Package com.ngrok.definitions

Class EndpointSaml

java.lang.Object
com.ngrok.definitions.EndpointSaml
public class EndpointSaml extends Object
A class encapsulating the EndpointSaml resource.

  • Constructor Details

    • EndpointSaml

      public EndpointSaml(Optional<Boolean> enabled, Boolean optionsPassthrough, String cookiePrefix, Long inactivityTimeout, Duration maximumDuration, String idpMetadata, Boolean forceAuthn, Optional<Boolean> allowIdpInitiated, List<String> authorizedGroups, String entityId, URI assertionConsumerServiceUrl, URI singleLogoutUrl, String requestSigningCertificatePem, URI metadataUrl, String nameidFormat)
      Creates a new instance of EndpointSaml.
      Parameters:
      enabled - true if the module will be applied to traffic, false to disable. default true if unspecified
      optionsPassthrough - Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
      cookiePrefix - the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
      inactivityTimeout - Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
      maximumDuration - Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
      idpMetadata - The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
      forceAuthn - If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
      allowIdpInitiated - If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
      authorizedGroups - If present, only users who are a member of one of the listed groups may access the target endpoint.
      entityId - The SP Entity's unique ID. This always takes the form of a URL. In ngrok's implementation, this URL is the same as the metadata URL. This will need to be specified to the IdP as configuration.
      assertionConsumerServiceUrl - The public URL of the SP's Assertion Consumer Service. This is where the IdP will redirect to during an authentication flow. This will need to be specified to the IdP as configuration.
      singleLogoutUrl - The public URL of the SP's Single Logout Service. This is where the IdP will redirect to during a single logout flow. This will optionally need to be specified to the IdP as configuration.
      requestSigningCertificatePem - PEM-encoded x.509 certificate of the key pair that is used to sign all SAML requests that the ngrok SP makes to the IdP. Many IdPs do not support request signing verification, but we highly recommend specifying this in the IdP's configuration if it is supported.
      metadataUrl - A public URL where the SP's metadata is hosted. If an IdP supports dynamic configuration, this is the URL it can use to retrieve the SP metadata.
      nameidFormat - Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.

  • Method Details

    • getEnabled

      public Optional<Boolean> getEnabled()
      true if the module will be applied to traffic, false to disable. default true if unspecified
      Returns:
      the value of the property as a boolean wrapped in an Optional

    • getOptionsPassthrough

      public boolean getOptionsPassthrough()
      Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
      Returns:
      the value of the property as a boolean

    • getCookiePrefix

      public String getCookiePrefix()
      the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'
      Returns:
      the value of the property as a String

    • getInactivityTimeout

      public long getInactivityTimeout()
      Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
      Returns:
      the value of the property as a long

    • getMaximumDuration

      public Duration getMaximumDuration()
      Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
      Returns:
      the value of the property as a Duration

    • getIdpMetadata

      public String getIdpMetadata()
      The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.
      Returns:
      the value of the property as a String

    • getForceAuthn

      public boolean getForceAuthn()
      If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.
      Returns:
      the value of the property as a boolean

    • getAllowIdpInitiated

      public Optional<Boolean> getAllowIdpInitiated()
      If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.
      Returns:
      the value of the property as a boolean wrapped in an Optional

    • getAuthorizedGroups

      public List<String> getAuthorizedGroups()
      If present, only users who are a member of one of the listed groups may access the target endpoint.
      Returns:
      the value of the property as a List of String

    • getEntityId

      public String getEntityId()
      The SP Entity's unique ID. This always takes the form of a URL. In ngrok's implementation, this URL is the same as the metadata URL. This will need to be specified to the IdP as configuration.
      Returns:
      the value of the property as a String

    • getAssertionConsumerServiceUrl

      public URI getAssertionConsumerServiceUrl()
      The public URL of the SP's Assertion Consumer Service. This is where the IdP will redirect to during an authentication flow. This will need to be specified to the IdP as configuration.
      Returns:
      the value of the property as a URI

    • getSingleLogoutUrl

      public URI getSingleLogoutUrl()
      The public URL of the SP's Single Logout Service. This is where the IdP will redirect to during a single logout flow. This will optionally need to be specified to the IdP as configuration.
      Returns:
      the value of the property as a URI

    • getRequestSigningCertificatePem

      public String getRequestSigningCertificatePem()
      PEM-encoded x.509 certificate of the key pair that is used to sign all SAML requests that the ngrok SP makes to the IdP. Many IdPs do not support request signing verification, but we highly recommend specifying this in the IdP's configuration if it is supported.
      Returns:
      the value of the property as a String

    • getMetadataUrl

      public URI getMetadataUrl()
      A public URL where the SP's metadata is hosted. If an IdP supports dynamic configuration, this is the URL it can use to retrieve the SP metadata.
      Returns:
      the value of the property as a URI

    • getNameidFormat

      public String getNameidFormat()
      Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.
      Returns:
      the value of the property as a String

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object