Class AuthnRequirements
- All Implemented Interfaces:
Serializable
,Extensible
- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Builder forAuthnRequirements
objects. -
Constructor Summary
ConstructorDescriptionDefault constructor.AuthnRequirements
(String authnServiceID, String authnProfile, List<String> authnContextClassRefs, List<SignerIdentityAttributeValue> requestedSignerAttributes, Extension extension) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionbuilder()
Gets the authentication context reference identifier(s) (URI(s)) that identifies the context under which the signer should be authenticated.Gets the authentication profile.Gets the entityID of the authentication service (Identity Provider) that will authenticate the signer as part of the signature process.Returns the extension parameters for the instance.Gets the list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert).void
setAuthnContextClassRefs
(List<String> authnContextClassRefs) Assigns the authentication context reference identifier(s) (URI(s)) that identifies the context under which the signer should be authenticated.void
setAuthnContextRef
(String authnContextRef) Deprecated.void
setAuthnProfile
(String authnProfile) Assigns the authentication profile.void
setAuthnServiceID
(String authnServiceID) Assigns the entityID of the authentication service (Identity Provider) that will authenticate the signer as part of the signature process.void
setExtension
(Extension extension) Assigns the extension parameters for the instance.void
setRequestedSignerAttributes
(List<SignerIdentityAttributeValue> requestedSignerAttributes) Assigns the list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert).toString()
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface se.idsec.signservice.integration.core.Extensible
addExtensionValue, getExtensionValue
-
Constructor Details
-
AuthnRequirements
public AuthnRequirements()Default constructor. -
AuthnRequirements
public AuthnRequirements(String authnServiceID, String authnProfile, List<String> authnContextClassRefs, List<SignerIdentityAttributeValue> requestedSignerAttributes, Extension extension) Constructor.- Parameters:
authnServiceID
- entityID of the authentication service (Identity Provider)authnProfile
- optional authentication profileauthnContextClassRefs
- authentication context reference identifier(s)requestedSignerAttributes
- list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert)extension
- extensions for the object
-
-
Method Details
-
getAuthnServiceID
Gets the entityID of the authentication service (Identity Provider) that will authenticate the signer as part of the signature process.- Returns:
- the entityID of the authentication service to use
- See Also:
-
setAuthnServiceID
Assigns the entityID of the authentication service (Identity Provider) that will authenticate the signer as part of the signature process.In almost all cases a user is first authenticated before performing a signature, and the entityID is then the ID of the Identity Provider that authenticated the user during login to the service requesting the signature.
In the rare cases where a user is not authenticated when the signature is requested, it is the signature requester's responsibility to prompt the user for the authentication service to use, or by other means acquire this information.
- Parameters:
authnServiceID
- the entityID of the authentication service to use
-
getAuthnProfile
Gets the authentication profile.This is a an opaque string that can be used to inform the Signing Service about specific requirements regarding the user authentication at the given Identity Provider.
- Returns:
- opaque string representing an authentication profile
-
setAuthnProfile
Assigns the authentication profile.This is an opaque string that can be used to inform the Signing Service about specific requirements regarding the user authentication at the given Identity Provider.
Note: Before setting this property, ensure that the receiving Signature Service supports version 1.4 of the "DSS Extension for Federated Central Signing Services" specification.
- Parameters:
authnProfile
- opaque string representing an authentication profile
-
getAuthnContextClassRefs
Gets the authentication context reference identifier(s) (URI(s)) that identifies the context under which the signer should be authenticated. This identifier is often referred to as the "level of assurance" (LoA).- Returns:
- the authentication context reference URI(s)
- See Also:
-
setAuthnContextClassRefs
Assigns the authentication context reference identifier(s) (URI(s)) that identifies the context under which the signer should be authenticated. This identifier is often referred to as the "level of assurance" (LoA).In the normal case where the user already has been authenticated, the authentication context reference identifier received from the authentication process should be used.
If several URI:s are supplied it states that the Signature Service should assert that the user is authenticated according to one of the supplied URI:s.
Note: If setting more than one URI, ensure that the receiving Signature Service supports version 1.4 of the "DSS Extension for Federated Central Signing Services" specification.
- Parameters:
authnContextClassRefs
- the authentication context reference URI(s)
-
setAuthnContextRef
Deprecated.For backwards compatibility. UsesetAuthnContextClassRefs(List)
instead.- Parameters:
authnContextRef
- the AuthnContextClassRef URI to add
-
getRequestedSignerAttributes
Gets the list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert).- Returns:
- requestedSignerAttributes a list of requested attribute values
-
setRequestedSignerAttributes
public void setRequestedSignerAttributes(List<SignerIdentityAttributeValue> requestedSignerAttributes) Assigns the list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert).Typically, a sign requester includes the identity attributes that binds the signature operation to the principal that authenticated at the sign requester service, for example the personalIdentityNumber of the principal.
- Parameters:
requestedSignerAttributes
- a list of requested attribute values
-
getExtension
Returns the extension parameters for the instance.- Specified by:
getExtension
in interfaceExtensible
- Returns:
- the extension, or
null
if no extensions are set
-
setExtension
Assigns the extension parameters for the instance.- Specified by:
setExtension
in interfaceExtensible
- Parameters:
extension
- the extension
-
builder
-
toBuilder
-
toString
-