Class SamlAuthProperties
java.lang.Object
com.linecorp.centraldogma.server.auth.saml.SamlAuthProperties
Properties which are used to configure SAML authentication for Central Dogma server.
A user can specify them as the authentication property in the
dogma.json as follows:
"authentication": {
"factoryClassName": "com.linecorp.centraldogma.server.auth.saml.SamlAuthProviderFactory",
"properties": {
"entityId": "...the service provider ID...",
"hostname": "dogma-example.linecorp.com",
"signingKey": "...the name of signing key (optional)...",
"encryptionKey": "...the name of encryption key (optional)...",
"keyStore": {
"type": "...the type of the keystore (optional)...",
"path": "...the path where keystore file exists...",
"password": "...the password of the keystore (optional)...",
"keyPasswords": {
"signing": "...the password of the signing key...",
"encryption": "...the password of the encryption key..."
},
"signatureAlgorithm": "...the signature algorithm for signing and encryption (optional)..."
},
// Specify when your server uses different uri from the recipient of the assertion that
// the IdP sends. For example, if your server is behind a proxy, you need to specify
// the uri of the proxy.
"acs": {
"endpoints": [{
"uri": "https://dogma-example.linecorp.com/saml/acs/post",
"binding": "HTTP_POST"
}, {
"uri": "https://dogma-example.linecorp.com/saml/acs/redirect",
"binding": "HTTP_REDIRECT"
}]
},
"idp": {
"entityId": "...the identity provider ID...",
"uri": "https://idp-example.linecorp.com/saml/sso",
"binding": "HTTP_POST or HTTP_REDIRECT (optional)",
"signingKey": "...the name of signing certificate (optional)...",
"encryptionKey": "...the name of encryption certificate (optional)...",
"subjectLoginNameIdFormat":
"...the name ID format of a subject which holds a login name (optional)...",
"attributeLoginName": "...the attribute name which holds a login name (optional)..."
}
}
}
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classAssertion Consumer Service (ACS) configuration.static classAn identity provider (IdP) configuration.static classA configuration for the keystore. -
Constructor Summary
ConstructorsConstructorDescriptionSamlAuthProperties(String entityId, String hostname, @Nullable String signingKey, @Nullable String encryptionKey, SamlAuthProperties.KeyStore keyStore, @Nullable SamlAuthProperties.Acs acs, SamlAuthProperties.Idp idp) Creates a new instance.SamlAuthProperties(String entityId, String hostname, @Nullable String signingKey, @Nullable String encryptionKey, SamlAuthProperties.KeyStore keyStore, @Nullable SamlAuthProperties.Acs acs, SamlAuthProperties.Idp idp, boolean signatureRequired) Creates a new instance. -
Method Summary
Modifier and TypeMethodDescriptionbooleanReturnstrueif the signature is required for the SAML messages.toString()
-
Constructor Details
-
SamlAuthProperties
public SamlAuthProperties(String entityId, String hostname, @Nullable String signingKey, @Nullable String encryptionKey, SamlAuthProperties.KeyStore keyStore, @Nullable SamlAuthProperties.Acs acs, SamlAuthProperties.Idp idp) Creates a new instance. -
SamlAuthProperties
public SamlAuthProperties(String entityId, String hostname, @Nullable String signingKey, @Nullable String encryptionKey, SamlAuthProperties.KeyStore keyStore, @Nullable SamlAuthProperties.Acs acs, SamlAuthProperties.Idp idp, boolean signatureRequired) Creates a new instance.
-
-
Method Details
-
signatureRequired
public boolean signatureRequired()Returnstrueif the signature is required for the SAML messages. This is only used for testing. -
toString
-