import type { SamlPreferences } from '@n8n/api-types';
import { Logger } from '@n8n/backend-common';
import type { User } from '@n8n/db';
import { SettingsRepository, UserRepository } from '@n8n/db';
import type express from 'express';
import { Cipher, InstanceSettings } from 'n8n-core';
import { type IdentityProviderInstance, type ServiceProviderInstance } from 'samlify';
import type { BindingContext, PostBindingContext } from 'samlify/types/src/entity';
import { ProvisioningService } from '../../modules/provisioning.ee/provisioning.service.ee';
import { CacheService } from '../../services/cache/cache.service';
import { UrlService } from '../../services/url.service';
import { SamlValidator } from './saml-validator';
import type { SamlLoginBinding, SamlUserAttributes } from './types';
export declare class SamlService {
    private readonly logger;
    private readonly urlService;
    private readonly validator;
    private readonly userRepository;
    private readonly settingsRepository;
    private readonly instanceSettings;
    private readonly provisioningService;
    private readonly cipher;
    private readonly cacheService;
    private identityProviderInstance;
    private samlify;
    private _samlPreferences;
    get samlPreferences(): SamlPreferences;
    constructor(logger: Logger, urlService: UrlService, validator: SamlValidator, userRepository: UserRepository, settingsRepository: SettingsRepository, instanceSettings: InstanceSettings, provisioningService: ProvisioningService, cipher: Cipher, cacheService: CacheService);
    isSignedSamlRequestsEnabled(): boolean;
    private getDecryptedSigningPrivateKey;
    private isValidPemPrivateKey;
    private isValidPemCertificate;
    private validateKeyPairMatch;
    private validateSigningKeyConfiguration;
    init(): Promise<void>;
    loadSamlify(): Promise<void>;
    getIdentityProviderInstance(forceRecreate?: boolean): IdentityProviderInstance;
    getServiceProviderInstance(): ServiceProviderInstance;
    getLoginRequestUrl(relayState?: string, binding?: SamlLoginBinding, metadata?: string): Promise<{
        binding: SamlLoginBinding;
        context: BindingContext | PostBindingContext;
    }>;
    storePendingTestConfig(metadata: string): Promise<string>;
    consumePendingTestConfig(testId: string): Promise<string | undefined>;
    private createIdentityProviderFromMetadata;
    handleSamlLogin(req: express.Request, binding: SamlLoginBinding, metadataOverride?: string): Promise<{
        authenticatedUser: User | undefined;
        attributes: SamlUserAttributes;
        rawAttributes: Record<string, unknown>;
        onboardingRequired: boolean;
    }>;
    private applySsoProvisioning;
    private broadcastReloadSAMLConfigurationCommand;
    private isReloading;
    reload(): Promise<void>;
    setSamlPreferences(prefs: Partial<SamlPreferences>, tryFallback?: boolean, broadcastReload?: boolean): Promise<SamlPreferences | undefined>;
    private applyLoadedPreferences;
    loadPreferencesWithoutValidation(prefs: Partial<SamlPreferences>): Promise<void>;
    loadFromDbAndApplySamlPreferences(apply?: boolean, broadcastReload?: boolean): Promise<SamlPreferences | undefined>;
    saveSamlPreferencesToDb(): Promise<SamlPreferences | undefined>;
    fetchMetadataFromUrl(metadataUrl?: string, ignoreSSL?: boolean): Promise<string | undefined>;
    getAttributesFromLoginResponse(req: express.Request, binding: SamlLoginBinding, metadataOverride?: string): Promise<{
        mapped: SamlUserAttributes;
        raw: Record<string, unknown>;
    }>;
    reset(): Promise<void>;
}