/******************************************************************************* * Copyright 2017 Graz University of Technology * EAAF-Core Components has been developed in a cooperation between EGIZ, * A-SIT+, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ /******************************************************************************* *******************************************************************************/ /******************************************************************************* *******************************************************************************/ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; import java.util.Collection; import java.util.List; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; /** * @author tlenz * */ public interface IPVPMetadataBuilderConfiguration { /** * Defines a unique name for this PVP Service-provider, which is used for logging * * @return */ public String getSPNameForLogging(); /** * Set metadata valid area * * @return valid until in hours [h] */ public int getMetadataValidUntil(); /** * Build a SAML2 Entities element as metadata root element * * @return true, if the metadata should start with entities element */ public boolean buildEntitiesDescriptorAsRootElement(); /** * * * @return true, if an IDP SSO-descriptor element should be generated */ public boolean buildIDPSSODescriptor(); /** * * * @return true, if an SP SSO-descriptor element should be generated */ public boolean buildSPSSODescriptor(); /** * Set the PVP entityID for this SAML2 metadata. * The entityID must be an URL and must be start with the public-URL prefix of the server * * @return PVP entityID postfix as String */ public String getEntityID(); /** * Set a friendlyName for this PVP entity * * @return */ public String getEntityFriendlyName(); /** * Set the contact information for this metadata entity * * @return */ public List getContactPersonInformation(); /** * Set organisation information for this metadata entity * * @return */ public Organization getOrgansiationInformation(); /** * Set the credential for metadata signing * * @return * @throws CredentialsNotAvailableException */ public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; /** * Set the credential for request/response signing * IDP metadata: this credential is used for SAML2 response signing * SP metadata: this credential is used for SAML2 response signing * * @return * @throws CredentialsNotAvailableException */ public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; /** * Set the credential for response encryption * * @return * @throws CredentialsNotAvailableException */ public Credential getEncryptionCredentials() throws CredentialsNotAvailableException; /** * Set the IDP Post-Binding URL for WebSSO * * @return */ public String getIDPWebSSOPostBindingURL(); /** * Set the IDP Redirect-Binding URL for WebSSO * * @return */ public String getIDPWebSSORedirectBindingURL(); /** * Set the IDP Post-Binding URL for Single LogOut * * @return */ public String getIDPSLOPostBindingURL(); /** * Set the IDP Redirect-Binding URL for Single LogOut * * @return */ public String getIDPSLORedirectBindingURL(); /** * Set the SP Post-Binding URL for for the Assertion-Consumer Service * * @return */ public String getSPAssertionConsumerServicePostBindingURL(); /** * Set the SP Redirect-Binding URL for the Assertion-Consumer Service * * @return */ public String getSPAssertionConsumerServiceRedirectBindingURL(); /** * Set the SP Post-Binding URL for Single LogOut * * @return */ public String getSPSLOPostBindingURL(); /** * Set the SP Redirect-Binding URL for Single LogOut * * @return */ public String getSPSLORedirectBindingURL(); /** * Set the SP SOAP-Binding URL for Single LogOut * * @return */ public String getSPSLOSOAPBindingURL(); /** * Set all SAML2 attributes which could be provided by this IDP * * @return */ public List getIDPPossibleAttributes(); /** * Set all nameID types which could be provided by this IDP * * @return a List of SAML2 nameID types */ public List getIDPPossibleNameITTypes(); /** * Set all SAML2 attributes which are required by the SP * * @return */ public Collection getSPRequiredAttributes(); /** * Set all nameID types which allowed from the SP * * @return a List of SAML2 nameID types */ public List getSPAllowedNameITTypes(); /** * Set the 'wantAssertionSigned' attribute in SP metadata * * @return */ public boolean wantAssertionSigned(); /** * Set the 'wantAuthnRequestSigned' attribute * * @return */ public boolean wantAuthnRequestSigned(); }