Package se.idsec.signservice.integration.authentication

Class AuthnRequirements

java.lang.Object
se.idsec.signservice.integration.authentication.AuthnRequirements
All Implemented Interfaces:
Serializable, Extensible
public class AuthnRequirements extends Object implements Extensible
A sign requester specifies a set of authentication requirements regarding the signer when sending a SignRequest message. This class represents these requirements.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
See Also:

  • Constructor Details

    • AuthnRequirements

      public AuthnRequirements()
      Default constructor.

    • AuthnRequirements

      public AuthnRequirements(String authnServiceID, String authnProfile, List<String> authnContextClassRefs, List<SignerIdentityAttributeValue> requestedSignerAttributes, Extension extension)
      Constructor.
      Parameters:
      authnServiceID - entityID of the authentication service (Identity Provider)
      authnProfile - optional authentication profile
      authnContextClassRefs - authentication context reference identifier(s)
      requestedSignerAttributes - list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert)
      extension - extensions for the object

  • Method Details

    • getAuthnServiceID

      public String getAuthnServiceID()
      Gets the entityID of the authentication service (Identity Provider) that will authenticate the signer as part of the signature process.
      Returns:
      the entityID of the authentication service to use
      See Also:

    • setAuthnServiceID

      public void setAuthnServiceID(String authnServiceID)
      Assigns the entityID of the authentication service (Identity Provider) that will authenticate the signer as part of the signature process.

      In almost all cases a user is first authenticated before performing a signature, and the entityID is then the ID of the Identity Provider that authenticated the user during login to the service requesting the signature.

      In the rare cases where a user is not authenticated when the signature is requested, it is the signature requester's responsibility to prompt the user for the authentication service to use, or by other means acquire this information.

      Parameters:
      authnServiceID - the entityID of the authentication service to use

    • getAuthnProfile

      public String getAuthnProfile()
      Gets the authentication profile.

      This is a an opaque string that can be used to inform the Signing Service about specific requirements regarding the user authentication at the given Identity Provider.

      Returns:
      opaque string representing an authentication profile

    • setAuthnProfile

      public void setAuthnProfile(String authnProfile)
      Assigns the authentication profile.

      This is an opaque string that can be used to inform the Signing Service about specific requirements regarding the user authentication at the given Identity Provider.

      Note: Before setting this property, ensure that the receiving Signature Service supports version 1.4 of the "DSS Extension for Federated Central Signing Services" specification.

      Parameters:
      authnProfile - opaque string representing an authentication profile

    • getAuthnContextClassRefs

      public List<String> getAuthnContextClassRefs()
      Gets the authentication context reference identifier(s) (URI(s)) that identifies the context under which the signer should be authenticated. This identifier is often referred to as the "level of assurance" (LoA).
      Returns:
      the authentication context reference URI(s)
      See Also:

    • setAuthnContextClassRefs

      public void setAuthnContextClassRefs(List<String> authnContextClassRefs)
      Assigns the authentication context reference identifier(s) (URI(s)) that identifies the context under which the signer should be authenticated. This identifier is often referred to as the "level of assurance" (LoA).

      In the normal case where the user already has been authenticated, the authentication context reference identifier received from the authentication process should be used.

      If several URI:s are supplied it states that the Signature Service should assert that the user is authenticated according to one of the supplied URI:s.

      Note: If setting more than one URI, ensure that the receiving Signature Service supports version 1.4 of the "DSS Extension for Federated Central Signing Services" specification.

      Parameters:
      authnContextClassRefs - the authentication context reference URI(s)

    • setAuthnContextRef

      @Deprecated public void setAuthnContextRef(String authnContextRef)
      Deprecated.
      For backwards compatibility. Use setAuthnContextClassRefs(List) instead.
      Parameters:
      authnContextRef - the AuthnContextClassRef URI to add

    • getRequestedSignerAttributes

      public List<SignerIdentityAttributeValue> getRequestedSignerAttributes()
      Gets the list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert).
      Returns:
      requestedSignerAttributes a list of requested attribute values

    • setRequestedSignerAttributes

      public void setRequestedSignerAttributes(List<SignerIdentityAttributeValue> requestedSignerAttributes)
      Assigns the list of identity attribute values that the sign requestor requires the authentication service (IdP) to validate and deliver (and the signature service to assert).

      Typically, a sign requester includes the identity attributes that binds the signature operation to the principal that authenticated at the sign requester service, for example the personalIdentityNumber of the principal.

      Parameters:
      requestedSignerAttributes - a list of requested attribute values

    • getExtension

      public Extension getExtension()
      Returns the extension parameters for the instance.
      Specified by:
      getExtension in interface Extensible
      Returns:
      the extension, or null if no extensions are set

    • setExtension

      public void setExtension(Extension extension)
      Assigns the extension parameters for the instance.
      Specified by:
      setExtension in interface Extensible
      Parameters:
      extension - the extension

    • builder

      public static AuthnRequirements.AuthnRequirementsBuilder builder()

    • toBuilder

      public AuthnRequirements.AuthnRequirementsBuilder toBuilder()

    • toString

      public String toString()
      Overrides:
      toString in class Object