2 * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package edu.internet2.middleware.shibboleth.common;
23 * Defines a relationship between service providers and an identity provider. In Shibboleth parlance, a relying party
24 * represents a SP or group of SPs (perhaps a federation).
26 * @author Walter Hoehn
28 public interface RelyingParty extends ServiceProvider {
31 * Returns the name of the relying party. If the relying party is a Shibboleth SP (not a group), this function
32 * returns the same thing as {@link #getProviderId}.
34 * @return name of the relying party
36 public String getName();
39 * Returns the appropriate identity provider to create assertions for this relying party.
41 * @return the identity provider
43 public IdentityProvider getIdentityProvider();
46 * Returns an array of identifiers for looking up the name mappings to be used when responding to queries from this
47 * {@link RelyingParty}. The array is ordered by the preference that should be given to use of the given name
50 * @return the ids of the mappers
52 public String[] getNameMapperIds();
55 * Returns a boolean indication of whether this {@link RelyingParty}is running <= Shibboleth v1.1. Used to
56 * ensure backward compatibility.
58 public boolean isLegacyProvider();
61 * Returns the location of the Shibboleth Attribute Authority that should answer requests for this
62 * {@link RelyingParty}.
66 public URL getAAUrl();
69 * The authentication method that should be included in assertions to the {@link RelyingParty}, if one is not found
70 * in HTTP request headers.
72 * @return the identifier for the method
74 public URI getDefaultAuthMethod();
77 * A boolean indication of whether internal errors should be transmitted to this {@link RelyingParty}
79 public boolean passThruErrors();
82 * A boolean indication of whether attributes should be pushed without regard for the profile (POST vs. Artifact).
83 * This should be be mutually exclusive with forceAttributeNoPush().
85 public boolean forceAttributePush();
88 * A boolean indication of whether attributes should be NOT pushed without regard for the profile (POST vs.
91 public boolean forceAttributeNoPush();
94 * A boolean indication of whether the default SSO browser profile should be POST or Artifact. "true" indicates POST
95 * and "false" indicates Artifact.
97 public boolean defaultToPOSTProfile();
100 * A boolean indication of whether assertions issued to this Relying Party should be digitally signed (This is in
101 * addition to profile-specific signing).
103 public boolean wantsAssertionsSigned();
106 * A boolean indication of whether attributes sent with an authentication response should be included in the same
107 * assertion or left in a second assertion for compatibility with broken SAML products.
109 public boolean singleAssertion();
112 * Returns the type of SAML Artifact that this appropriate for use with this Relying Party.
114 public int getPreferredArtifactType();
117 * Returns the default "TARGET" attribute to be used with the artifact profile or null if none is specified.
119 public String getDefaultTarget();
122 * Boolean indicator of whether or not the legacy schema hack should be used. Older versions of xerces require
123 * (xsi:type="typens:AttributeValueType") on the attribute value to get around a validation bug.
125 public boolean wantsSchemaHack();