated.- Returns:
this
.
-
setSignAuthnRequest
Whether or not the authnRequest should be signed.- Returns:
this
.
-
setSignServiceProviderLogoutRequest
public Pac4jSamlClientProperties setSignServiceProviderLogoutRequest(boolean signServiceProviderLogoutRequest) Whether or not the Logout Request sent from the SP should be signed.- Returns:
this
.
-
setRequestedAttributes
public Pac4jSamlClientProperties setRequestedAttributes(List<Pac4jSamlServiceProviderRequestedAttribute> requestedAttributes) List of attributes requested by the service provider that would be put into the service provider metadata.- Returns:
this
.
-
setBlockedSignatureSigningAlgorithms
public Pac4jSamlClientProperties setBlockedSignatureSigningAlgorithms(List<String> blockedSignatureSigningAlgorithms) Collection of signing signature blocked algorithms, if any, to override the global defaults.- Returns:
this
.
-
setSignatureAlgorithms
Collection of signing signature algorithms, if any, to override the global defaults.- Returns:
this
.
-
setSignatureReferenceDigestMethods
public Pac4jSamlClientProperties setSignatureReferenceDigestMethods(List<String> signatureReferenceDigestMethods) Collection of signing signature reference digest methods, if any, to override the global defaults.- Returns:
this
.
-
setSignatureCanonicalizationAlgorithm
public Pac4jSamlClientProperties setSignatureCanonicalizationAlgorithm(String signatureCanonicalizationAlgorithm) The signing signature canonicalization algorithm, if any, to override the global defaults.- Returns:
this
.
-
setNameIdAttribute
The attribute name that should be used and extracted from the SAML2 response to identify and build a NameID value, when the response is processed and consumed.- Returns:
this
.
-
setProviderName
Provider name set for the saml authentication request. Sets the human-readable name of the requester for use by the presenter's user agent or the identity provider.- Returns:
this
.
-
setMessageStoreFactory
Factory implementing this interface provides services for storing and retrieval of SAML messages for e.g. verification of retrieved responses. The default factory is an always empty store. You may chooseorg.pac4j.saml.store.HttpSessionStore
instead which allows SAML messages to be stored in a distributed session store specially required for high availability deployments and validation operations.Available options are:
EMPTY
: Uses theEmptyStoreFactory
SESSION
: Uses theHttpSessionStore
- Fully-qualified class name of the message store implementation.
Also note that the message store implementation can be supplied and configured at runtime as a Spring
@Bean
with the typeSAMLMessageStoreFactory
which, if found in the available application context, will override all other options.- Returns:
this
.
-
setSaml2AttributeConverter
Controls the way SAML2 attributes are converted from the authentication response into pac4j attributes. By default, values of complex types are serialized into a single attribute. To change this behaviour, a converter class implementing theAttributeConverter
interface.- Returns:
this
.- See Also:
-
setPartialLogoutAsSuccess
Logouts are only successful if the IdP was able to inform all services, otherwise it will respond withPartialLogout
. This setting allows clients such as CAS to ignore such server-side behavior. If the IdP reports back a partial logout, this setting instructs CAS whether it should accept or deny that response.- Returns:
this
.
-
setResponseDestinationMandatory
public Pac4jSamlClientProperties setResponseDestinationMandatory(boolean responseDestinationMandatory) When validating the response, ensure it has a value set for theDestination
attribute.- Returns:
this
.
-
setRequestInitiatorUrl
When generating SAML2 metadata, configure and set the request initiator location attribute.- Returns:
this
.
-
setSingleLogoutServiceUrl
When generating SAML2 metadata, configure and set the single logout service URL attribute.- Returns:
this
.
-
setLogoutResponseBindingType
Control the logout response binding type during logout operations as invoked by an external IdP and in response to logout requests.- Returns:
this
.
-
setSupportedProtocols
When generating SAML2 metadata, configure and set the list of supported protocols in the metadata.- Returns:
this
.
-