Package org.keycloak.protocol.saml

Class SamlProtocolUtils

  • public class SamlProtocolUtils
extends Object
    Version:
    $Revision: 1 $
    Author:
    Bill Burke

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse​(org.keycloak.dom.saml.v2.SAML2Object samlObject, org.keycloak.dom.saml.v2.assertion.NameIDType issuer)
      Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse.
      static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse​(org.keycloak.dom.saml.v2.SAML2Object samlObject, org.keycloak.dom.saml.v2.assertion.NameIDType issuer, URI statusCode)
      Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse.
      static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse​(Document document)
      Takes a saml document and inserts it as a body of ArtifactResponseType
      static Document convert​(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType responseType)
      Convert a SAML2 ArtifactResponse into a Document
      static PublicKey getEncryptionKey​(org.keycloak.models.ClientModel client)
      Returns public part of SAML encryption key from the client settings.
      static PublicKey getPublicKey​(org.keycloak.models.ClientModel client, String attribute)  
      static PublicKey getSignatureValidationKey​(org.keycloak.models.ClientModel client)
      Returns public part of SAML signing key from the client settings.
      static void verifyDocumentSignature​(org.keycloak.models.ClientModel client, Document document)
      Verifies a signature of the given SAML document using settings for the given client.
      static void verifyDocumentSignature​(Document document, org.keycloak.rotation.KeyLocator keyLocator)
      Verifies a signature of the given SAML document using keys obtained from the given key locator.
      static void verifyRedirectSignature​(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder, org.keycloak.rotation.KeyLocator locator, javax.ws.rs.core.MultivaluedMap<String,​String> encodedParams, String paramKey)  
      static void verifyRedirectSignature​(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder, org.keycloak.rotation.KeyLocator locator, javax.ws.rs.core.UriInfo uriInformation, String paramKey)  

    • Constructor Detail

      • SamlProtocolUtils

        public SamlProtocolUtils()

    • Method Detail

      • verifyDocumentSignature

        public static void verifyDocumentSignature​(org.keycloak.models.ClientModel client,
                                           Document document)
                                    throws org.keycloak.common.VerificationException
        Verifies a signature of the given SAML document using settings for the given client. Throws an exception if the client signature is expected to be present as per the client settings and it is invalid, otherwise returns back to the caller.
        Parameters:
        client -
        document -
        Throws:
        org.keycloak.common.VerificationException

      • verifyDocumentSignature

        public static void verifyDocumentSignature​(Document document,
                                           org.keycloak.rotation.KeyLocator keyLocator)
                                    throws org.keycloak.common.VerificationException
        Verifies a signature of the given SAML document using keys obtained from the given key locator. Throws an exception if the client signature is invalid, otherwise returns back to the caller.
        Parameters:
        document -
        keyLocator -
        Throws:
        org.keycloak.common.VerificationException

      • getSignatureValidationKey

        public static PublicKey getSignatureValidationKey​(org.keycloak.models.ClientModel client)
                                           throws org.keycloak.common.VerificationException
        Returns public part of SAML signing key from the client settings.
        Parameters:
        client -
        Returns:
        Public key for signature validation.
        Throws:
        org.keycloak.common.VerificationException

      • getEncryptionKey

        public static PublicKey getEncryptionKey​(org.keycloak.models.ClientModel client)
                                  throws org.keycloak.common.VerificationException
        Returns public part of SAML encryption key from the client settings.
        Parameters:
        client -
        Returns:
        Public key for encryption.
        Throws:
        org.keycloak.common.VerificationException

      • getPublicKey

        public static PublicKey getPublicKey​(org.keycloak.models.ClientModel client,
                                     String attribute)
                              throws org.keycloak.common.VerificationException
        Throws:
        org.keycloak.common.VerificationException

      • verifyRedirectSignature

        public static void verifyRedirectSignature​(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder,
                                           org.keycloak.rotation.KeyLocator locator,
                                           javax.ws.rs.core.UriInfo uriInformation,
                                           String paramKey)
                                    throws org.keycloak.common.VerificationException
        Throws:
        org.keycloak.common.VerificationException

      • verifyRedirectSignature

        public static void verifyRedirectSignature​(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder documentHolder,
                                           org.keycloak.rotation.KeyLocator locator,
                                           javax.ws.rs.core.MultivaluedMap<String,​String> encodedParams,
                                           String paramKey)
                                    throws org.keycloak.common.VerificationException
        Throws:
        org.keycloak.common.VerificationException

      • buildArtifactResponse

        public static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse​(org.keycloak.dom.saml.v2.SAML2Object samlObject,
                                                                                           org.keycloak.dom.saml.v2.assertion.NameIDType issuer,
                                                                                           URI statusCode)
                                                                                    throws org.keycloak.saml.common.exceptions.ConfigurationException,
                                                                                           org.keycloak.saml.common.exceptions.ProcessingException
        Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType
        Parameters:
        samlObject - a Saml object
        issuer - issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObject
        statusCode - status code of the resulting response
        Returns:
        An ArtifactResponse containing the saml object.
        Throws:
        org.keycloak.saml.common.exceptions.ConfigurationException
        org.keycloak.saml.common.exceptions.ProcessingException

      • buildArtifactResponse

        public static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse​(org.keycloak.dom.saml.v2.SAML2Object samlObject,
                                                                                           org.keycloak.dom.saml.v2.assertion.NameIDType issuer)
                                                                                    throws org.keycloak.saml.common.exceptions.ConfigurationException,
                                                                                           org.keycloak.saml.common.exceptions.ProcessingException
        Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType
        Parameters:
        samlObject - a Saml object
        issuer - issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObject
        Returns:
        An ArtifactResponse containing the saml object.
        Throws:
        org.keycloak.saml.common.exceptions.ConfigurationException
        org.keycloak.saml.common.exceptions.ProcessingException

      • buildArtifactResponse

        public static org.keycloak.dom.saml.v2.protocol.ArtifactResponseType buildArtifactResponse​(Document document)
                                                                                    throws org.keycloak.saml.common.exceptions.ParsingException,
                                                                                           org.keycloak.saml.common.exceptions.ProcessingException,
                                                                                           org.keycloak.saml.common.exceptions.ConfigurationException
        Takes a saml document and inserts it as a body of ArtifactResponseType
        Parameters:
        document - the document
        Returns:
        An ArtifactResponse containing the saml document.
        Throws:
        org.keycloak.saml.common.exceptions.ParsingException
        org.keycloak.saml.common.exceptions.ProcessingException
        org.keycloak.saml.common.exceptions.ConfigurationException

      • convert

        public static Document convert​(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType responseType)
                        throws org.keycloak.saml.common.exceptions.ProcessingException,
                               org.keycloak.saml.common.exceptions.ConfigurationException,
                               org.keycloak.saml.common.exceptions.ParsingException
        Convert a SAML2 ArtifactResponse into a Document
        Parameters:
        responseType - an artifactResponse
        Returns:
        an artifact response converted to a Document
        Throws:
        org.keycloak.saml.common.exceptions.ParsingException
        org.keycloak.saml.common.exceptions.ConfigurationException
        org.keycloak.saml.common.exceptions.ProcessingException