com.onelogin.saml2

Class Auth

java.lang.Object

com.onelogin.saml2.Auth

public class Auth
extends Object

Main class of OneLogin's Java Toolkit. This class implements the SP SAML instance. Defines the methods that you can invoke in your application in order to add SAML support (initiates sso, initiates slo, processes a SAML Response, a Logout Request or a Logout Response). This is stateful and not thread-safe, you should create a new instance for each request/response.

Constructor Summary

Constructors

Constructor and Description
Auth() Initializes the SP SAML instance.
Auth(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.
Auth(KeyStoreSettings keyStoreSetting) Initializes the SP SAML instance.
Auth(KeyStoreSettings keyStoreSetting, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.
Auth(Saml2Settings settings, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.
Auth(String filename) Initializes the SP SAML instance.
Auth(String filename, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.
Auth(String filename, KeyStoreSettings keyStoreSetting) Initializes the SP SAML instance.
Auth(String filename, KeyStoreSettings keyStoreSetting, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initializes the SP SAML instance.

Method Summary

Modifier and Type	Method and Description
String	buildRequestSignature(String samlRequest, String relayState, String signAlgorithm) Generates the Signature for a SAML Request
String	buildResponseSignature(String samlResponse, String relayState, String signAlgorithm) Generates the Signature for a SAML Response
Collection<String>	getAttribute(String name)
Map<String,List<String>>	getAttributes()
List<String>	getAttributesName()
List<String>	getErrors()
String	getLastAssertionId()
List<org.joda.time.Instant>	getLastAssertionNotOnOrAfter()
String	getLastErrorReason()
String	getLastMessageId()
String	getLastRequestId()
String	getLastRequestXML() Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
String	getLastResponseXML() Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse).
Exception	getLastValidationException()
String	getNameId()
String	getNameIdFormat()
String	getNameIdNameQualifier()
String	getNameIdSPNameQualifier()
org.joda.time.DateTime	getSessionExpiration()
String	getSessionIndex()
Saml2Settings	getSettings()
String	getSLOResponseUrl()
String	getSLOurl()
String	getSSOurl()
boolean	isAuthenticated()
Boolean	isDebugActive()
void	login() Initiates the SSO process.
void	login(String returnTo) Initiates the SSO process.
void	login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) Initiates the SSO process.
String	login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay) Initiates the SSO process.
String	login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq) Initiates the SSO process.
void	logout() Initiates the SLO process.
void	logout(String returnTo) Initiates the SLO process.
void	logout(String returnTo, String nameId, String sessionIndex) Initiates the SLO process.
String	logout(String returnTo, String nameId, String sessionIndex, Boolean stay) Initiates the SLO process.
String	logout(String returnTo, String nameId, String sessionIndex, Boolean stay, String nameidFormat) Initiates the SLO process.
String	logout(String returnTo, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier) Initiates the SLO process.
String	logout(String returnTo, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) Initiates the SLO process.
void	logout(String returnTo, String nameId, String sessionIndex, String nameidFormat) Initiates the SLO process.
void	logout(String returnTo, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier) Initiates the SLO process.
void	logout(String returnTo, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) Initiates the SLO process.
void	processResponse() Process the SAML Response sent by the IdP.
void	processResponse(String requestId) Process the SAML Response sent by the IdP.
void	processSLO() Process the SAML Logout Response / Logout Request sent by the IdP.
void	processSLO(Boolean keepLocalSession, String requestId) Process the SAML Logout Response / Logout Request sent by the IdP.
String	processSLO(Boolean keepLocalSession, String requestId, Boolean stay) Process the SAML Logout Response / Logout Request sent by the IdP.
void	setStrict(Boolean value) Set the strict mode active/disable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Auth

public Auth()
     throws IOException,
            SettingsException,
            Error

Initializes the SP SAML instance.

Throws:

IOException

SettingsException

Error

Auth

public Auth(KeyStoreSettings keyStoreSetting)
     throws IOException,
            SettingsException,
            Error

Initializes the SP SAML instance.

Parameters:

keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys

Throws:

IOException

SettingsException

Error

Auth

public Auth(String filename)
     throws IOException,
            SettingsException,
            Error

Initializes the SP SAML instance.

Parameters:

filename - String Filename with the settings

Throws:

IOException

SettingsException

Error

Auth

public Auth(String filename,
            KeyStoreSettings keyStoreSetting)
     throws IOException,
            SettingsException,
            Error

Initializes the SP SAML instance.

Parameters:

filename - String Filename with the settings

keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys

Throws:

IOException

SettingsException

Error

Auth

public Auth(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws IOException,
            SettingsException,
            Error

Initializes the SP SAML instance.

Parameters:

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

IOException

SettingsException

Error

Auth

public Auth(KeyStoreSettings keyStoreSetting,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws IOException,
            SettingsException,
            Error

Initializes the SP SAML instance.

Parameters:

keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

IOException

SettingsException

Error

Auth

public Auth(String filename,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException,
            IOException,
            Error

Initializes the SP SAML instance.

Parameters:

filename - String Filename with the settings

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

SettingsException

IOException

Error

Auth

public Auth(String filename,
            KeyStoreSettings keyStoreSetting,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException,
            IOException,
            Error

Initializes the SP SAML instance.

Parameters:

filename - String Filename with the settings

keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

SettingsException

IOException

Error

Auth

public Auth(Saml2Settings settings,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException

Initializes the SP SAML instance.

Parameters:

settings - Saml2Settings object. Setting data

request - HttpServletRequest object to be processed

response - HttpServletResponse object to be used

Throws:

SettingsException

Method Detail

setStrict

public void setStrict(Boolean value)

Set the strict mode active/disable

Parameters:

value - Strict value

login

public String login(String returnTo,
                    Boolean forceAuthn,
                    Boolean isPassive,
                    Boolean setNameIdPolicy,
                    Boolean stay,
                    String nameIdValueReq)
             throws IOException,
                    SettingsException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'

isPassive - When true the AuthNRequest will set the IsPassive='true'

setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy

stay - True if we want to stay (returns the url string) False to execute redirection

nameIdValueReq - Indicates to the IdP the subject that should be authenticated

Returns:

the SSO URL with the AuthNRequest if stay = True

Throws:

IOException

SettingsException

login

public String login(String returnTo,
                    Boolean forceAuthn,
                    Boolean isPassive,
                    Boolean setNameIdPolicy,
                    Boolean stay)
             throws IOException,
                    SettingsException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'

isPassive - When true the AuthNRequest will set the IsPassive='true'

setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy

stay - True if we want to stay (returns the url string) False to execute redirection

Returns:

the SSO URL with the AuthNRequest if stay = True

Throws:

IOException

SettingsException

login

public void login(String returnTo,
                  Boolean forceAuthn,
                  Boolean isPassive,
                  Boolean setNameIdPolicy)
           throws IOException,
                  SettingsException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'

isPassive - When true the AuthNRequest will set the IsPassive='true'

setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy

Throws:

IOException

SettingsException

login

public void login()
           throws IOException,
                  SettingsException

Initiates the SSO process.

Throws:

IOException

SettingsException

login

public void login(String returnTo)
           throws IOException,
                  SettingsException

Initiates the SSO process.

Parameters:

returnTo - The target URL the user should be returned to after login (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided.

Throws:

IOException

SettingsException

logout

public String logout(String returnTo,
                     String nameId,
                     String sessionIndex,
                     Boolean stay,
                     String nameidFormat,
                     String nameIdNameQualifier,
                     String nameIdSPNameQualifier)
              throws IOException,
                     XMLEntityException,
                     SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

stay - True if we want to stay (returns the url string) False to execute redirection

nameidFormat - The NameID Format that will be set in the LogoutRequest.

nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.

nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.

Returns:

the SLO URL with the LogoutRequest if stay = True

Throws:

IOException

XMLEntityException

SettingsException

logout

public String logout(String returnTo,
                     String nameId,
                     String sessionIndex,
                     Boolean stay,
                     String nameidFormat,
                     String nameIdNameQualifier)
              throws IOException,
                     XMLEntityException,
                     SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

stay - True if we want to stay (returns the url string) False to execute redirection

nameidFormat - The NameID Format will be set in the LogoutRequest.

nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.

Returns:

the SLO URL with the LogoutRequest if stay = True

Throws:

IOException

XMLEntityException

SettingsException

logout

public String logout(String returnTo,
                     String nameId,
                     String sessionIndex,
                     Boolean stay,
                     String nameidFormat)
              throws IOException,
                     XMLEntityException,
                     SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

stay - True if we want to stay (returns the url string) False to execute redirection

nameidFormat - The NameID Format will be set in the LogoutRequest.

Returns:

the SLO URL with the LogoutRequest if stay = True

Throws:

IOException

XMLEntityException

SettingsException

logout

public String logout(String returnTo,
                     String nameId,
                     String sessionIndex,
                     Boolean stay)
              throws IOException,
                     XMLEntityException,
                     SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

stay - True if we want to stay (returns the url string) False to execute redirection

Returns:

the SLO URL with the LogoutRequest if stay = True

Throws:

IOException

XMLEntityException

SettingsException

logout

public void logout(String returnTo,
                   String nameId,
                   String sessionIndex,
                   String nameidFormat,
                   String nameIdNameQualifier,
                   String nameIdSPNameQualifier)
            throws IOException,
                   XMLEntityException,
                   SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

nameidFormat - The NameID Format will be set in the LogoutRequest.

nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.

nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.

Throws:

IOException

XMLEntityException

SettingsException

logout

public void logout(String returnTo,
                   String nameId,
                   String sessionIndex,
                   String nameidFormat,
                   String nameIdNameQualifier)
            throws IOException,
                   XMLEntityException,
                   SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

nameidFormat - The NameID Format will be set in the LogoutRequest.

nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.

Throws:

IOException

XMLEntityException

SettingsException

logout

public void logout(String returnTo,
                   String nameId,
                   String sessionIndex,
                   String nameidFormat)
            throws IOException,
                   XMLEntityException,
                   SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

nameidFormat - The NameID Format will be set in the LogoutRequest.

Throws:

IOException

XMLEntityException

SettingsException

logout

public void logout(String returnTo,
                   String nameId,
                   String sessionIndex)
            throws IOException,
                   XMLEntityException,
                   SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

nameId - The NameID that will be set in the LogoutRequest.

sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

Throws:

IOException

XMLEntityException

SettingsException

logout

public void logout()
            throws IOException,
                   XMLEntityException,
                   SettingsException

Initiates the SLO process.

Throws:

IOException

XMLEntityException

SettingsException

logout

public void logout(String returnTo)
            throws IOException,
                   XMLEntityException,
                   SettingsException

Initiates the SLO process.

Parameters:

returnTo - The target URL the user should be returned to after logout (relayState). Will be a self-routed URL when null, or not be appended at all when an empty string is provided

Throws:

IOException

XMLEntityException

SettingsException

getSSOurl

public String getSSOurl()

Returns:

The url of the Single Sign On Service

getSLOurl

public String getSLOurl()

Returns:

The url of the Single Logout Service

getSLOResponseUrl

public String getSLOResponseUrl()

Returns:

The url of the Single Logout Service Response.

processResponse

public void processResponse(String requestId)
                     throws Exception

Process the SAML Response sent by the IdP.

Parameters:

requestId - The ID of the AuthNRequest sent by this SP to the IdP

Throws:

Exception

processResponse

public void processResponse()
                     throws Exception

Process the SAML Response sent by the IdP.

Throws:

Exception

processSLO

public String processSLO(Boolean keepLocalSession,
                         String requestId,
                         Boolean stay)
                  throws Exception

Process the SAML Logout Response / Logout Request sent by the IdP.

Parameters:

keepLocalSession - When true will keep the local session, otherwise will destroy it

requestId - The ID of the LogoutRequest sent by this SP to the IdP

stay - True if we want to stay (returns the url string) False to execute redirection

Returns:

the URL with the Logout Message if stay = True

Throws:

Exception

processSLO

public void processSLO(Boolean keepLocalSession,
                       String requestId)
                throws Exception

Process the SAML Logout Response / Logout Request sent by the IdP.

Parameters:

keepLocalSession - When true will keep the local session, otherwise will destroy it

requestId - The ID of the LogoutRequest sent by this SP to the IdP

Throws:

Exception

processSLO

public void processSLO()
                throws Exception

Process the SAML Logout Response / Logout Request sent by the IdP.

Throws:

Exception

isAuthenticated

public final boolean isAuthenticated()

Returns:

the authenticated

getAttributesName

public final List<String> getAttributesName()

Returns:

the list of the names of the SAML attributes.

getAttributes

public final Map<String,List<String>> getAttributes()

Returns:

the set of SAML attributes.

getAttribute

public final Collection<String> getAttribute(String name)

Parameters:

name - Name of the attribute

Returns:

the attribute value

getNameId

public final String getNameId()

Returns:

the nameID of the assertion

getNameIdFormat

public final String getNameIdFormat()

Returns:

the nameID Format of the assertion

getNameIdNameQualifier

public final String getNameIdNameQualifier()

Returns:

the NameQualifier of the assertion

getNameIdSPNameQualifier

public final String getNameIdSPNameQualifier()

Returns:

the SPNameQualifier of the assertion

getSessionIndex

public final String getSessionIndex()

Returns:

the SessionIndex of the assertion

getSessionExpiration

public final org.joda.time.DateTime getSessionExpiration()

Returns:

the SessionNotOnOrAfter of the assertion

getLastMessageId

public String getLastMessageId()

Returns:

The ID of the last message processed

getLastAssertionId

public String getLastAssertionId()

Returns:

The ID of the last assertion processed

getLastAssertionNotOnOrAfter

public List<org.joda.time.Instant> getLastAssertionNotOnOrAfter()

Returns:

The NotOnOrAfter values of the last assertion processed

getErrors

public List<String> getErrors()

Returns:

an array with the errors, the array is empty when the validation was successful

getLastErrorReason

public String getLastErrorReason()

Returns:

the reason for the last error

getLastValidationException

public Exception getLastValidationException()

Returns:

the exception for the last error

getLastRequestId

public String getLastRequestId()

Returns:

the id of the last request generated (AuthnRequest or LogoutRequest), null if none

getSettings

public Saml2Settings getSettings()

Returns:

the Saml2Settings object. The Settings data.

isDebugActive

public Boolean isDebugActive()

Returns:

if debug mode is active

buildRequestSignature

public String buildRequestSignature(String samlRequest,
                                    String relayState,
                                    String signAlgorithm)
                             throws SettingsException

Generates the Signature for a SAML Request

Parameters:

samlRequest - The SAML Request

relayState - The RelayState

signAlgorithm - Signature algorithm method

Returns:

a base64 encoded signature

Throws:

SettingsException

buildResponseSignature

public String buildResponseSignature(String samlResponse,
                                     String relayState,
                                     String signAlgorithm)
                              throws SettingsException

Generates the Signature for a SAML Response

Parameters:

samlResponse - The SAML Response

relayState - The RelayState

signAlgorithm - Signature algorithm method

Returns:

the base64 encoded signature

Throws:

SettingsException

getLastRequestXML

public String getLastRequestXML()

Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)

Returns:

the last Request XML

getLastResponseXML

public String getLastResponseXML()

Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.

Returns:

the last Response XML