Package com.nimbusds.oauth2.sdk.assertions.saml2

Class SAML2AssertionDetails

java.lang.Object

com.nimbusds.oauth2.sdk.assertions.AssertionDetails

com.nimbusds.oauth2.sdk.assertions.saml2.SAML2AssertionDetails

@Immutable
public class SAML2AssertionDetails
extends AssertionDetails

SAML 2.0 bearer assertion details for OAuth 2.0 client authentication and authorisation grants.

Used for SAML 2.0 bearer assertion grants.

Example SAML 2.0 assertion:

 <Assertion IssueInstant="2010-10-01T20:07:34.619Z"
            ID="ef1xsbZxPV2oqjd7HTLRLIBlBb7"
            Version="2.0"
            xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
     <Issuer>https://saml-idp.example.com</Issuer>
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         [...omitted for brevity...]
     </ds:Signature>
     <Subject>
         <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
             brian@example.com
         </NameID>
         <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
             <SubjectConfirmationData NotOnOrAfter="2010-10-01T20:12:34.619Z"
                                      Recipient="https://authz.example.net/token.oauth2"/>
         </SubjectConfirmation>
     </Subject>
     <Conditions>
         <AudienceRestriction>
             <Audience>https://saml-sp.example.net</Audience>
         </AudienceRestriction>
     </Conditions>
     <AuthnStatement AuthnInstant="2010-10-01T20:07:34.371Z">
         <AuthnContext>
             <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</AuthnContextClassRef>
         </AuthnContext>
     </AuthnStatement>
 </Assertion>
 

Related specifications:

• Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522), section 3.

Constructor Summary

Constructors

Constructor	Description
SAML2AssertionDetails(Issuer issuer, Subject subject, Audience audience)	Creates a new SAML 2.0 bearer assertion details instance.
SAML2AssertionDetails(Issuer issuer, Subject subject, String subjectFormat, Date subjectAuthTime, ACR subjectACR, List<Audience> audience, Date exp, Date nbf, Date iat, Identifier id, InetAddress clientAddress, Map<String,List<String>> attrStatement)	Creates a new SAML 2.0 bearer assertion details instance.

Method Summary

Modifier and Type	Method	Description
Map<String,List<String>>	getAttributeStatement()	Returns the optional attribute statement.
InetAddress	getClientInetAddress()	Returns the optional client address to which this assertion is bound.
Date	getNotBeforeTime()	Returns the optional not-before time.
ACR	getSubjectACR()	Returns the optional subject Authentication Context Class Reference (ACR).
Date	getSubjectAuthenticationTime()	Returns the optional subject authentication time.
String	getSubjectFormat()	Returns the optional subject format.
static SAML2AssertionDetails	parse(org.opensaml.saml.saml2.core.Assertion assertion)	Parses a SAML 2.0 bearer assertion details instance from the specified assertion object.
org.opensaml.saml.saml2.core.Assertion	toSAML2Assertion()	Returns a SAML 2.0 assertion (unsigned) representation of this assertion details instance.

Methods inherited from class com.nimbusds.oauth2.sdk.assertions.AssertionDetails

getAudience, getExpirationTime, getID, getIssuer, getIssueTime, getSubject

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAML2AssertionDetails

public SAML2AssertionDetails(Issuer issuer,
                             Subject subject,
                             Audience audience)

Creates a new SAML 2.0 bearer assertion details instance. The expiration time is set to five minutes from the current system time. Generates a default identifier for the assertion. The issue time is set to the current system time.

Parameters:

issuer - The issuer. Must not be null.

subject - The subject. Must not be null.

audience - The audience, typically the URI of the authorisation server's token endpoint. Must not be null.

SAML2AssertionDetails

public SAML2AssertionDetails(Issuer issuer,
                             Subject subject,
                             String subjectFormat,
                             Date subjectAuthTime,
                             ACR subjectACR,
                             List<Audience> audience,
                             Date exp,
                             Date nbf,
                             Date iat,
                             Identifier id,
                             InetAddress clientAddress,
                             Map<String,List<String>> attrStatement)

Creates a new SAML 2.0 bearer assertion details instance.

Parameters:

issuer - The issuer. Must not be null.

subject - The subject. Must not be null.

subjectFormat - The subject format, null if not specified.

subjectAuthTime - The subject authentication time, null if not specified.

subjectACR - The subject Authentication Context Class Reference (ACR), null if not specified.

audience - The audience, typically including the URI of the authorisation server's token endpoint. Must not be null.

exp - The expiration time. Must not be null.

nbf - The time before which the assertion must not be accepted for processing, null if not specified.

iat - The time at which the assertion was issued. Must not be null.

id - Unique identifier for the assertion. Must not be null.

clientAddress - The client address, null if not specified.

attrStatement - The attribute statement (in simplified form), null if not specified.

Method Detail

getSubjectFormat

public String getSubjectFormat()

Returns the optional subject format.

Returns:

The subject format, null if not specified.

getSubjectAuthenticationTime

public Date getSubjectAuthenticationTime()

Returns the optional subject authentication time.

Returns:

The subject authentication time, null if not specified.

getSubjectACR

public ACR getSubjectACR()

Returns the optional subject Authentication Context Class Reference (ACR).

Returns:

The subject ACR, null if not specified.

getNotBeforeTime

public Date getNotBeforeTime()

Returns the optional not-before time.

Returns:

The not-before time, null if not specified.

getClientInetAddress

public InetAddress getClientInetAddress()

Returns the optional client address to which this assertion is bound.

Returns:

The client address, null if not specified.

getAttributeStatement

public Map<String,List<String>> getAttributeStatement()

Returns the optional attribute statement.

Returns:

The attribute statement (in simplified form), null if not specified.

toSAML2Assertion

public org.opensaml.saml.saml2.core.Assertion toSAML2Assertion()
                                                        throws SerializeException

Returns a SAML 2.0 assertion (unsigned) representation of this assertion details instance.

Returns:

The SAML 2.0 assertion (with no signature element).

Throws:

SerializeException - If serialisation failed.

parse

public static SAML2AssertionDetails parse(org.opensaml.saml.saml2.core.Assertion assertion)
                                   throws ParseException

Parses a SAML 2.0 bearer assertion details instance from the specified assertion object.

Parameters:

assertion - The assertion. Must not be null.

Returns:

The SAML 2.0 bearer assertion details.

Throws:

ParseException - If the assertion couldn't be parsed to a SAML 2.0 bearer assertion details instance.