Package org.keycloak.protocol.saml
Class SamlProtocolUtils
- java.lang.Object
-
- org.keycloak.protocol.saml.SamlProtocolUtils
-
public class SamlProtocolUtils extends Object
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Constructor Summary
Constructors Constructor Description SamlProtocolUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType
buildArtifactResponse(org.keycloak.dom.saml.v2.SAML2Object samlObject, org.keycloak.dom.saml.v2.assertion.NameIDType issuer)
Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse.static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType
buildArtifactResponse(org.keycloak.dom.saml.v2.SAML2Object samlObject, org.keycloak.dom.saml.v2.assertion.NameIDType issuer, URI statusCode)
Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse.static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType
buildArtifactResponse(Document document)
Takes a saml document and inserts it as a body of ArtifactResponseTypestatic Document
convert(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType responseType)
Convert a SAML2 ArtifactResponse into a Documentstatic PublicKey
getEncryptionKey(org.keycloak.models.ClientModel client)
Returns public part of SAML encryption key from the client settings.static PublicKey
getPublicKey(org.keycloak.models.ClientModel client, String attribute)
static PublicKey
getSignatureValidationKey(org.keycloak.models.ClientModel client)
Returns public part of SAML signing key from the client settings.static void
verifyDocumentSignature(org.keycloak.models.ClientModel client, Document document)
Verifies a signature of the given SAML document using settings for the given client.static void
verifyDocumentSignature(Document document, org.keycloak.rotation.KeyLocator keyLocator)
Verifies a signature of the given SAML document using keys obtained from the given key locator.static void
verifyRedirectSignature(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder, org.keycloak.rotation.KeyLocator locator, javax.ws.rs.core.MultivaluedMap<String,String> encodedParams, String paramKey)
static void
verifyRedirectSignature(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder, org.keycloak.rotation.KeyLocator locator, javax.ws.rs.core.UriInfo uriInformation, String paramKey)
-
-
-
Method Detail
-
verifyDocumentSignature
public static void verifyDocumentSignature(org.keycloak.models.ClientModel client, Document document) throws org.keycloak.common.VerificationException
Verifies a signature of the given SAML document using settings for the given client. Throws an exception if the client signature is expected to be present as per the client settings and it is invalid, otherwise returns back to the caller.- Parameters:
client
-document
-- Throws:
org.keycloak.common.VerificationException
-
verifyDocumentSignature
public static void verifyDocumentSignature(Document document, org.keycloak.rotation.KeyLocator keyLocator) throws org.keycloak.common.VerificationException
Verifies a signature of the given SAML document using keys obtained from the given key locator. Throws an exception if the client signature is invalid, otherwise returns back to the caller.- Parameters:
document
-keyLocator
-- Throws:
org.keycloak.common.VerificationException
-
getSignatureValidationKey
public static PublicKey getSignatureValidationKey(org.keycloak.models.ClientModel client) throws org.keycloak.common.VerificationException
Returns public part of SAML signing key from the client settings.- Parameters:
client
-- Returns:
- Public key for signature validation.
- Throws:
org.keycloak.common.VerificationException
-
getEncryptionKey
public static PublicKey getEncryptionKey(org.keycloak.models.ClientModel client) throws org.keycloak.common.VerificationException
Returns public part of SAML encryption key from the client settings.- Parameters:
client
-- Returns:
- Public key for encryption.
- Throws:
org.keycloak.common.VerificationException
-
getPublicKey
public static PublicKey getPublicKey(org.keycloak.models.ClientModel client, String attribute) throws org.keycloak.common.VerificationException
- Throws:
org.keycloak.common.VerificationException
-
verifyRedirectSignature
public static void verifyRedirectSignature(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder, org.keycloak.rotation.KeyLocator locator, javax.ws.rs.core.UriInfo uriInformation, String paramKey) throws org.keycloak.common.VerificationException
- Throws:
org.keycloak.common.VerificationException
-
verifyRedirectSignature
public static void verifyRedirectSignature(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder, org.keycloak.rotation.KeyLocator locator, javax.ws.rs.core.MultivaluedMap<String,String> encodedParams, String paramKey) throws org.keycloak.common.VerificationException
- Throws:
org.keycloak.common.VerificationException
-
buildArtifactResponse
public static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse(org.keycloak.dom.saml.v2.SAML2Object samlObject, org.keycloak.dom.saml.v2.assertion.NameIDType issuer, URI statusCode) throws org.keycloak.saml.common.exceptions.ConfigurationException, org.keycloak.saml.common.exceptions.ProcessingException
Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType- Parameters:
samlObject
- a Saml objectissuer
- issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObjectstatusCode
- status code of the resulting response- Returns:
- An ArtifactResponse containing the saml object.
- Throws:
org.keycloak.saml.common.exceptions.ConfigurationException
org.keycloak.saml.common.exceptions.ProcessingException
-
buildArtifactResponse
public static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse(org.keycloak.dom.saml.v2.SAML2Object samlObject, org.keycloak.dom.saml.v2.assertion.NameIDType issuer) throws org.keycloak.saml.common.exceptions.ConfigurationException, org.keycloak.saml.common.exceptions.ProcessingException
Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType- Parameters:
samlObject
- a Saml objectissuer
- issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObject- Returns:
- An ArtifactResponse containing the saml object.
- Throws:
org.keycloak.saml.common.exceptions.ConfigurationException
org.keycloak.saml.common.exceptions.ProcessingException
-
buildArtifactResponse
public static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse(Document document) throws org.keycloak.saml.common.exceptions.ParsingException, org.keycloak.saml.common.exceptions.ProcessingException, org.keycloak.saml.common.exceptions.ConfigurationException
Takes a saml document and inserts it as a body of ArtifactResponseType- Parameters:
document
- the document- Returns:
- An ArtifactResponse containing the saml document.
- Throws:
org.keycloak.saml.common.exceptions.ParsingException
org.keycloak.saml.common.exceptions.ProcessingException
org.keycloak.saml.common.exceptions.ConfigurationException
-
convert
public static Document convert(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType responseType) throws org.keycloak.saml.common.exceptions.ProcessingException, org.keycloak.saml.common.exceptions.ConfigurationException, org.keycloak.saml.common.exceptions.ParsingException
Convert a SAML2 ArtifactResponse into a Document- Parameters:
responseType
- an artifactResponse- Returns:
- an artifact response converted to a Document
- Throws:
org.keycloak.saml.common.exceptions.ParsingException
org.keycloak.saml.common.exceptions.ConfigurationException
org.keycloak.saml.common.exceptions.ProcessingException
-
-