public class SamlProtocol extends Object implements LoginProtocol
Modifier and Type | Class and Description |
---|---|
static class |
SamlProtocol.ProtocolMapperProcessor<T> |
LoginProtocol.Error
Constructor and Description |
---|
SamlProtocol() |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
sendPushRevocationPolicyRequest
public static final String ATTRIBUTE_TRUE_VALUE
public static final String ATTRIBUTE_FALSE_VALUE
public static final String SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE
public static final String SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE
public static final String SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE
public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE
public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE
public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE
public static final String SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE
public static final String LOGIN_PROTOCOL
public static final String SAML_BINDING
public static final String SAML_IDP_INITIATED_LOGIN
public static final String SAML_POST_BINDING
public static final String SAML_SOAP_BINDING
public static final String SAML_REDIRECT_BINDING
public static final String SAML_REQUEST_ID
public static final String SAML_LOGOUT_BINDING
public static final String SAML_LOGOUT_ADD_EXTENSIONS_ELEMENT_WITH_KEY_INFO
public static final String SAML_SERVER_SIGNATURE_KEYINFO_KEY_NAME_TRANSFORMER
public static final String SAML_LOGOUT_REQUEST_ID
public static final String SAML_LOGOUT_RELAY_STATE
public static final String SAML_LOGOUT_CANONICALIZATION
public static final String SAML_LOGOUT_BINDING_URI
public static final String SAML_LOGOUT_SIGNATURE_ALGORITHM
public static final String SAML_NAME_ID
public static final String SAML_NAME_ID_FORMAT
public static final String SAML_DEFAULT_NAMEID_FORMAT
public static final String SAML_PERSISTENT_NAME_ID_FOR
public static final String SAML_IDP_INITIATED_SSO_RELAY_STATE
public static final String SAML_IDP_INITIATED_SSO_URL_NAME
public static final String SAML_LOGIN_REQUEST_FORCEAUTHN
public static final String SAML_FORCEAUTHN_REQUIREMENT
public static final String SAML_LOGOUT_INITIATOR_CLIENT_ID
protected static final org.jboss.logging.Logger logger
protected KeycloakSession session
protected RealmModel realm
protected javax.ws.rs.core.UriInfo uriInfo
protected javax.ws.rs.core.HttpHeaders headers
protected EventBuilder event
protected ArtifactResolver artifactResolver
protected SamlArtifactSessionMappingStoreProvider artifactSessionMappingStore
public SamlProtocol setSession(KeycloakSession session)
setSession
in interface LoginProtocol
public SamlProtocol setRealm(RealmModel realm)
setRealm
in interface LoginProtocol
public SamlProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)
setUriInfo
in interface LoginProtocol
public SamlProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)
setHttpHeaders
in interface LoginProtocol
public SamlProtocol setEventBuilder(EventBuilder event)
setEventBuilder
in interface LoginProtocol
public javax.ws.rs.core.Response sendError(AuthenticationSessionModel authSession, LoginProtocol.Error error)
sendError
in interface LoginProtocol
protected javax.ws.rs.core.Response buildErrorResponse(boolean isPostBinding, String destination, JaxrsSAML2BindingBuilder binding, Document document) throws ConfigurationException, ProcessingException, IOException
protected String getResponseIssuer(RealmModel realm)
protected boolean isPostBinding(AuthenticationSessionModel authSession)
protected boolean isPostBinding(AuthenticatedClientSessionModel clientSession)
public static boolean isLogoutPostBindingForInitiator(UserSessionModel session)
protected boolean isLogoutPostBindingForClient(AuthenticatedClientSessionModel clientSession)
protected String getNameIdFormat(SamlClient samlClient, AuthenticationSessionModel authSession)
protected String getNameId(String nameIdFormat, CommonClientSessionModel clientSession, UserSessionModel userSession)
protected String getPersistentNameId(CommonClientSessionModel clientSession, UserSessionModel userSession)
If a randomUuid is generated, an attribute for the given saml.persistent.name.id.for.$clientId will be generated, otherwise no state change will occur with respect to the user's attributes.
public javax.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
authenticated
in interface LoginProtocol
protected javax.ws.rs.core.Response buildAuthenticatedResponse(AuthenticatedClientSessionModel clientSession, String redirectUri, Document samlDocument, JaxrsSAML2BindingBuilder bindingBuilder) throws ConfigurationException, ProcessingException, IOException
public AttributeStatementType populateAttributeStatements(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
public ResponseType transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers, ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
public void populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx, AttributeStatementType existingAttributeStatement)
protected String getSAMLNameId(List<SamlProtocol.ProtocolMapperProcessor<SAMLNameIdMapper>> samlNameIdMappers, String nameIdFormat, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
public static String getLogoutServiceUrl(KeycloakSession session, ClientModel client, String bindingType, boolean backChannelLogout)
public static boolean useArtifactForLogout(ClientModel client)
public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
frontchannelLogout
in interface LoginProtocol
public javax.ws.rs.core.Response finishLogout(UserSessionModel userSession)
finishLogout
in interface LoginProtocol
protected javax.ws.rs.core.Response buildLogoutResponse(UserSessionModel userSession, String logoutBindingUri, SAML2LogoutResponseBuilder builder, JaxrsSAML2BindingBuilder binding) throws ConfigurationException, ProcessingException, IOException
public javax.ws.rs.core.Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
backchannelLogout
in interface LoginProtocol
protected LogoutRequestType createLogoutRequest(String logoutUrl, AuthenticatedClientSessionModel clientSession, ClientModel client, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions) throws ConfigurationException
ConfigurationException
public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession)
requireReauthentication
in interface LoginProtocol
protected javax.ws.rs.core.Response buildArtifactAuthenticatedResponse(AuthenticatedClientSessionModel clientSession, String redirectUri, SAML2Object samlDocument, JaxrsSAML2BindingBuilder bindingBuilder) throws ProcessingException, ConfigurationException
clientSession
- the current authenticated client sessionredirectUri
- the redirect uri to the clientsamlDocument
- a Document containing the saml ResponsebindingBuilder
- the current JaxrsSAML2BindingBuilder configured with information for signing and encryptionConfigurationException
ProcessingException
IOException
protected javax.ws.rs.core.Response buildLogoutArtifactResponse(UserSessionModel userSession, String redirectUri, StatusResponseType statusResponseType, JaxrsSAML2BindingBuilder bindingBuilder) throws ProcessingException, ConfigurationException
userSession
- The current user session being logged outredirectUri
- the redirect uri to the clientstatusResponseType
- a Document containing the saml ResponsebindingBuilder
- the current JaxrsSAML2BindingBuilder configured with information for signing and encryptionProcessingException
IOException
ConfigurationException
protected String buildArtifactAndStoreResponse(SAML2Object statusResponseType, UserSessionModel userSession) throws ArtifactResolverProcessingException, ConfigurationException, ProcessingException
protected String buildArtifactAndStoreResponse(SAML2Object saml2Object, AuthenticatedClientSessionModel clientSessionModel) throws ArtifactResolverProcessingException, ProcessingException, ConfigurationException
Copyright © 2021 JBoss by Red Hat. All rights reserved.