org.keycloak.protocol.saml

Class SamlProtocol

java.lang.Object

org.keycloak.protocol.saml.SamlProtocol

All Implemented Interfaces:

LoginProtocol, Provider

public class SamlProtocol
extends Object
implements LoginProtocol

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SamlProtocol.ProtocolMapperProcessor<T>

Nested classes/interfaces inherited from interface org.keycloak.protocol.LoginProtocol

LoginProtocol.Error

Field Summary

Fields

Modifier and Type	Field and Description
static String	ATTRIBUTE_FALSE_VALUE
static String	ATTRIBUTE_TRUE_VALUE
protected EventBuilder	event
protected javax.ws.rs.core.HttpHeaders	headers
protected static org.jboss.logging.Logger	logger
static String	LOGIN_PROTOCOL
protected RealmModel	realm
static String	SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE
static String	SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE
static String	SAML_ASSERTION_SIGNATURE
static String	SAML_AUTHNSTATEMENT
static String	SAML_BINDING
static String	SAML_CANONICALIZATION_METHOD_ATTRIBUTE
static String	SAML_CLIENT_SIGNATURE_ATTRIBUTE
static String	SAML_DEFAULT_NAMEID_FORMAT
static String	SAML_ENCRYPT
static String	SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE
static String	SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE
static String	SAML_FORCE_POST_BINDING
static String	SAML_IDP_INITIATED_LOGIN
static String	SAML_IDP_INITIATED_SSO_RELAY_STATE
static String	SAML_IDP_INITIATED_SSO_URL_NAME
static String	SAML_LOGOUT_BINDING
static String	SAML_LOGOUT_BINDING_URI
static String	SAML_LOGOUT_CANONICALIZATION
static String	SAML_LOGOUT_RELAY_STATE
static String	SAML_LOGOUT_REQUEST_ID
static String	SAML_LOGOUT_SIGNATURE_ALGORITHM
static String	SAML_NAME_ID
static String	SAML_NAME_ID_FORMAT
static String	SAML_NAME_ID_FORMAT_ATTRIBUTE
static String	SAML_PERSISTENT_NAME_ID_FOR
static String	SAML_POST_BINDING
static String	SAML_REDIRECT_BINDING
static String	SAML_REQUEST_ID
static String	SAML_SERVER_SIGNATURE
static String	SAML_SIGNATURE_ALGORITHM
static String	SAML_SIGNING_CERTIFICATE_ATTRIBUTE
static String	SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE
static String	SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE
protected KeycloakSession	session
protected javax.ws.rs.core.UriInfo	uriInfo

Constructor Summary

Constructors

Constructor and Description
SamlProtocol()

Method Summary

Modifier and Type	Method and Description
javax.ws.rs.core.Response	authenticated(UserSessionModel userSession, ClientSessionCode accessCode)
void	backchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession)
void	close()
protected SAML2LogoutRequestBuilder	createLogoutRequest(String logoutUrl, ClientSessionModel clientSession, ClientModel client)
javax.ws.rs.core.Response	finishLogout(UserSessionModel userSession)
static boolean	forceNameIdFormat(ClientModel client)
static boolean	forcePostBinding(ClientModel client)
javax.ws.rs.core.Response	frontchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession)
static String	getLogoutServiceUrl(javax.ws.rs.core.UriInfo uriInfo, ClientModel client, String bindingType)
protected String	getNameId(String nameIdFormat, ClientSessionModel clientSession, UserSessionModel userSession)
protected String	getNameIdFormat(ClientSessionModel clientSession)
protected String	getResponseIssuer(RealmModel realm)
static SignatureAlgorithm	getSignatureAlgorithm(ClientModel client)
static boolean	includeAuthnStatement(ClientModel client)
protected boolean	isLogoutPostBindingForClient(ClientSessionModel clientSession)
static boolean	isLogoutPostBindingForInitiator(UserSessionModel session)
protected boolean	isPostBinding(ClientSessionModel clientSession)
void	populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper, ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)
static boolean	requiresAssertionSignature(ClientModel client)
static boolean	requiresRealmSignature(ClientModel client)
javax.ws.rs.core.Response	sendError(ClientSessionModel clientSession, LoginProtocol.Error error)
SamlProtocol	setEventBuilder(EventBuilder event)
SamlProtocol	setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)
SamlProtocol	setRealm(RealmModel realm)
SamlProtocol	setSession(KeycloakSession session)
SamlProtocol	setUriInfo(javax.ws.rs.core.UriInfo uriInfo)
void	transformAttributeStatement(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers, ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)
ResponseType	transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers, ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

ATTRIBUTE_TRUE_VALUE

public static final String ATTRIBUTE_TRUE_VALUE

See Also:

Constant Field Values

ATTRIBUTE_FALSE_VALUE

public static final String ATTRIBUTE_FALSE_VALUE

See Also:

Constant Field Values

SAML_SIGNING_CERTIFICATE_ATTRIBUTE

public static final String SAML_SIGNING_CERTIFICATE_ATTRIBUTE

See Also:

Constant Field Values

SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE

public static final String SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE

See Also:

Constant Field Values

SAML_CLIENT_SIGNATURE_ATTRIBUTE

public static final String SAML_CLIENT_SIGNATURE_ATTRIBUTE

See Also:

Constant Field Values

SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

See Also:

Constant Field Values

SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

See Also:

Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

See Also:

Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

See Also:

Constant Field Values

SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE

public static final String SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE

See Also:

Constant Field Values

SAML_NAME_ID_FORMAT_ATTRIBUTE

public static final String SAML_NAME_ID_FORMAT_ATTRIBUTE

See Also:

Constant Field Values

SAML_CANONICALIZATION_METHOD_ATTRIBUTE

public static final String SAML_CANONICALIZATION_METHOD_ATTRIBUTE

See Also:

Constant Field Values

LOGIN_PROTOCOL

public static final String LOGIN_PROTOCOL

See Also:

Constant Field Values

SAML_BINDING

public static final String SAML_BINDING

See Also:

Constant Field Values

SAML_IDP_INITIATED_LOGIN

public static final String SAML_IDP_INITIATED_LOGIN

See Also:

Constant Field Values

SAML_POST_BINDING

public static final String SAML_POST_BINDING

See Also:

Constant Field Values

SAML_REDIRECT_BINDING

public static final String SAML_REDIRECT_BINDING

See Also:

Constant Field Values

SAML_SERVER_SIGNATURE

public static final String SAML_SERVER_SIGNATURE

See Also:

Constant Field Values

SAML_ASSERTION_SIGNATURE

public static final String SAML_ASSERTION_SIGNATURE

See Also:

Constant Field Values

SAML_AUTHNSTATEMENT

public static final String SAML_AUTHNSTATEMENT

See Also:

Constant Field Values

SAML_SIGNATURE_ALGORITHM

public static final String SAML_SIGNATURE_ALGORITHM

See Also:

Constant Field Values

SAML_ENCRYPT

public static final String SAML_ENCRYPT

See Also:

Constant Field Values

SAML_FORCE_POST_BINDING

public static final String SAML_FORCE_POST_BINDING

See Also:

Constant Field Values

SAML_REQUEST_ID

public static final String SAML_REQUEST_ID

See Also:

Constant Field Values

SAML_LOGOUT_BINDING

public static final String SAML_LOGOUT_BINDING

See Also:

Constant Field Values

SAML_LOGOUT_REQUEST_ID

public static final String SAML_LOGOUT_REQUEST_ID

See Also:

Constant Field Values

SAML_LOGOUT_RELAY_STATE

public static final String SAML_LOGOUT_RELAY_STATE

See Also:

Constant Field Values

SAML_LOGOUT_CANONICALIZATION

public static final String SAML_LOGOUT_CANONICALIZATION

See Also:

Constant Field Values

SAML_LOGOUT_BINDING_URI

public static final String SAML_LOGOUT_BINDING_URI

See Also:

Constant Field Values

SAML_LOGOUT_SIGNATURE_ALGORITHM

public static final String SAML_LOGOUT_SIGNATURE_ALGORITHM

See Also:

Constant Field Values

SAML_NAME_ID

public static final String SAML_NAME_ID

See Also:

Constant Field Values

SAML_NAME_ID_FORMAT

public static final String SAML_NAME_ID_FORMAT

See Also:

Constant Field Values

SAML_DEFAULT_NAMEID_FORMAT

public static final String SAML_DEFAULT_NAMEID_FORMAT

SAML_PERSISTENT_NAME_ID_FOR

public static final String SAML_PERSISTENT_NAME_ID_FOR

See Also:

Constant Field Values

SAML_IDP_INITIATED_SSO_RELAY_STATE

public static final String SAML_IDP_INITIATED_SSO_RELAY_STATE

See Also:

Constant Field Values

SAML_IDP_INITIATED_SSO_URL_NAME

public static final String SAML_IDP_INITIATED_SSO_URL_NAME

See Also:

Constant Field Values

session

protected KeycloakSession session

realm

protected RealmModel realm

uriInfo

protected javax.ws.rs.core.UriInfo uriInfo

headers

protected javax.ws.rs.core.HttpHeaders headers

event

protected EventBuilder event

Constructor Detail

SamlProtocol

public SamlProtocol()

Method Detail

setSession

public SamlProtocol setSession(KeycloakSession session)

Specified by:

setSession in interface LoginProtocol

setRealm

public SamlProtocol setRealm(RealmModel realm)

Specified by:

setRealm in interface LoginProtocol

setUriInfo

public SamlProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)

Specified by:

setUriInfo in interface LoginProtocol

setHttpHeaders

public SamlProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)

Specified by:

setHttpHeaders in interface LoginProtocol

setEventBuilder

public SamlProtocol setEventBuilder(EventBuilder event)

Specified by:

setEventBuilder in interface LoginProtocol

sendError

public javax.ws.rs.core.Response sendError(ClientSessionModel clientSession,
                                           LoginProtocol.Error error)

Specified by:

sendError in interface LoginProtocol

getResponseIssuer

protected String getResponseIssuer(RealmModel realm)

isPostBinding

protected boolean isPostBinding(ClientSessionModel clientSession)

isLogoutPostBindingForInitiator

public static boolean isLogoutPostBindingForInitiator(UserSessionModel session)

isLogoutPostBindingForClient

protected boolean isLogoutPostBindingForClient(ClientSessionModel clientSession)

forcePostBinding

public static boolean forcePostBinding(ClientModel client)

getNameIdFormat

protected String getNameIdFormat(ClientSessionModel clientSession)

forceNameIdFormat

public static boolean forceNameIdFormat(ClientModel client)

getNameId

protected String getNameId(String nameIdFormat,
                           ClientSessionModel clientSession,
                           UserSessionModel userSession)

authenticated

public javax.ws.rs.core.Response authenticated(UserSessionModel userSession,
                                               ClientSessionCode accessCode)

Specified by:

authenticated in interface LoginProtocol

requiresRealmSignature

public static boolean requiresRealmSignature(ClientModel client)

requiresAssertionSignature

public static boolean requiresAssertionSignature(ClientModel client)

includeAuthnStatement

public static boolean includeAuthnStatement(ClientModel client)

getSignatureAlgorithm

public static SignatureAlgorithm getSignatureAlgorithm(ClientModel client)

transformAttributeStatement

public void transformAttributeStatement(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers,
                                        ResponseType response,
                                        KeycloakSession session,
                                        UserSessionModel userSession,
                                        ClientSessionModel clientSession)

transformLoginResponse

public ResponseType transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers,
                                           ResponseType response,
                                           KeycloakSession session,
                                           UserSessionModel userSession,
                                           ClientSessionModel clientSession)

populateRoles

public void populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper,
                          ResponseType response,
                          KeycloakSession session,
                          UserSessionModel userSession,
                          ClientSessionModel clientSession)

getLogoutServiceUrl

public static String getLogoutServiceUrl(javax.ws.rs.core.UriInfo uriInfo,
                                         ClientModel client,
                                         String bindingType)

frontchannelLogout

public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession,
                                                    ClientSessionModel clientSession)

Specified by:

frontchannelLogout in interface LoginProtocol

finishLogout

public javax.ws.rs.core.Response finishLogout(UserSessionModel userSession)

Specified by:

finishLogout in interface LoginProtocol

backchannelLogout

public void backchannelLogout(UserSessionModel userSession,
                              ClientSessionModel clientSession)

Specified by:

backchannelLogout in interface LoginProtocol

createLogoutRequest

protected SAML2LogoutRequestBuilder createLogoutRequest(String logoutUrl,
                                                        ClientSessionModel clientSession,
                                                        ClientModel client)

close

public void close()

Specified by:

close in interface Provider