public class SamlProtocol extends Object implements LoginProtocol
Modifier and Type | Class and Description |
---|---|
static class |
SamlProtocol.ProtocolMapperProcessor<T> |
LoginProtocol.Error
Constructor and Description |
---|
SamlProtocol() |
Modifier and Type | Method and Description |
---|---|
javax.ws.rs.core.Response |
authenticated(UserSessionModel userSession,
ClientSessionCode accessCode) |
void |
backchannelLogout(UserSessionModel userSession,
ClientSessionModel clientSession) |
protected javax.ws.rs.core.Response |
buildAuthenticatedResponse(ClientSessionModel clientSession,
String redirectUri,
Document samlDocument,
JaxrsSAML2BindingBuilder bindingBuilder) |
protected javax.ws.rs.core.Response |
buildErrorResponse(ClientSessionModel clientSession,
JaxrsSAML2BindingBuilder binding,
Document document) |
protected javax.ws.rs.core.Response |
buildLogoutResponse(UserSessionModel userSession,
String logoutBindingUri,
SAML2LogoutResponseBuilder builder,
JaxrsSAML2BindingBuilder binding) |
void |
close() |
protected SAML2LogoutRequestBuilder |
createLogoutRequest(String logoutUrl,
ClientSessionModel clientSession,
ClientModel client) |
javax.ws.rs.core.Response |
finishLogout(UserSessionModel userSession) |
javax.ws.rs.core.Response |
frontchannelLogout(UserSessionModel userSession,
ClientSessionModel clientSession) |
static String |
getLogoutServiceUrl(javax.ws.rs.core.UriInfo uriInfo,
ClientModel client,
String bindingType) |
protected String |
getNameId(String nameIdFormat,
ClientSessionModel clientSession,
UserSessionModel userSession) |
protected String |
getNameIdFormat(SamlClient samlClient,
ClientSessionModel clientSession) |
protected String |
getPersistentNameId(ClientSessionModel clientSession,
UserSessionModel userSession)
Attempts to retrieve the persistent type NameId as follows:
saml.persistent.name.id.for.$clientId user attribute
saml.persistent.name.id.for.* user attribute
G-$randomUuid
If a randomUuid is generated, an attribute for the given saml.persistent.name.id.for.$clientId will be generated,
otherwise no state change will occur with respect to the user's attributes.
|
protected String |
getResponseIssuer(RealmModel realm) |
protected boolean |
isLogoutPostBindingForClient(ClientSessionModel clientSession) |
static boolean |
isLogoutPostBindingForInitiator(UserSessionModel session) |
protected boolean |
isPostBinding(ClientSessionModel clientSession) |
AttributeStatementType |
populateAttributeStatements(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers,
KeycloakSession session,
UserSessionModel userSession,
ClientSessionModel clientSession) |
void |
populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper,
KeycloakSession session,
UserSessionModel userSession,
ClientSessionModel clientSession,
AttributeStatementType existingAttributeStatement) |
boolean |
requireReauthentication(UserSessionModel userSession,
ClientSessionModel clientSession) |
javax.ws.rs.core.Response |
sendError(ClientSessionModel clientSession,
LoginProtocol.Error error) |
SamlProtocol |
setEventBuilder(EventBuilder event) |
SamlProtocol |
setHttpHeaders(javax.ws.rs.core.HttpHeaders headers) |
SamlProtocol |
setRealm(RealmModel realm) |
SamlProtocol |
setSession(KeycloakSession session) |
SamlProtocol |
setUriInfo(javax.ws.rs.core.UriInfo uriInfo) |
ResponseType |
transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers,
ResponseType response,
KeycloakSession session,
UserSessionModel userSession,
ClientSessionModel clientSession) |
protected static final org.jboss.logging.Logger logger
public static final String ATTRIBUTE_TRUE_VALUE
public static final String ATTRIBUTE_FALSE_VALUE
public static final String SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE
public static final String SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE
public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE
public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE
public static final String LOGIN_PROTOCOL
public static final String SAML_BINDING
public static final String SAML_IDP_INITIATED_LOGIN
public static final String SAML_POST_BINDING
public static final String SAML_SOAP_BINDING
public static final String SAML_REDIRECT_BINDING
public static final String SAML_REQUEST_ID
public static final String SAML_LOGOUT_BINDING
public static final String SAML_LOGOUT_REQUEST_ID
public static final String SAML_LOGOUT_RELAY_STATE
public static final String SAML_LOGOUT_CANONICALIZATION
public static final String SAML_LOGOUT_BINDING_URI
public static final String SAML_LOGOUT_SIGNATURE_ALGORITHM
public static final String SAML_NAME_ID
public static final String SAML_NAME_ID_FORMAT
public static final String SAML_DEFAULT_NAMEID_FORMAT
public static final String SAML_PERSISTENT_NAME_ID_FOR
public static final String SAML_IDP_INITIATED_SSO_RELAY_STATE
public static final String SAML_IDP_INITIATED_SSO_URL_NAME
protected KeycloakSession session
protected RealmModel realm
protected javax.ws.rs.core.UriInfo uriInfo
protected javax.ws.rs.core.HttpHeaders headers
protected EventBuilder event
public SamlProtocol setSession(KeycloakSession session)
setSession
in interface LoginProtocol
public SamlProtocol setRealm(RealmModel realm)
setRealm
in interface LoginProtocol
public SamlProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)
setUriInfo
in interface LoginProtocol
public SamlProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)
setHttpHeaders
in interface LoginProtocol
public SamlProtocol setEventBuilder(EventBuilder event)
setEventBuilder
in interface LoginProtocol
public javax.ws.rs.core.Response sendError(ClientSessionModel clientSession, LoginProtocol.Error error)
sendError
in interface LoginProtocol
protected javax.ws.rs.core.Response buildErrorResponse(ClientSessionModel clientSession, JaxrsSAML2BindingBuilder binding, Document document) throws ConfigurationException, ProcessingException, IOException
protected String getResponseIssuer(RealmModel realm)
protected boolean isPostBinding(ClientSessionModel clientSession)
public static boolean isLogoutPostBindingForInitiator(UserSessionModel session)
protected boolean isLogoutPostBindingForClient(ClientSessionModel clientSession)
protected String getNameIdFormat(SamlClient samlClient, ClientSessionModel clientSession)
protected String getNameId(String nameIdFormat, ClientSessionModel clientSession, UserSessionModel userSession)
protected String getPersistentNameId(ClientSessionModel clientSession, UserSessionModel userSession)
public javax.ws.rs.core.Response authenticated(UserSessionModel userSession, ClientSessionCode accessCode)
authenticated
in interface LoginProtocol
protected javax.ws.rs.core.Response buildAuthenticatedResponse(ClientSessionModel clientSession, String redirectUri, Document samlDocument, JaxrsSAML2BindingBuilder bindingBuilder) throws ConfigurationException, ProcessingException, IOException
public AttributeStatementType populateAttributeStatements(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)
public ResponseType transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers, ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)
public void populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession, AttributeStatementType existingAttributeStatement)
public static String getLogoutServiceUrl(javax.ws.rs.core.UriInfo uriInfo, ClientModel client, String bindingType)
public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession)
frontchannelLogout
in interface LoginProtocol
public javax.ws.rs.core.Response finishLogout(UserSessionModel userSession)
finishLogout
in interface LoginProtocol
protected javax.ws.rs.core.Response buildLogoutResponse(UserSessionModel userSession, String logoutBindingUri, SAML2LogoutResponseBuilder builder, JaxrsSAML2BindingBuilder binding) throws ConfigurationException, ProcessingException, IOException
public void backchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession)
backchannelLogout
in interface LoginProtocol
protected SAML2LogoutRequestBuilder createLogoutRequest(String logoutUrl, ClientSessionModel clientSession, ClientModel client)
public boolean requireReauthentication(UserSessionModel userSession, ClientSessionModel clientSession)
requireReauthentication
in interface LoginProtocol
Copyright © 2016 JBoss by Red Hat. All rights reserved.