com.onelogin.saml2

Class Auth

java.lang.Object

com.onelogin.saml2.Auth

public class Auth
extends Object

Main class of OneLogin's Java Toolkit. This class implements the SP SAML instance. Defines the methods that you can invoke in your application in order to add SAML support (initiates sso, initiates slo, processes a SAML Response, a Logout Request or a Logout Response). This is stateful and not thread-safe, you should create a new instance for each request/response.

Constructor Summary

Constructors

Constructor and Description
Auth() Initializes the SP SAML instance.
Auth(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.
Auth(Saml2Settings settings, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.
Auth(String filename) Initializes the SP SAML instance.
Auth(String filename, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.

Method Summary

Modifier and Type	Method and Description
String	buildRequestSignature(String samlRequest, String relayState, String signAlgorithm) Generates the Signature for a SAML Request
String	buildResponseSignature(String samlResponse, String relayState, String signAlgorithm) Generates the Signature for a SAML Response
Collection<String>	getAttribute(String name)
Map<String,List<String>>	getAttributes()
List<String>	getAttributesName()
List<String>	getErrors()
String	getLastAssertionId()
List<org.joda.time.Instant>	getLastAssertionNotOnOrAfter()
String	getLastErrorReason()
String	getLastRequestId()
String	getNameId()
org.joda.time.DateTime	getSessionExpiration()
String	getSessionIndex()
Saml2Settings	getSettings()
String	getSLOResponseUrl()
String	getSLOurl()
String	getSSOurl()
boolean	isAuthenticated()
Boolean	isDebugActive()
void	login() Initiates the SSO process.
void	login(String returnTo) Initiates the SSO process.
void	login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) Initiates the SSO process.
String	login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay) Initiates the SSO process.
void	logout() Initiates the SLO process.
void	logout(String returnTo) Initiates the SLO process.
void	logout(String returnTo, String nameId, String sessionIndex) Initiates the SLO process.
String	logout(String returnTo, String nameId, String sessionIndex, Boolean stay) Initiates the SLO process.
void	processResponse() Process the SAML Response sent by the IdP.
void	processResponse(String requestId) Process the SAML Response sent by the IdP.
void	processSLO() Process the SAML Logout Response / Logout Request sent by the IdP.
void	processSLO(Boolean keepLocalSession, String requestId) Process the SAML Logout Response / Logout Request sent by the IdP.
void	setStrict(Boolean value) Set the strict mode active/disable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Auth

public Auth()
     throws IOException,
            SettingsException

Initializes the SP SAML instance.

Throws:

IOException

SettingsException

Auth

public Auth(String filename)
     throws IOException,
            SettingsException

Initializes the SP SAML instance.

Parameters:

filename - String Filename with the settings

Throws:

IOException

SettingsException

Auth

public Auth(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws IOException,
            SettingsException

Initializes the SP SAML instance.

Parameters:

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

IOException

SettingsException

Auth

public Auth(String filename,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException,
            IOException

Initializes the SP SAML instance.

Parameters:

filename - String Filename with the settings

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

SettingsException

IOException

Auth

public Auth(Saml2Settings settings,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException

Initializes the SP SAML instance.

Parameters:

settings - Saml2Settings object. Setting data

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

SettingsException

Method Detail

setStrict

public void setStrict(Boolean value)

Set the strict mode active/disable

Parameters:

value - Strict value

login

public String login(String returnTo,
                    Boolean forceAuthn,
                    Boolean isPassive,
                    Boolean setNameIdPolicy,
                    Boolean stay)
             throws IOException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'

isPassive - When true the AuthNRequest will set the IsPassive='true'

setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy

stay - True if we want to stay (returns the url string) False to execute redirection

Returns:

the SSO URL with the AuthNRequest if stay = True

Throws:

IOException

login

public void login(String returnTo,
                  Boolean forceAuthn,
                  Boolean isPassive,
                  Boolean setNameIdPolicy)
           throws IOException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'

isPassive - When true the AuthNRequest will set the IsPassive='true'

setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy

Throws:

IOException

login

public void login()
           throws IOException

Initiates the SSO process.

Throws:

IOException

login

public void login(String returnTo)
           throws IOException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided.

Throws:

IOException

logout

public String logout(String returnTo,
                     String nameId,
                     String sessionIndex,
                     Boolean stay)
              throws IOException,
                     XMLEntityException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

stay - True if we want to stay (returns the url string) False to execute redirection

Returns:

the SLO URL with the LogoutRequest if stay = True

Throws:

IOException

XMLEntityException

logout

public void logout(String returnTo,
                   String nameId,
                   String sessionIndex)
            throws IOException,
                   XMLEntityException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

Throws:

IOException

XMLEntityException

logout

public void logout()
            throws IOException,
                   XMLEntityException

Initiates the SLO process.

Throws:

IOException

XMLEntityException

logout

public void logout(String returnTo)
            throws IOException,
                   XMLEntityException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

Throws:

IOException

XMLEntityException

getSSOurl

public String getSSOurl()

Returns:

The url of the Single Sign On Service

getSLOurl

public String getSLOurl()

Returns:

The url of the Single Logout Service

getSLOResponseUrl

public String getSLOResponseUrl()

Returns:

The url of the Single Logout Service Response.

processResponse

public void processResponse(String requestId)
                     throws Exception

Process the SAML Response sent by the IdP.

Parameters:

requestId - The ID of the AuthNRequest sent by this SP to the IdP

Throws:

Exception

processResponse

public void processResponse()
                     throws Exception

Process the SAML Response sent by the IdP.

Throws:

Exception

processSLO

public void processSLO(Boolean keepLocalSession,
                       String requestId)
                throws XMLEntityException,
                       XPathExpressionException,
                       IOException

Process the SAML Logout Response / Logout Request sent by the IdP.

Parameters:

keepLocalSession - When false will destroy the local session, otherwise will destroy it

requestId - The ID of the LogoutRequest sent by this SP to the IdP

Throws:

XMLEntityException

XPathExpressionException

IOException

processSLO

public void processSLO()
                throws XPathExpressionException,
                       XMLEntityException,
                       IOException

Process the SAML Logout Response / Logout Request sent by the IdP.

Throws:

IOException

XMLEntityException

XPathExpressionException

isAuthenticated

public final boolean isAuthenticated()

Returns:

the authenticated

getAttributesName

public final List<String> getAttributesName()

Returns:

the list of the names of the SAML attributes.

getAttributes

public final Map<String,List<String>> getAttributes()

Returns:

the set of SAML attributes.

getAttribute

public final Collection<String> getAttribute(String name)

Parameters:

name - Name of the attribute

Returns:

the attribute value

getNameId

public final String getNameId()

Returns:

the nameID of the assertion

getSessionIndex

public final String getSessionIndex()

Returns:

the SessionIndex of the assertion

getSessionExpiration

public final org.joda.time.DateTime getSessionExpiration()

Returns:

the SessionNotOnOrAfter of the assertion

getLastAssertionId

public String getLastAssertionId()

Returns:

The ID of the last assertion processed

getLastAssertionNotOnOrAfter

public List<org.joda.time.Instant> getLastAssertionNotOnOrAfter()

Returns:

The NotOnOrAfter values of the last assertion processed

getErrors

public List<String> getErrors()

Returns:

an array with the errors, the array is empty when the validation was successful

getLastErrorReason

public String getLastErrorReason()

Returns:

the reason for the last error

getLastRequestId

public String getLastRequestId()

Returns:

the id of the last request generated (AuthnRequest or LogoutRequest), null if none

getSettings

public Saml2Settings getSettings()

Returns:

the Saml2Settings object. The Settings data.

isDebugActive

public Boolean isDebugActive()

Returns:

if debug mode is active

buildRequestSignature

public String buildRequestSignature(String samlRequest,
                                    String relayState,
                                    String signAlgorithm)

Generates the Signature for a SAML Request

Parameters:

samlRequest - The SAML Request

relayState - The RelayState

signAlgorithm - Signature algorithm method

Returns:

a base64 encoded signature

buildResponseSignature

public String buildResponseSignature(String samlResponse,
                                     String relayState,
                                     String signAlgorithm)

Generates the Signature for a SAML Response

Parameters:

samlResponse - The SAML Response

relayState - The RelayState

signAlgorithm - Signature algorithm method

Returns:

the base64 encoded signature