Package se.litsec.opensaml.saml2.common.response

Class ResponseValidationSettings

  • public class ResponseValidationSettings
extends Object
    Configuration settings for response and assertion validation.
    Author:
    Martin Lindström (martin.lindstrom@litsec.se)

    • Field Detail

      • DEFAULT_ALLOWED_CLOCK_SKEW

        public static final Duration DEFAULT_ALLOWED_CLOCK_SKEW
        The default allowed clock skew (in milliseconds) - 30 seconds.

      • DEFAULT_MAX_AGE_RESPONSE

        public static final Duration DEFAULT_MAX_AGE_RESPONSE
        The default age for a response message that we allow (in milliseconds) - 3 minutes.

      • DEFAULT_MAX_SESSION_AGE

        public static final Duration DEFAULT_MAX_SESSION_AGE
        Default max session age (in milliseconds) - 1 hour.

    • Constructor Detail

      • ResponseValidationSettings

        public ResponseValidationSettings()

    • Method Detail

      • setAllowedClockSkew

        public void setAllowedClockSkew​(Duration allowedClockSkew)
        Assigns the allowed clock skew.

        The default is DEFAULT_ALLOWED_CLOCK_SKEW.

        Parameters:
        allowedClockSkew - the allowed clock skew

      • getMaxAgeResponse

        public Duration getMaxAgeResponse()
        Returns the maximum allowed "age" of a response message.

        The default is DEFAULT_MAX_AGE_RESPONSE.

        Returns:
        the maximum allowed "age" of a response message

      • setMaxAgeResponse

        public void setMaxAgeResponse​(Duration maxAgeResponse)
        Assigns the maximum allowed "age" of a response message

        The default is DEFAULT_MAX_AGE_RESPONSE.

        Parameters:
        maxAgeResponse - the maximum allowed "age" of a response message

      • getMaxSessionAge

        public Duration getMaxSessionAge()
        Returns the maximum session age allowed for SSO.

        The default is DEFAULT_MAX_SESSION_AGE.

        Returns:
        the maximum session age allowed for SSO

      • setMaxSessionAge

        public void setMaxSessionAge​(Duration maxSessionAge)
        Assigns the maximum session age allowed for SSO.

        The default is DEFAULT_MAX_SESSION_AGE.

        Parameters:
        maxSessionAge - the maximum session age allowed for SSO

      • isStrictValidation

        public boolean isStrictValidation()
        Predicate telling whether strict validation should be performed.

        The default is false.

        Returns:
        whether strict validation should be performed

      • setStrictValidation

        public void setStrictValidation​(boolean strictValidation)
        Assigns telling whether strict validation should be performed.

        The default is false.

        Parameters:
        strictValidation - whether strict validation should be performed

      • isRequireSignedAssertions

        public boolean isRequireSignedAssertions()
        Do we require signed assertions?

        Should correspond the WantAssertionsSigned of the SP metadata.

        Returns:
        do we require signed assertions?

      • setRequireSignedAssertions

        public void setRequireSignedAssertions​(boolean requireSignedAssertions)
        Assigns whether we require signed assertions.

        Should correspond the WantAssertionsSigned of the SP metadata.

        Parameters:
        requireSignedAssertions - whether we require signed assertions?