org.keycloak.protocol.saml

Class SamlProtocolUtils

java.lang.Object

org.keycloak.protocol.saml.SamlProtocolUtils

public class SamlProtocolUtils
extends Object

Version:

$Revision: 1 $

Author:

Bill Burke

Constructor Summary

Constructors

Constructor and Description
SamlProtocolUtils()

Method Summary

Modifier and Type	Method and Description
static ArtifactResponseType	buildArtifactResponse(Document document) Takes a saml document and inserts it as a body of ArtifactResponseType
static ArtifactResponseType	buildArtifactResponse(SAML2Object samlObject, NameIDType issuer) Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse.
static ArtifactResponseType	buildArtifactResponse(SAML2Object samlObject, NameIDType issuer, URI statusCode) Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse.
static Document	convert(ArtifactResponseType responseType) Convert a SAML2 ArtifactResponse into a Document
static PublicKey	getEncryptionKey(ClientModel client) Returns public part of SAML encryption key from the client settings.
static PublicKey	getPublicKey(ClientModel client, String attribute)
static PublicKey	getSignatureValidationKey(ClientModel client) Returns public part of SAML signing key from the client settings.
static void	verifyDocumentSignature(ClientModel client, Document document) Verifies a signature of the given SAML document using settings for the given client.
static void	verifyDocumentSignature(Document document, KeyLocator keyLocator) Verifies a signature of the given SAML document using keys obtained from the given key locator.
static void	verifyRedirectSignature(SAMLDocumentHolder documentHolder, KeyLocator locator, javax.ws.rs.core.MultivaluedMap<String,String> encodedParams, String paramKey)
static void	verifyRedirectSignature(SAMLDocumentHolder documentHolder, KeyLocator locator, javax.ws.rs.core.UriInfo uriInformation, String paramKey)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SamlProtocolUtils

public SamlProtocolUtils()

Method Detail

verifyDocumentSignature

public static void verifyDocumentSignature(ClientModel client,
                                           Document document)
                                    throws VerificationException

Verifies a signature of the given SAML document using settings for the given client. Throws an exception if the client signature is expected to be present as per the client settings and it is invalid, otherwise returns back to the caller.

Parameters:

client -

document -

Throws:

VerificationException

verifyDocumentSignature

public static void verifyDocumentSignature(Document document,
                                           KeyLocator keyLocator)
                                    throws VerificationException

Verifies a signature of the given SAML document using keys obtained from the given key locator. Throws an exception if the client signature is invalid, otherwise returns back to the caller.

Parameters:

document -

keyLocator -

Throws:

VerificationException

getSignatureValidationKey

public static PublicKey getSignatureValidationKey(ClientModel client)
                                           throws VerificationException

Returns public part of SAML signing key from the client settings.

Parameters:

client -

Returns:

Public key for signature validation.

Throws:

VerificationException

getEncryptionKey

public static PublicKey getEncryptionKey(ClientModel client)
                                  throws VerificationException

Returns public part of SAML encryption key from the client settings.

Parameters:

client -

Returns:

Public key for encryption.

Throws:

VerificationException

getPublicKey

public static PublicKey getPublicKey(ClientModel client,
                                     String attribute)
                              throws VerificationException

Throws:

VerificationException

verifyRedirectSignature

public static void verifyRedirectSignature(SAMLDocumentHolder documentHolder,
                                           KeyLocator locator,
                                           javax.ws.rs.core.UriInfo uriInformation,
                                           String paramKey)
                                    throws VerificationException

Throws:

VerificationException

verifyRedirectSignature

public static void verifyRedirectSignature(SAMLDocumentHolder documentHolder,
                                           KeyLocator locator,
                                           javax.ws.rs.core.MultivaluedMap<String,String> encodedParams,
                                           String paramKey)
                                    throws VerificationException

Throws:

VerificationException

buildArtifactResponse

public static ArtifactResponseType buildArtifactResponse(SAML2Object samlObject,
                                                         NameIDType issuer,
                                                         URI statusCode)
                                                  throws ConfigurationException,
                                                         ProcessingException

Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType

Parameters:

samlObject - a Saml object

issuer - issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObject

statusCode - status code of the resulting response

Returns:

An ArtifactResponse containing the saml object.

Throws:

ConfigurationException

ProcessingException

buildArtifactResponse

public static ArtifactResponseType buildArtifactResponse(SAML2Object samlObject,
                                                         NameIDType issuer)
                                                  throws ConfigurationException,
                                                         ProcessingException

Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType

Parameters:

samlObject - a Saml object

issuer - issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObject

Returns:

An ArtifactResponse containing the saml object.

Throws:

ConfigurationException

ProcessingException

buildArtifactResponse

public static ArtifactResponseType buildArtifactResponse(Document document)
                                                  throws ParsingException,
                                                         ProcessingException,
                                                         ConfigurationException

Takes a saml document and inserts it as a body of ArtifactResponseType

Parameters:

document - the document

Returns:

An ArtifactResponse containing the saml document.

Throws:

ParsingException

ProcessingException

ConfigurationException

convert

public static Document convert(ArtifactResponseType responseType)
                        throws ProcessingException,
                               ConfigurationException,
                               ParsingException

Convert a SAML2 ArtifactResponse into a Document

Parameters:

responseType - an artifactResponse

Returns:

an artifact response converted to a Document

Throws:

ParsingException

ConfigurationException

ProcessingException