48 SamlClient samlClient =
new SamlClient(client);
49 String idpEntityId = RealmsResource.realmBaseUrl(UriBuilder.fromUri(serverBaseUri)).build(realm.getName()).toString();
50 String bindUrl = RealmsResource.protocolUrl(UriBuilder.fromUri(serverBaseUri)).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString();
51 StringBuilder sb =
new StringBuilder();
52 sb.append(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" 53 +
"<EntityDescriptor entityID=\"").append(idpEntityId).append(
"\"\n" 54 +
" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n" 55 +
" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\"\n" 56 +
" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" 57 +
" <IDPSSODescriptor WantAuthnRequestsSigned=\"")
58 .append(samlClient.requiresClientSignature())
60 +
" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
63 sb.append(
" <SingleLogoutService\n" 64 +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" 65 +
" Location=\"").append(bindUrl).append(
"\" />\n");
66 if (! samlClient.forcePostBinding()) {
67 sb.append(
" <SingleLogoutService\n" 68 +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" 69 +
" Location=\"").append(bindUrl).append(
"\" />\n");
72 if (samlClient.forceNameIDFormat() && samlClient.getNameIDFormat() != null) {
73 sb.append(
" <NameIDFormat>").append(samlClient.getNameIDFormat()).append(
"</NameIDFormat>\n");
75 sb.append(
" <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n" 76 +
" <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n" 77 +
" <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n" 78 +
" <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n");
82 +
" <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" 83 +
" Location=\"").append(bindUrl).append(
"\" />\n");
84 if (! samlClient.forcePostBinding()) {
85 sb.append(
" <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" 86 +
" Location=\"").append(bindUrl).append(
"\" />\n");
91 Set<RsaKeyMetadata> keys =
new TreeSet<>((o1, o2) -> o1.getStatus() == o2.getStatus()
92 ? (int) (o2.getProviderPriority() - o1.getProviderPriority())
93 : (o1.getStatus() == KeyStatus.PASSIVE ? 1 : -1));
94 keys.addAll(session.keys().getRsaKeys(realm));
95 for (RsaKeyMetadata key : keys) {
99 sb.append(
" </IDPSSODescriptor>\n" 100 +
"</EntityDescriptor>\n");
101 return sb.toString();
static void addKeyInfo(StringBuilder target, RsaKeyMetadata key, String purpose)
Definition: SamlIDPDescriptorClientInstallation.java:104