org.keycloak.protocol.saml

Class SamlService

java.lang.Object

org.keycloak.protocol.AuthorizationEndpointBase

org.keycloak.protocol.saml.SamlService

Direct Known Subclasses:

SamlEcpProfileService

public class SamlService
extends AuthorizationEndpointBase

Resource class for the saml connect token service

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	SamlService.BindingProtocol
protected class	SamlService.PostBindingProtocol
protected class	SamlService.RedirectBindingProtocol

Field Summary

Fields

Modifier and Type	Field and Description
static String	ARTIFACT_RESOLUTION_SERVICE_PATH
protected static org.jboss.logging.Logger	logger

Fields inherited from class org.keycloak.protocol.AuthorizationEndpointBase

APP_INITIATED_FLOW, authManager, clientConnection, event, headers, httpRequest, realm, session

Constructor Summary

Constructors

Constructor and Description
SamlService(RealmModel realm, EventBuilder event, DestinationValidator destinationValidator)

Method Summary

Modifier and Type	Method and Description
javax.ws.rs.core.Response	artifactResolutionService(InputStream inputStream) Handles SOAP messages.
javax.ws.rs.core.Response	artifactResolve(ArtifactResolveType artifactResolveMessage, SAMLDocumentHolder artifactResolveHolder) Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.
static int	compareKeys(KeyWrapper o1, KeyWrapper o2)
String	getDescriptor()
static String	getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, KeycloakSession session, RealmModel realm)
AuthenticationSessionModel	getOrCreateLoginSessionForIdpInitiatedSso(KeycloakSession session, RealmModel realm, ClientModel client, String relayState) Creates a client session object for SAML IdP-initiated SSO session.
javax.ws.rs.core.Response	idpInitiatedSSO(String clientUrlName, String relayState)
protected javax.ws.rs.core.Response	newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)
protected javax.ws.rs.core.Response	newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)
SamlService.PostBindingProtocol	newPostBindingProtocol()
SamlService.RedirectBindingProtocol	newRedirectBindingProtocol()
void	postBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)
void	redirectBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)
javax.ws.rs.core.Response	soapBinding(InputStream inputStream) Handles SOAP messages.

Methods inherited from class org.keycloak.protocol.AuthorizationEndpointBase

checkRealm, checkSsl, createAuthenticationSession, createProcessor, getAuthenticationFlow, handleBrowserAuthenticationRequest

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

ARTIFACT_RESOLUTION_SERVICE_PATH

public static final String ARTIFACT_RESOLUTION_SERVICE_PATH

See Also:

Constant Field Values

Constructor Detail

SamlService

public SamlService(RealmModel realm,
                   EventBuilder event,
                   DestinationValidator destinationValidator)

Method Detail

newBrowserAuthentication

protected javax.ws.rs.core.Response newBrowserAuthentication(AuthenticationSessionModel authSession,
                                                             boolean isPassive,
                                                             boolean redirectToAuthentication)

newBrowserAuthentication

protected javax.ws.rs.core.Response newBrowserAuthentication(AuthenticationSessionModel authSession,
                                                             boolean isPassive,
                                                             boolean redirectToAuthentication,
                                                             SamlProtocol samlProtocol)

newRedirectBindingProtocol

public SamlService.RedirectBindingProtocol newRedirectBindingProtocol()

newPostBindingProtocol

public SamlService.PostBindingProtocol newPostBindingProtocol()

redirectBinding

@GET
public void redirectBinding(@Suspended
                                 javax.ws.rs.container.AsyncResponse asyncResponse,
                                 @QueryParam(value="SAMLRequest")
                                 String samlRequest,
                                 @QueryParam(value="SAMLResponse")
                                 String samlResponse,
                                 @QueryParam(value="RelayState")
                                 String relayState,
                                 @QueryParam(value="SAMLart")
                                 String artifact)

postBinding

@POST
 @Consumes(value="application/x-www-form-urlencoded")
public void postBinding(@Suspended
                                                                                    javax.ws.rs.container.AsyncResponse asyncResponse,
                                                                                    @FormParam(value="SAMLRequest")
                                                                                    String samlRequest,
                                                                                    @FormParam(value="SAMLResponse")
                                                                                    String samlResponse,
                                                                                    @FormParam(value="RelayState")
                                                                                    String relayState,
                                                                                    @FormParam(value="SAMLart")
                                                                                    String artifact)

getDescriptor

@GET
 @Path(value="descriptor")
 @Produces(value="application/xml")
public String getDescriptor()
                                                                                         throws Exception

Throws:

Exception

getIDPMetadataDescriptor

public static String getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo,
                                              KeycloakSession session,
                                              RealmModel realm)

compareKeys

public static int compareKeys(KeyWrapper o1,
                              KeyWrapper o2)

idpInitiatedSSO

@GET
 @Path(value="clients/{client}")
 @Produces(value="text/html; charset=utf-8")
public javax.ws.rs.core.Response idpInitiatedSSO(@PathParam(value="client")
                                                                                                                                    String clientUrlName,
                                                                                                                                    @QueryParam(value="RelayState")
                                                                                                                                    String relayState)

getOrCreateLoginSessionForIdpInitiatedSso

public AuthenticationSessionModel getOrCreateLoginSessionForIdpInitiatedSso(KeycloakSession session,
                                                                            RealmModel realm,
                                                                            ClientModel client,
                                                                            String relayState)

Creates a client session object for SAML IdP-initiated SSO session. The session takes the parameters from from client definition, namely binding type and redirect URL.

Parameters:

session - KC session

realm - Realm to create client session in

client - Client to create client session for

relayState - Optional relay state - free field as per SAML specification

Returns:

The auth session model or null if there is no SAML url is found

artifactResolutionService

@POST
 @Path(value="resolve")
 @Consumes(value={"application/soap+xml","text/xml"})
public javax.ws.rs.core.Response artifactResolutionService(InputStream inputStream)

Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP or Artifact

Parameters:

inputStream - the data of the request.

Returns:

The response to the SOAP message

soapBinding

@POST
 @Consumes(value={"application/soap+xml","text/xml"})
public javax.ws.rs.core.Response soapBinding(InputStream inputStream)

Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP

Parameters:

inputStream - the data of the request.

Returns:

The response to the SOAP message

artifactResolve

public javax.ws.rs.core.Response artifactResolve(ArtifactResolveType artifactResolveMessage,
                                                 SAMLDocumentHolder artifactResolveHolder)
                                          throws ParsingException,
                                                 ConfigurationException,
                                                 ProcessingException

Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.

Parameters:

artifactResolveMessage - The artifact resolve message sent by the client

artifactResolveHolder - the document containing the artifact resolve message sent by the client

Returns:

a Response containing the SOAP message with the ArifactResponse

Throws:

ParsingException

ConfigurationException

ProcessingException