SamlProtocol (Keycloak Docs Distribution 15.0.2 API)

java.lang.Object
- org.keycloak.protocol.saml.SamlProtocol

All Implemented Interfaces:

LoginProtocol, Provider

Direct Known Subclasses:

TokenEndpoint.TokenExchangeSamlProtocol
```
public class SamlProtocol
extends Object
implements LoginProtocol
```
Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class SamlProtocol.ProtocolMapperProcessor<T>
- Nested classes/interfaces inherited from interface org.keycloak.protocol.LoginProtocol
  LoginProtocol.Error

Nested Classes
Modifier and Type	Class and Description
`static class`	`SamlProtocol.ProtocolMapperProcessor<T>`

Field Summary

Fields
Modifier and Type	Field and Description
`protected ArtifactResolver`	`artifactResolver`
`protected SamlArtifactSessionMappingStoreProvider`	`artifactSessionMappingStore`
`static String`	`ATTRIBUTE_FALSE_VALUE`
`static String`	`ATTRIBUTE_TRUE_VALUE`
`protected EventBuilder`	`event`
`protected javax.ws.rs.core.HttpHeaders`	`headers`
`protected static org.jboss.logging.Logger`	`logger`
`static String`	`LOGIN_PROTOCOL`
`protected RealmModel`	`realm`
`static String`	`SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE`
`static String`	`SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE`
`static String`	`SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE`
`static String`	`SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE`
`static String`	`SAML_BINDING`
`static String`	`SAML_DEFAULT_NAMEID_FORMAT`
`static String`	`SAML_FORCEAUTHN_REQUIREMENT`
`static String`	`SAML_IDP_INITIATED_LOGIN`
`static String`	`SAML_IDP_INITIATED_SSO_RELAY_STATE`
`static String`	`SAML_IDP_INITIATED_SSO_URL_NAME`
`static String`	`SAML_LOGIN_REQUEST_FORCEAUTHN`
`static String`	`SAML_LOGOUT_ADD_EXTENSIONS_ELEMENT_WITH_KEY_INFO`
`static String`	`SAML_LOGOUT_BINDING`
`static String`	`SAML_LOGOUT_BINDING_URI`
`static String`	`SAML_LOGOUT_CANONICALIZATION`
`static String`	`SAML_LOGOUT_INITIATOR_CLIENT_ID`
`static String`	`SAML_LOGOUT_RELAY_STATE`
`static String`	`SAML_LOGOUT_REQUEST_ID`
`static String`	`SAML_LOGOUT_SIGNATURE_ALGORITHM`
`static String`	`SAML_NAME_ID`
`static String`	`SAML_NAME_ID_FORMAT`
`static String`	`SAML_PERSISTENT_NAME_ID_FOR`
`static String`	`SAML_POST_BINDING`
`static String`	`SAML_REDIRECT_BINDING`
`static String`	`SAML_REQUEST_ID`
`static String`	`SAML_SERVER_SIGNATURE_KEYINFO_KEY_NAME_TRANSFORMER`
`static String`	`SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE`
`static String`	`SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE`
`static String`	`SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE`
`static String`	`SAML_SOAP_BINDING`
`protected KeycloakSession`	`session`
`protected javax.ws.rs.core.UriInfo`	`uriInfo`

Constructor Summary

Constructors
Constructor and Description

SamlProtocol()

Constructors
Constructor and Description
`SamlProtocol()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`javax.ws.rs.core.Response`	`authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx)`
`javax.ws.rs.core.Response`	`backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)`
`protected String`	`buildArtifactAndStoreResponse(SAML2Object saml2Object, AuthenticatedClientSessionModel clientSessionModel)`
`protected String`	`buildArtifactAndStoreResponse(SAML2Object statusResponseType, UserSessionModel userSession)`
`protected javax.ws.rs.core.Response`	`buildArtifactAuthenticatedResponse(AuthenticatedClientSessionModel clientSession, String redirectUri, SAML2Object samlDocument, JaxrsSAML2BindingBuilder bindingBuilder)` This method, instead of sending the actual response with the token sends the artifact message via post or redirect.
`protected javax.ws.rs.core.Response`	`buildAuthenticatedResponse(AuthenticatedClientSessionModel clientSession, String redirectUri, Document samlDocument, JaxrsSAML2BindingBuilder bindingBuilder)`
`protected javax.ws.rs.core.Response`	`buildErrorResponse(boolean isPostBinding, String destination, JaxrsSAML2BindingBuilder binding, Document document)`
`protected javax.ws.rs.core.Response`	`buildLogoutArtifactResponse(UserSessionModel userSession, String redirectUri, StatusResponseType statusResponseType, JaxrsSAML2BindingBuilder bindingBuilder)` This method, instead of sending the actual response with the token, sends the artifact message via post or redirect.
`protected javax.ws.rs.core.Response`	`buildLogoutResponse(UserSessionModel userSession, String logoutBindingUri, SAML2LogoutResponseBuilder builder, JaxrsSAML2BindingBuilder binding)`
`void`	`close()`
`protected LogoutRequestType`	`createLogoutRequest(String logoutUrl, AuthenticatedClientSessionModel clientSession, ClientModel client, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions)`
`javax.ws.rs.core.Response`	`finishLogout(UserSessionModel userSession)`
`javax.ws.rs.core.Response`	`frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)`
`static String`	`getLogoutServiceUrl(KeycloakSession session, ClientModel client, String bindingType, boolean backChannelLogout)`
`protected String`	`getNameId(String nameIdFormat, CommonClientSessionModel clientSession, UserSessionModel userSession)`
`protected String`	`getNameIdFormat(SamlClient samlClient, AuthenticationSessionModel authSession)`
`protected String`	`getPersistentNameId(CommonClientSessionModel clientSession, UserSessionModel userSession)` Attempts to retrieve the persistent type NameId as follows: saml.persistent.name.id.for.$clientId user attribute saml.persistent.name.id.for.* user attribute G-$randomUuid
`protected String`	`getResponseIssuer(RealmModel realm)`
`protected String`	`getSAMLNameId(List<SamlProtocol.ProtocolMapperProcessor<SAMLNameIdMapper>> samlNameIdMappers, String nameIdFormat, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)`
`protected boolean`	`isLogoutPostBindingForClient(AuthenticatedClientSessionModel clientSession)`
`static boolean`	`isLogoutPostBindingForInitiator(UserSessionModel session)`
`protected boolean`	`isPostBinding(AuthenticatedClientSessionModel clientSession)`
`protected boolean`	`isPostBinding(AuthenticationSessionModel authSession)`
`AttributeStatementType`	`populateAttributeStatements(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)`
`void`	`populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx, AttributeStatementType existingAttributeStatement)`
`boolean`	`requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession)`
`javax.ws.rs.core.Response`	`sendError(AuthenticationSessionModel authSession, LoginProtocol.Error error)`
`SamlProtocol`	`setEventBuilder(EventBuilder event)`
`SamlProtocol`	`setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)`
`SamlProtocol`	`setRealm(RealmModel realm)`
`SamlProtocol`	`setSession(KeycloakSession session)`
`SamlProtocol`	`setUriInfo(javax.ws.rs.core.UriInfo uriInfo)`
`ResponseType`	`transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers, ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx)`
`static boolean`	`useArtifactForLogout(ClientModel client)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.protocol.LoginProtocol
sendPushRevocationPolicyRequest

Field Detail

ATTRIBUTE_TRUE_VALUE

public static final String ATTRIBUTE_TRUE_VALUE

See Also:: Constant Field Values

ATTRIBUTE_FALSE_VALUE

public static final String ATTRIBUTE_FALSE_VALUE

See Also:: Constant Field Values

SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

See Also:: Constant Field Values

SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

See Also:: Constant Field Values

SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE

See Also:: Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

See Also:: Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE

See Also:: Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

See Also:: Constant Field Values

SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE

public static final String SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE

See Also:: Constant Field Values

LOGIN_PROTOCOL

public static final String LOGIN_PROTOCOL

See Also:: Constant Field Values

SAML_BINDING

public static final String SAML_BINDING

See Also:: Constant Field Values

SAML_IDP_INITIATED_LOGIN

public static final String SAML_IDP_INITIATED_LOGIN

See Also:: Constant Field Values

SAML_POST_BINDING

public static final String SAML_POST_BINDING

See Also:: Constant Field Values

SAML_SOAP_BINDING

public static final String SAML_SOAP_BINDING

See Also:: Constant Field Values

SAML_REDIRECT_BINDING

public static final String SAML_REDIRECT_BINDING

See Also:: Constant Field Values

SAML_REQUEST_ID

public static final String SAML_REQUEST_ID

See Also:: Constant Field Values

SAML_LOGOUT_BINDING

public static final String SAML_LOGOUT_BINDING

See Also:: Constant Field Values

SAML_LOGOUT_ADD_EXTENSIONS_ELEMENT_WITH_KEY_INFO

public static final String SAML_LOGOUT_ADD_EXTENSIONS_ELEMENT_WITH_KEY_INFO

See Also:: Constant Field Values

SAML_SERVER_SIGNATURE_KEYINFO_KEY_NAME_TRANSFORMER

public static final String SAML_SERVER_SIGNATURE_KEYINFO_KEY_NAME_TRANSFORMER

See Also:: Constant Field Values

SAML_LOGOUT_REQUEST_ID

public static final String SAML_LOGOUT_REQUEST_ID

See Also:: Constant Field Values

SAML_LOGOUT_RELAY_STATE

public static final String SAML_LOGOUT_RELAY_STATE

See Also:: Constant Field Values

SAML_LOGOUT_CANONICALIZATION

public static final String SAML_LOGOUT_CANONICALIZATION

See Also:: Constant Field Values

SAML_LOGOUT_BINDING_URI

public static final String SAML_LOGOUT_BINDING_URI

See Also:: Constant Field Values

SAML_LOGOUT_SIGNATURE_ALGORITHM

public static final String SAML_LOGOUT_SIGNATURE_ALGORITHM

See Also:: Constant Field Values

SAML_NAME_ID

public static final String SAML_NAME_ID

See Also:: Constant Field Values

SAML_NAME_ID_FORMAT

public static final String SAML_NAME_ID_FORMAT

See Also:: Constant Field Values

SAML_DEFAULT_NAMEID_FORMAT

public static final String SAML_DEFAULT_NAMEID_FORMAT

SAML_PERSISTENT_NAME_ID_FOR

public static final String SAML_PERSISTENT_NAME_ID_FOR

See Also:: Constant Field Values

SAML_IDP_INITIATED_SSO_RELAY_STATE

public static final String SAML_IDP_INITIATED_SSO_RELAY_STATE

See Also:: Constant Field Values

SAML_IDP_INITIATED_SSO_URL_NAME

public static final String SAML_IDP_INITIATED_SSO_URL_NAME

See Also:: Constant Field Values

SAML_LOGIN_REQUEST_FORCEAUTHN

public static final String SAML_LOGIN_REQUEST_FORCEAUTHN

See Also:: Constant Field Values

SAML_FORCEAUTHN_REQUIREMENT

public static final String SAML_FORCEAUTHN_REQUIREMENT

See Also:: Constant Field Values

SAML_LOGOUT_INITIATOR_CLIENT_ID

public static final String SAML_LOGOUT_INITIATOR_CLIENT_ID

See Also:: Constant Field Values

logger

protected static final org.jboss.logging.Logger logger

session
```
protected KeycloakSession session
```

realm
```
protected RealmModel realm
```

uriInfo

protected javax.ws.rs.core.UriInfo uriInfo

headers

protected javax.ws.rs.core.HttpHeaders headers

event
```
protected EventBuilder event
```

artifactResolver

protected ArtifactResolver artifactResolver

artifactSessionMappingStore

protected SamlArtifactSessionMappingStoreProvider artifactSessionMappingStore

Constructor Detail
- SamlProtocol
```
public SamlProtocol()
```

Method Detail

setSession

public SamlProtocol setSession(KeycloakSession session)

Specified by:: setSession in interface LoginProtocol

setRealm

public SamlProtocol setRealm(RealmModel realm)

Specified by:: setRealm in interface LoginProtocol

setUriInfo

public SamlProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)

Specified by:: setUriInfo in interface LoginProtocol

setHttpHeaders

public SamlProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)

Specified by:: setHttpHeaders in interface LoginProtocol

setEventBuilder
```
public SamlProtocol setEventBuilder(EventBuilder event)
```
Specified by:

setEventBuilder in interface LoginProtocol

sendError

public javax.ws.rs.core.Response sendError(AuthenticationSessionModel authSession,
                                           LoginProtocol.Error error)

Specified by:: sendError in interface LoginProtocol

buildErrorResponse

protected javax.ws.rs.core.Response buildErrorResponse(boolean isPostBinding,
                                                       String destination,
                                                       JaxrsSAML2BindingBuilder binding,
                                                       Document document)
                                                throws ConfigurationException,
                                                       ProcessingException,
                                                       IOException

Throws:: ConfigurationException; ProcessingException; IOException

getResponseIssuer

protected String getResponseIssuer(RealmModel realm)

isPostBinding

protected boolean isPostBinding(AuthenticationSessionModel authSession)

isPostBinding

protected boolean isPostBinding(AuthenticatedClientSessionModel clientSession)

isLogoutPostBindingForInitiator

public static boolean isLogoutPostBindingForInitiator(UserSessionModel session)

isLogoutPostBindingForClient

protected boolean isLogoutPostBindingForClient(AuthenticatedClientSessionModel clientSession)

getNameIdFormat

protected String getNameIdFormat(SamlClient samlClient,
                                 AuthenticationSessionModel authSession)

getNameId

protected String getNameId(String nameIdFormat,
                           CommonClientSessionModel clientSession,
                           UserSessionModel userSession)

getPersistentNameId
```
protected String getPersistentNameId(CommonClientSessionModel clientSession,
                                     UserSessionModel userSession)
```
Attempts to retrieve the persistent type NameId as follows:
1. saml.persistent.name.id.for.$clientId user attribute
2. saml.persistent.name.id.for.* user attribute
3. G-$randomUuid
If a randomUuid is generated, an attribute for the given saml.persistent.name.id.for.$clientId will be generated, otherwise no state change will occur with respect to the user's attributes.
Returns:

the user's persistent NameId

authenticated

public javax.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession,
                                               UserSessionModel userSession,
                                               ClientSessionContext clientSessionCtx)

Specified by:: authenticated in interface LoginProtocol

buildAuthenticatedResponse

protected javax.ws.rs.core.Response buildAuthenticatedResponse(AuthenticatedClientSessionModel clientSession,
                                                               String redirectUri,
                                                               Document samlDocument,
                                                               JaxrsSAML2BindingBuilder bindingBuilder)
                                                        throws ConfigurationException,
                                                               ProcessingException,
                                                               IOException

Throws:: ConfigurationException; ProcessingException; IOException

populateAttributeStatements

public AttributeStatementType populateAttributeStatements(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers,
                                                          KeycloakSession session,
                                                          UserSessionModel userSession,
                                                          AuthenticatedClientSessionModel clientSession)

transformLoginResponse

public ResponseType transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers,
                                           ResponseType response,
                                           KeycloakSession session,
                                           UserSessionModel userSession,
                                           ClientSessionContext clientSessionCtx)

populateRoles

public void populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper,
                          KeycloakSession session,
                          UserSessionModel userSession,
                          ClientSessionContext clientSessionCtx,
                          AttributeStatementType existingAttributeStatement)

getSAMLNameId

protected String getSAMLNameId(List<SamlProtocol.ProtocolMapperProcessor<SAMLNameIdMapper>> samlNameIdMappers,
                               String nameIdFormat,
                               KeycloakSession session,
                               UserSessionModel userSession,
                               AuthenticatedClientSessionModel clientSession)

getLogoutServiceUrl

public static String getLogoutServiceUrl(KeycloakSession session,
                                         ClientModel client,
                                         String bindingType,
                                         boolean backChannelLogout)

useArtifactForLogout

public static boolean useArtifactForLogout(ClientModel client)

frontchannelLogout

public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession,
                                                    AuthenticatedClientSessionModel clientSession)

Specified by:: frontchannelLogout in interface LoginProtocol

finishLogout

public javax.ws.rs.core.Response finishLogout(UserSessionModel userSession)

Specified by:: finishLogout in interface LoginProtocol

buildLogoutResponse

protected javax.ws.rs.core.Response buildLogoutResponse(UserSessionModel userSession,
                                                        String logoutBindingUri,
                                                        SAML2LogoutResponseBuilder builder,
                                                        JaxrsSAML2BindingBuilder binding)
                                                 throws ConfigurationException,
                                                        ProcessingException,
                                                        IOException

Throws:: ConfigurationException; ProcessingException; IOException

backchannelLogout

public javax.ws.rs.core.Response backchannelLogout(UserSessionModel userSession,
                                                   AuthenticatedClientSessionModel clientSession)

Specified by:: backchannelLogout in interface LoginProtocol

createLogoutRequest

protected LogoutRequestType createLogoutRequest(String logoutUrl,
                                                AuthenticatedClientSessionModel clientSession,
                                                ClientModel client,
                                                SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions)
                                         throws ConfigurationException

Throws:: ConfigurationException

requireReauthentication

public boolean requireReauthentication(UserSessionModel userSession,
                                       AuthenticationSessionModel authSession)

Specified by:: requireReauthentication in interface LoginProtocol
Returns:: true if SSO cookie authentication can't be used. User will need to "actively" reauthenticate

close
```
public void close()
```
Specified by:

close in interface Provider

buildArtifactAuthenticatedResponse

protected javax.ws.rs.core.Response buildArtifactAuthenticatedResponse(AuthenticatedClientSessionModel clientSession,
                                                                       String redirectUri,
                                                                       SAML2Object samlDocument,
                                                                       JaxrsSAML2BindingBuilder bindingBuilder)
                                                                throws ProcessingException,
                                                                       ConfigurationException

This method, instead of sending the actual response with the token sends the artifact message via post or redirect.

Parameters:: clientSession - the current authenticated client session; redirectUri - the redirect uri to the client; samlDocument - a Document containing the saml Response; bindingBuilder - the current JaxrsSAML2BindingBuilder configured with information for signing and encryption
Returns:: A response (POSTed form or redirect) with a newly generated artifact
Throws:: ConfigurationException; ProcessingException; IOException

buildLogoutArtifactResponse

protected javax.ws.rs.core.Response buildLogoutArtifactResponse(UserSessionModel userSession,
                                                                String redirectUri,
                                                                StatusResponseType statusResponseType,
                                                                JaxrsSAML2BindingBuilder bindingBuilder)
                                                         throws ProcessingException,
                                                                ConfigurationException

This method, instead of sending the actual response with the token, sends the artifact message via post or redirect. This method is only to be used for the final LogoutResponse.

Parameters:: userSession - The current user session being logged out; redirectUri - the redirect uri to the client; statusResponseType - a Document containing the saml Response; bindingBuilder - the current JaxrsSAML2BindingBuilder configured with information for signing and encryption
Returns:: A response (POSTed form or redirect) with a newly generated artifact
Throws:: ProcessingException; IOException; ConfigurationException

buildArtifactAndStoreResponse

protected String buildArtifactAndStoreResponse(SAML2Object statusResponseType,
                                               UserSessionModel userSession)
                                        throws ArtifactResolverProcessingException,
                                               ConfigurationException,
                                               ProcessingException

Throws:: ArtifactResolverProcessingException; ConfigurationException; ProcessingException

buildArtifactAndStoreResponse

protected String buildArtifactAndStoreResponse(SAML2Object saml2Object,
                                               AuthenticatedClientSessionModel clientSessionModel)
                                        throws ArtifactResolverProcessingException,
                                               ProcessingException,
                                               ConfigurationException

Throws:: ArtifactResolverProcessingException; ProcessingException; ConfigurationException

Class SamlProtocol

Nested Class Summary

Nested classes/interfaces inherited from interface org.keycloak.protocol.LoginProtocol

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.protocol.LoginProtocol

Field Detail

ATTRIBUTE_TRUE_VALUE

ATTRIBUTE_FALSE_VALUE

SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE

SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE

SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE

LOGIN_PROTOCOL

SAML_BINDING

SAML_IDP_INITIATED_LOGIN

SAML_POST_BINDING

SAML_SOAP_BINDING

SAML_REDIRECT_BINDING

SAML_REQUEST_ID

SAML_LOGOUT_BINDING

SAML_LOGOUT_ADD_EXTENSIONS_ELEMENT_WITH_KEY_INFO

SAML_SERVER_SIGNATURE_KEYINFO_KEY_NAME_TRANSFORMER

SAML_LOGOUT_REQUEST_ID

SAML_LOGOUT_RELAY_STATE

SAML_LOGOUT_CANONICALIZATION

SAML_LOGOUT_BINDING_URI

SAML_LOGOUT_SIGNATURE_ALGORITHM

SAML_NAME_ID

SAML_NAME_ID_FORMAT

SAML_DEFAULT_NAMEID_FORMAT

SAML_PERSISTENT_NAME_ID_FOR

SAML_IDP_INITIATED_SSO_RELAY_STATE

SAML_IDP_INITIATED_SSO_URL_NAME

SAML_LOGIN_REQUEST_FORCEAUTHN

SAML_FORCEAUTHN_REQUIREMENT

SAML_LOGOUT_INITIATOR_CLIENT_ID

logger

session

realm

uriInfo

headers

event

artifactResolver

artifactSessionMappingStore

Constructor Detail

SamlProtocol

Method Detail

setSession

setRealm

setUriInfo

setHttpHeaders

setEventBuilder

sendError

buildErrorResponse

getResponseIssuer

isPostBinding

isPostBinding

isLogoutPostBindingForInitiator

isLogoutPostBindingForClient

getNameIdFormat

getNameId

getPersistentNameId

authenticated

buildAuthenticatedResponse

populateAttributeStatements

transformLoginResponse

populateRoles

getSAMLNameId

getLogoutServiceUrl

useArtifactForLogout

frontchannelLogout

finishLogout

buildLogoutResponse

backchannelLogout