Package se.litsec.opensaml.saml2.common.response

Class ResponseValidationSettings

  • public class ResponseValidationSettings
extends Object
    Configuration settings for response and assertion validation.
    Author:
    Martin Lindström (martin.lindstrom@litsec.se)

    • Field Detail

      • DEFAULT_ALLOWED_CLOCK_SKEW

        public static final long DEFAULT_ALLOWED_CLOCK_SKEW
        The default allowed clock skew (in milliseconds) - 30 seconds.
        See Also:
        Constant Field Values

      • DEFAULT_MAX_AGE_RESPONSE

        public static final long DEFAULT_MAX_AGE_RESPONSE
        The default age for a response message that we allow (in milliseconds) - 3 minutes.
        See Also:
        Constant Field Values

      • DEFAULT_MAX_SESSION_AGE

        public static final long DEFAULT_MAX_SESSION_AGE
        Default max session age (in milliseconds) - 1 hour.
        See Also:
        Constant Field Values

    • Constructor Detail

      • ResponseValidationSettings

        public ResponseValidationSettings()

    • Method Detail

      • getAllowedClockSkew

        public long getAllowedClockSkew()
        Returns the allowed clock skew (in milliseconds).

        The default is DEFAULT_ALLOWED_CLOCK_SKEW.

        Returns:
        the allowed clock skew (in milliseconds)

      • setAllowedClockSkew

        public void setAllowedClockSkew​(long allowedClockSkew)
        Assigns the allowed clock skew (in milliseconds).

        The default is DEFAULT_ALLOWED_CLOCK_SKEW.

        Parameters:
        allowedClockSkew - the allowed clock skew (in milliseconds)

      • getMaxAgeResponse

        public long getMaxAgeResponse()
        Returns the maximum allowed "age" of a response message (in milliseconds).

        The default is DEFAULT_MAX_AGE_RESPONSE.

        Returns:
        the maximum allowed "age" of a response message (in milliseconds)

      • setMaxAgeResponse

        public void setMaxAgeResponse​(long maxAgeResponse)
        Assigns the maximum allowed "age" of a response message (in milliseconds).

        The default is DEFAULT_MAX_AGE_RESPONSE.

        Parameters:
        maxAgeResponse - the maximum allowed "age" of a response message (in milliseconds)

      • getMaxSessionAge

        public long getMaxSessionAge()
        Returns the maximum session age allowed for SSO (in milliseconds).

        The default is DEFAULT_MAX_SESSION_AGE.

        Returns:
        the maximum session age allowed for SSO (in milliseconds)

      • setMaxSessionAge

        public void setMaxSessionAge​(long maxSessionAge)
        Assigns the maximum session age allowed for SSO (in milliseconds).

        The default is DEFAULT_MAX_SESSION_AGE.

        Parameters:
        maxSessionAge - the maximum session age allowed for SSO (in milliseconds)

      • isStrictValidation

        public boolean isStrictValidation()
        Predicate telling whether strict validation should be performed.

        The default is false.

        Returns:
        whether strict validation should be performed

      • setStrictValidation

        public void setStrictValidation​(boolean strictValidation)
        Assigns telling whether strict validation should be performed.

        The default is false.

        Parameters:
        strictValidation - whether strict validation should be performed

      • isRequireSignedAssertions

        public boolean isRequireSignedAssertions()
        Do we require signed assertions?

        Should correspond the WantAssertionsSigned of the SP metadata.

        Returns:
        do we require signed assertions?

      • setRequireSignedAssertions

        public void setRequireSignedAssertions​(boolean requireSignedAssertions)
        Assigns whether we require signed assertions.

        Should correspond the WantAssertionsSigned of the SP metadata.

        Parameters:
        requireSignedAssertions - whether we require signed assertions?