org.jasig.portal.security.provider.saml.SAMLDelegatedAuthenticationService
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class SAMLDelegatedAuthenticationService
This class implements the delegated SAML authentication protocol. Delegated SAML authentication is most useful for portals, which often act as proxies on behalf of the logged on users. The portal can use its own SAML assertion to request a "proxy" or "delegated" SAML assertion to present to a "downstream" Web Service Provider (WSP) for authentication.
While this class implements the business logic for obtaining a delegated
SAML assertion, it is the SAMLSession class that is used to retain the
state of the authentication and the connection to the WSP. Since this class
is not stateful, it can be considered thread-safe.
| Field Summary | |
|---|---|
protected org.slf4j.Logger |
logger
|
| Constructor Summary | |
|---|---|
SAMLDelegatedAuthenticationService()
Public default constructor that performs basic initialization |
|
| Method Summary | |
|---|---|
org.apache.http.HttpResponse |
authenticate(SAMLSession samlSession,
byte[] paosBytes)
This method authenticates to a WPS as a result of intercepting a blocked access for a resource and getting a SOAP request for delegated SAML authentication. |
org.apache.http.HttpResponse |
authenticate(SAMLSession samlSession,
Resource resource)
This method should be used to authenticate to and get a resource from a Shibboleth-protected Web Service. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
protected final org.slf4j.Logger logger
| Constructor Detail |
|---|
public SAMLDelegatedAuthenticationService()
| Method Detail |
|---|
public org.apache.http.HttpResponse authenticate(SAMLSession samlSession,
Resource resource)
This method should be used to authenticate to and get a resource from
a Shibboleth-protected Web Service. Because it establishes a SAML session,
this method is processing-intensive, as it makes several HTTP connections
to complete delegated authentication with the IdP. Once the authentication
succeeds, the client of the library should use the HttpClient available
by calling SAMLSession.getHttpClient()
Calling this method should only be done in exceptional cases. THis is
because the request and response interceptors installed on the HttpClient
by SAMLSession should be able to perform authentication
automatically.
samlSession - SAML sessionresource - a Resource object whose URL member is set to represent
the resource to retrieve. Upon successful return the
Resource object will contain a String representing
the retrieved resource. However, if this method returns
a non-null value, the returned value means should be used
to request the resource.
public org.apache.http.HttpResponse authenticate(SAMLSession samlSession,
byte[] paosBytes)
This method authenticates to a WPS as a result of intercepting a blocked access for a resource and getting a SOAP request for delegated SAML authentication.
This method is called by the HttpResponseInterceptor
when the interceptor determines that the WSP requires authentication.
samlSession - SAML sessionpaosBytes - SOAP request for authentication
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||