--- /dev/null
+/*
+ * AttributeAuthorityRole.java
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+import org.opensaml.SAMLAttributeDesignator;
+
+/**
+ * @author Howard Gilbert
+ */
+public interface AttributeAuthorityRole extends ProviderRole {
+
+ Endpoint[] getAttributeServices();
+ SAMLAttributeDesignator[] getAttributeDesignators();
+
+}
package edu.internet2.middleware.shibboleth.metadata;
/**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "EndpointType".
+ * </p><p>
+ * "The complex type EndpointType describes a SAML protocol binding endpoint
+ * at which a SAML entity can be sent protocol messages." That is, it is
+ * to SAML what a URL is to HTTP, the address of one end of a conversation.
+ * The exact meaning depends on the SAML binding (is this a Browser POST,
+ * a Web Service request, or what).
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
public interface Endpoint {
- public String getBinding();
+ public String getBinding(); // URI identifying a SAML binding
- public String getVersion();
+ public String getLocation(); // URI(URL) of the message destination
- public String getLocation();
-
- public String getResponseLocation();
+ public String getResponseLocation(); // optional second URI(URL) destination
}
--- /dev/null
+/*
+ * EntityDescriptor.java
+ *
+ * Simplify the transition to SAML 2 by allowing the obsolete
+ * "Provider" interface to be called by its new name "EntityDescriptor".
+ * Can be used to add or rename fields while writing code that
+ * implements the new interface while continuing to support the old.
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+/**
+ * @author Howard Gilbert
+ */
+public abstract class EntityDescriptor implements Provider {
+
+ /**
+ * Scan the array of Roles, return instance of a particular type
+ * @param type Sub-Class of ProviderRole
+ * @return instance of the type
+ */
+ public ProviderRole getRoleByType(Class type) {
+
+ ProviderRole[] roles = this.getRoles();
+ for (int i=0;i<roles.length;i++) {
+ ProviderRole role = roles[i];
+ if (type.isInstance(role))
+ return role;
+ }
+ return null;
+ }
+
+ public
+ AttributeAuthorityRole
+ getAttributeAuthorityRole(){
+ AttributeAuthorityRole aa = (AttributeAuthorityRole) getRoleByType(AttributeAuthorityRole.class);
+ return aa;
+ }
+
+ public
+ IDPProviderRole
+ getHandleServer() {
+ IDPProviderRole hs = (IDPProviderRole) getRoleByType(IDPProviderRole.class);
+ return hs;
+ }
+
+
+
+}
--- /dev/null
+/*
+ * EntityLocator.java
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+/**
+ * @author Howard Gilbert
+ */
+public interface EntityLocator extends Metadata {
+
+ EntityDescriptor getEntityDescriptor(String id);
+
+}
--- /dev/null
+/*
+ * IDPProviderRole.java
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+/**
+ * ID Service (HS)
+ *
+ * @author Howard Gilbert
+ */
+public interface IDPProviderRole extends ProviderRole {
+
+}
import org.apache.xml.security.keys.KeyInfo;
/**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "KeyDescriptorType".
+ * </p><p>
+ * Provides information about the cryptographic keys that an EntityDescriptor/Provider
+ * uses to sign data. However, this is nested inside a RoleDescriptor
+ * instead of appearing at the EntityDescriptor level.
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
public int getUse();
- public String getEncryptionMethod();
-
- public int getKeySize();
+ public String[] getEncryptionMethod();
public KeyInfo[] getKeyInfo();
}
package edu.internet2.middleware.shibboleth.metadata;
/**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "EntityDescriptorType".
+ * </p><p>
+ * Entities are campuses or departments with either an origin or target
+ * infrastructure (or both). Each implemented component (HS, AA, SHAR)
+ * has a Role definition with URLs and PKI to locate and authenticate
+ * the provider of that role. Although the Metadata may define all
+ * roles, target code tends to build objects describing origins, and
+ * origins are only interested in targets.
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
public interface Provider {
- public String getId();
+ public String getId(); // Unique ID used as global key of Provider
- public String[] getGroups();
+ public String[] getGroups(); // Groups in which this Provider is nested
- public ContactPerson[] getContacts();
+ public ContactPerson[] getContacts(); // People
- public ProviderRole[] getRoles();
+ public ProviderRole[] getRoles(); // HS, AA, SHAR, ... definitions
}
import java.net.URL;
/**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "RoleDescriptorType".
+ * </p><p>
+ * A child of the EntityDescriptor element (the Provider object).
+ * Example Roles are IDP (Identity Provider), Authentication Authority (HS),
+ * Attribute Authority (AA), Attribute Requestor (SHAR), ...
+ *
+ * The only role supported in the Origin is
+ * AuthenticationAssertionConsumerService (formerly know as SHIRE)
+ * [not formally part of the SAML 2 Metadata standard].
+ * For this there is a special extension of SPProviderRole.
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
public interface ProviderRole {
- public Provider getProvider();
+ public Provider getProvider(); // find parent EntityDescriptor/Provider
public String[] getProtocolSupport();
--- /dev/null
+/*
+ * SAML2Metadata.java
+ *
+ * Shibboleth constants used in SAML 2.0 Metadata files
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+
+public class SAML2Metadata {
+ public static final String xmlns = "urn:oasis:names:tc:SAML:2.0:metadata";
+ public static final String schema = "sstc-saml-schema-metadata-2.0.xsd";
+ public static final String assertionns = "urn:oasis:names:tc:SAML:2.0:assertion";
+ public static final String saml1protocol = "urn:oasis:names:tc:SAML:1.0:protocol";
+ public static final String shib1protocol = "urn:mace:shibboleth:1.0";
+ public static final String shib1Binding ="urn:mace:shibboleth:1.0";
+ public static final String SAML1Binding ="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding";
+ public static final String POST1Binding ="urn:oasis:names:tc:SAML:1.0:profiles:browser-post";
+ public static final String handleNameIDFormat = "urn:mace:shibboleth:1.0:nameIdentifier";
+
+}