se.litsec.opensaml.saml2.common.response

Class ResponseValidationSettings

java.lang.Object

se.litsec.opensaml.saml2.common.response.ResponseValidationSettings

public class ResponseValidationSettings
extends Object

Configuration settings for response and assertion validation.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Field Summary

Fields

Modifier and Type	Field and Description
static long	DEFAULT_ALLOWED_CLOCK_SKEW The default allowed clock skew (in milliseconds) - 30 seconds.
static long	DEFAULT_MAX_AGE_RESPONSE The default age for a response message that we allow (in milliseconds) - 3 minutes.
static long	DEFAULT_MAX_SESSION_AGE Default max session age (in milliseconds) - 1 hour.

Constructor Summary

Constructors

Constructor and Description
ResponseValidationSettings()

Method Summary

Modifier and Type	Method and Description
long	getAllowedClockSkew() Returns the allowed clock skew (in milliseconds).
long	getMaxAgeResponse() Returns the maximum allowed "age" of a response message (in milliseconds).
long	getMaxSessionAge() Returns the maximum session age allowed for SSO (in milliseconds).
boolean	isRequireSignedAssertions() Do we require signed assertions?
boolean	isStrictValidation() Predicate telling whether strict validation should be performed.
void	setAllowedClockSkew(long allowedClockSkew) Assigns the allowed clock skew (in milliseconds).
void	setMaxAgeResponse(long maxAgeResponse) Assigns the maximum allowed "age" of a response message (in milliseconds).
void	setMaxSessionAge(long maxSessionAge) Assigns the maximum session age allowed for SSO (in milliseconds).
void	setRequireSignedAssertions(boolean requireSignedAssertions) Assigns whether we require signed assertions.
void	setStrictValidation(boolean strictValidation) Assigns telling whether strict validation should be performed.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_ALLOWED_CLOCK_SKEW

public static final long DEFAULT_ALLOWED_CLOCK_SKEW

The default allowed clock skew (in milliseconds) - 30 seconds.

See Also:

Constant Field Values

DEFAULT_MAX_AGE_RESPONSE

public static final long DEFAULT_MAX_AGE_RESPONSE

The default age for a response message that we allow (in milliseconds) - 3 minutes.

See Also:

Constant Field Values

DEFAULT_MAX_SESSION_AGE

public static final long DEFAULT_MAX_SESSION_AGE

Default max session age (in milliseconds) - 1 hour.

See Also:

Constant Field Values

Constructor Detail

ResponseValidationSettings

public ResponseValidationSettings()

Method Detail

getAllowedClockSkew

public long getAllowedClockSkew()

Returns the allowed clock skew (in milliseconds).

The default is DEFAULT_ALLOWED_CLOCK_SKEW.

Returns:

the allowed clock skew (in milliseconds)

setAllowedClockSkew

public void setAllowedClockSkew(long allowedClockSkew)

Assigns the allowed clock skew (in milliseconds).

The default is DEFAULT_ALLOWED_CLOCK_SKEW.

Parameters:

allowedClockSkew - the allowed clock skew (in milliseconds)

getMaxAgeResponse

public long getMaxAgeResponse()

Returns the maximum allowed "age" of a response message (in milliseconds).

The default is DEFAULT_MAX_AGE_RESPONSE.

Returns:

the maximum allowed "age" of a response message (in milliseconds)

setMaxAgeResponse

public void setMaxAgeResponse(long maxAgeResponse)

Assigns the maximum allowed "age" of a response message (in milliseconds).

The default is DEFAULT_MAX_AGE_RESPONSE.

Parameters:

maxAgeResponse - the maximum allowed "age" of a response message (in milliseconds)

getMaxSessionAge

public long getMaxSessionAge()

Returns the maximum session age allowed for SSO (in milliseconds).

The default is DEFAULT_MAX_SESSION_AGE.

Returns:

the maximum session age allowed for SSO (in milliseconds)

setMaxSessionAge

public void setMaxSessionAge(long maxSessionAge)

Assigns the maximum session age allowed for SSO (in milliseconds).

The default is DEFAULT_MAX_SESSION_AGE.

Parameters:

maxSessionAge - the maximum session age allowed for SSO (in milliseconds)

isStrictValidation

public boolean isStrictValidation()

Predicate telling whether strict validation should be performed.

The default is false.

Returns:

whether strict validation should be performed

setStrictValidation

public void setStrictValidation(boolean strictValidation)

Assigns telling whether strict validation should be performed.

The default is false.

Parameters:

strictValidation - whether strict validation should be performed

isRequireSignedAssertions

public boolean isRequireSignedAssertions()

Do we require signed assertions?

Should correspond the WantAssertionsSigned of the SP metadata.

Returns:

do we require signed assertions?

setRequireSignedAssertions

public void setRequireSignedAssertions(boolean requireSignedAssertions)

Assigns whether we require signed assertions.

Should correspond the WantAssertionsSigned of the SP metadata.

Parameters:

requireSignedAssertions - whether we require signed assertions?

toString

public String toString()

Overrides:

toString in class Object