Package org.keycloak.protocol.saml

Class SamlService.BindingProtocol

java.lang.Object

org.keycloak.protocol.saml.SamlService.BindingProtocol

Direct Known Subclasses:

SamlService.PostBindingProtocol, SamlService.RedirectBindingProtocol

Enclosing class:

SamlService

public abstract class SamlService.BindingProtocol
extends Object

Field Summary

Fields

Modifier and Type	Field	Description
protected boolean	redirectToAuthentication

Constructor Summary

Constructors

Constructor	Description
BindingProtocol()

Method Summary

Modifier and Type	Method	Description
protected javax.ws.rs.core.Response	basicChecks(String samlRequest, String samlResponse, String artifact)
protected abstract boolean	containsUnencryptedSignature(SAMLDocumentHolder documentHolder)
protected abstract String	encodeSamlDocument(Document samlDocument)
javax.ws.rs.core.Response	execute(String samlRequest, String samlResponse, String relayState, String artifact)
void	execute(javax.ws.rs.container.AsyncResponse asyncReponse, String samlRequest, String samlResponse, String relayState, String artifact)
protected abstract SAMLDocumentHolder	extractRequestDocument(String samlRequest)
protected abstract SAMLDocumentHolder	extractResponseDocument(String response)
protected abstract String	getBindingType()
protected String	getBindingType(AuthnRequestType requestAbstractType)
protected URI	getExpectedDestinationUri(KeycloakSession session)	KEYCLOAK-12616, KEYCLOAK-12944: construct the expected destination URI using the configured base URI.
protected void	handleArtifact(javax.ws.rs.container.AsyncResponse asyncResponse, String artifact, String relayState)	Handle a received artifact message.
protected javax.ws.rs.core.Response	handleSamlRequest(String samlRequest, String relayState)
protected javax.ws.rs.core.Response	handleSamlResponse(String samlResponse, String relayState)
protected boolean	isDestinationRequired()
protected javax.ws.rs.core.Response	loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client)
protected javax.ws.rs.core.Response	logoutRequest(LogoutRequestType logoutRequest, ClientModel client, String relayState)
protected abstract void	verifySignature(SAMLDocumentHolder documentHolder, ClientModel client)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

redirectToAuthentication

protected boolean redirectToAuthentication

Constructor Detail

BindingProtocol

public BindingProtocol()

Method Detail

basicChecks

protected javax.ws.rs.core.Response basicChecks(String samlRequest,
                                                String samlResponse,
                                                String artifact)

isDestinationRequired

protected boolean isDestinationRequired()

handleSamlResponse

protected javax.ws.rs.core.Response handleSamlResponse(String samlResponse,
                                                       String relayState)

handleSamlRequest

protected javax.ws.rs.core.Response handleSamlRequest(String samlRequest,
                                                      String relayState)

handleArtifact

protected void handleArtifact(javax.ws.rs.container.AsyncResponse asyncResponse,
                              String artifact,
                              String relayState)

Handle a received artifact message. This means finding the client based on the content of the artifact, sending an ArtifactResolve, receiving an ArtifactResponse, and handling its content based on the "standard" workflows.

Parameters:

artifact - the received artifact

relayState - the current relay state

encodeSamlDocument

protected abstract String encodeSamlDocument(Document samlDocument)
                                      throws ProcessingException

Throws:

ProcessingException

verifySignature

protected abstract void verifySignature(SAMLDocumentHolder documentHolder,
                                        ClientModel client)
                                 throws VerificationException

Throws:

VerificationException

containsUnencryptedSignature

protected abstract boolean containsUnencryptedSignature(SAMLDocumentHolder documentHolder)

extractRequestDocument

protected abstract SAMLDocumentHolder extractRequestDocument(String samlRequest)

extractResponseDocument

protected abstract SAMLDocumentHolder extractResponseDocument(String response)

loginRequest

protected javax.ws.rs.core.Response loginRequest(String relayState,
                                                 AuthnRequestType requestAbstractType,
                                                 ClientModel client)

getBindingType

protected String getBindingType(AuthnRequestType requestAbstractType)

getBindingType

protected abstract String getBindingType()

logoutRequest

protected javax.ws.rs.core.Response logoutRequest(LogoutRequestType logoutRequest,
                                                  ClientModel client,
                                                  String relayState)

execute

public javax.ws.rs.core.Response execute(String samlRequest,
                                         String samlResponse,
                                         String relayState,
                                         String artifact)

execute

public void execute(javax.ws.rs.container.AsyncResponse asyncReponse,
                    String samlRequest,
                    String samlResponse,
                    String relayState,
                    String artifact)

getExpectedDestinationUri

protected URI getExpectedDestinationUri(KeycloakSession session)

KEYCLOAK-12616, KEYCLOAK-12944: construct the expected destination URI using the configured base URI.

Parameters:

session - a reference to the KeycloakSession.

Returns:

the constructed URI.