Package org.keycloak.protocol.saml
Class SamlService
- java.lang.Object
-
- org.keycloak.protocol.AuthorizationEndpointBase
-
- org.keycloak.protocol.saml.SamlService
-
- Direct Known Subclasses:
SamlEcpProfileService
public class SamlService extends AuthorizationEndpointBase
Resource class for the saml connect token service- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
SamlService.BindingProtocol
protected class
SamlService.PostBindingProtocol
protected class
SamlService.RedirectBindingProtocol
-
Field Summary
Fields Modifier and Type Field Description static String
ARTIFACT_RESOLUTION_SERVICE_PATH
protected static org.jboss.logging.Logger
logger
-
Fields inherited from class org.keycloak.protocol.AuthorizationEndpointBase
APP_INITIATED_FLOW, authManager, clientConnection, event, headers, httpRequest, realm, session
-
-
Constructor Summary
Constructors Constructor Description SamlService(org.keycloak.models.KeycloakSession session, org.keycloak.events.EventBuilder event, org.keycloak.saml.validators.DestinationValidator destinationValidator)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.ws.rs.core.Response
artifactResolutionService(InputStream inputStream)
Handles SOAP messages.javax.ws.rs.core.Response
artifactResolve(org.keycloak.dom.saml.v2.protocol.ArtifactResolveType artifactResolveMessage, org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder artifactResolveHolder)
Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.static int
compareKeys(org.keycloak.crypto.KeyWrapper o1, org.keycloak.crypto.KeyWrapper o2)
String
getDescriptor()
static String
getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm)
org.keycloak.sessions.AuthenticationSessionModel
getOrCreateLoginSessionForIdpInitiatedSso(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ClientModel client, String relayState)
Creates a client session object for SAML IdP-initiated SSO session.javax.ws.rs.core.Response
idpInitiatedSSO(String clientUrlName, String relayState)
protected javax.ws.rs.core.Response
newBrowserAuthentication(org.keycloak.sessions.AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)
protected javax.ws.rs.core.Response
newBrowserAuthentication(org.keycloak.sessions.AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)
SamlService.PostBindingProtocol
newPostBindingProtocol()
SamlService.RedirectBindingProtocol
newRedirectBindingProtocol()
void
postBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)
void
redirectBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)
javax.ws.rs.core.Response
soapBinding(InputStream inputStream)
Handles SOAP messages.-
Methods inherited from class org.keycloak.protocol.AuthorizationEndpointBase
checkRealm, checkSsl, createAuthenticationSession, createProcessor, getAuthenticationFlow, handleBrowserAuthenticationRequest
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
ARTIFACT_RESOLUTION_SERVICE_PATH
public static final String ARTIFACT_RESOLUTION_SERVICE_PATH
- See Also:
- Constant Field Values
-
-
Method Detail
-
newBrowserAuthentication
protected javax.ws.rs.core.Response newBrowserAuthentication(org.keycloak.sessions.AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)
-
newBrowserAuthentication
protected javax.ws.rs.core.Response newBrowserAuthentication(org.keycloak.sessions.AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)
-
newRedirectBindingProtocol
public SamlService.RedirectBindingProtocol newRedirectBindingProtocol()
-
newPostBindingProtocol
public SamlService.PostBindingProtocol newPostBindingProtocol()
-
redirectBinding
@GET public void redirectBinding(@Suspended javax.ws.rs.container.AsyncResponse asyncResponse, @QueryParam("SAMLRequest") String samlRequest, @QueryParam("SAMLResponse") String samlResponse, @QueryParam("RelayState") String relayState, @QueryParam("SAMLart") String artifact)
-
postBinding
@POST @Consumes("application/x-www-form-urlencoded") public void postBinding(@Suspended javax.ws.rs.container.AsyncResponse asyncResponse, @FormParam("SAMLRequest") String samlRequest, @FormParam("SAMLResponse") String samlResponse, @FormParam("RelayState") String relayState, @FormParam("SAMLart") String artifact)
-
getDescriptor
@GET @Path("descriptor") @Produces("application/xml") public String getDescriptor() throws Exception
- Throws:
Exception
-
getIDPMetadataDescriptor
public static String getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm)
-
compareKeys
public static int compareKeys(org.keycloak.crypto.KeyWrapper o1, org.keycloak.crypto.KeyWrapper o2)
-
idpInitiatedSSO
@GET @Path("clients/{client}") @Produces("text/html; charset=utf-8") public javax.ws.rs.core.Response idpInitiatedSSO(@PathParam("client") String clientUrlName, @QueryParam("RelayState") String relayState)
-
getOrCreateLoginSessionForIdpInitiatedSso
public org.keycloak.sessions.AuthenticationSessionModel getOrCreateLoginSessionForIdpInitiatedSso(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ClientModel client, String relayState)
Creates a client session object for SAML IdP-initiated SSO session. The session takes the parameters from from client definition, namely binding type and redirect URL.- Parameters:
session
- KC sessionrealm
- Realm to create client session inclient
- Client to create client session forrelayState
- Optional relay state - free field as per SAML specification- Returns:
- The auth session model or null if there is no SAML url is found
-
artifactResolutionService
@POST @Path("resolve") @Consumes({"application/soap+xml","text/xml"}) public javax.ws.rs.core.Response artifactResolutionService(InputStream inputStream)
Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP or Artifact- Parameters:
inputStream
- the data of the request.- Returns:
- The response to the SOAP message
-
soapBinding
@POST @Consumes({"application/soap+xml","text/xml"}) public javax.ws.rs.core.Response soapBinding(InputStream inputStream)
Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP- Parameters:
inputStream
- the data of the request.- Returns:
- The response to the SOAP message
-
artifactResolve
public javax.ws.rs.core.Response artifactResolve(org.keycloak.dom.saml.v2.protocol.ArtifactResolveType artifactResolveMessage, org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder artifactResolveHolder) throws org.keycloak.saml.common.exceptions.ParsingException, org.keycloak.saml.common.exceptions.ConfigurationException, org.keycloak.saml.common.exceptions.ProcessingException
Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.- Parameters:
artifactResolveMessage
- The artifact resolve message sent by the clientartifactResolveHolder
- the document containing the artifact resolve message sent by the client- Returns:
- a Response containing the SOAP message with the ArifactResponse
- Throws:
org.keycloak.saml.common.exceptions.ParsingException
org.keycloak.saml.common.exceptions.ConfigurationException
org.keycloak.saml.common.exceptions.ProcessingException
-
-