Package org.keycloak.protocol.saml
Class SamlService
- java.lang.Object
-
- org.keycloak.protocol.AuthorizationEndpointBase
-
- org.keycloak.protocol.saml.SamlService
-
- Direct Known Subclasses:
SamlEcpProfileService
public class SamlService extends AuthorizationEndpointBase
Resource class for the saml connect token service- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
SamlService.BindingProtocol
protected class
SamlService.PostBindingProtocol
protected class
SamlService.RedirectBindingProtocol
-
Field Summary
Fields Modifier and Type Field Description static String
ARTIFACT_RESOLUTION_SERVICE_PATH
protected static org.jboss.logging.Logger
logger
-
Fields inherited from class org.keycloak.protocol.AuthorizationEndpointBase
APP_INITIATED_FLOW, authManager, clientConnection, event, headers, httpRequest, realm, session
-
-
Constructor Summary
Constructors Constructor Description SamlService(KeycloakSession session, EventBuilder event, DestinationValidator destinationValidator)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.ws.rs.core.Response
artifactResolutionService(InputStream inputStream)
Handles SOAP messages.javax.ws.rs.core.Response
artifactResolve(ArtifactResolveType artifactResolveMessage, SAMLDocumentHolder artifactResolveHolder)
Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.static int
compareKeys(KeyWrapper o1, KeyWrapper o2)
String
getDescriptor()
static String
getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, KeycloakSession session, RealmModel realm)
AuthenticationSessionModel
getOrCreateLoginSessionForIdpInitiatedSso(KeycloakSession session, RealmModel realm, ClientModel client, String relayState)
Creates a client session object for SAML IdP-initiated SSO session.javax.ws.rs.core.Response
idpInitiatedSSO(String clientUrlName, String relayState)
protected javax.ws.rs.core.Response
newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)
protected javax.ws.rs.core.Response
newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)
SamlService.PostBindingProtocol
newPostBindingProtocol()
SamlService.RedirectBindingProtocol
newRedirectBindingProtocol()
void
postBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)
void
redirectBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)
javax.ws.rs.core.Response
soapBinding(InputStream inputStream)
Handles SOAP messages.-
Methods inherited from class org.keycloak.protocol.AuthorizationEndpointBase
checkRealm, checkSsl, createAuthenticationSession, createProcessor, getAuthenticationFlow, handleBrowserAuthenticationRequest
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
ARTIFACT_RESOLUTION_SERVICE_PATH
public static final String ARTIFACT_RESOLUTION_SERVICE_PATH
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SamlService
public SamlService(KeycloakSession session, EventBuilder event, DestinationValidator destinationValidator)
-
-
Method Detail
-
newBrowserAuthentication
protected javax.ws.rs.core.Response newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)
-
newBrowserAuthentication
protected javax.ws.rs.core.Response newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)
-
newRedirectBindingProtocol
public SamlService.RedirectBindingProtocol newRedirectBindingProtocol()
-
newPostBindingProtocol
public SamlService.PostBindingProtocol newPostBindingProtocol()
-
redirectBinding
@GET public void redirectBinding(@Suspended javax.ws.rs.container.AsyncResponse asyncResponse, @QueryParam("SAMLRequest") String samlRequest, @QueryParam("SAMLResponse") String samlResponse, @QueryParam("RelayState") String relayState, @QueryParam("SAMLart") String artifact)
-
postBinding
@POST @Consumes("application/x-www-form-urlencoded") public void postBinding(@Suspended javax.ws.rs.container.AsyncResponse asyncResponse, @FormParam("SAMLRequest") String samlRequest, @FormParam("SAMLResponse") String samlResponse, @FormParam("RelayState") String relayState, @FormParam("SAMLart") String artifact)
-
getDescriptor
@GET @Path("descriptor") @Produces("application/xml") public String getDescriptor() throws Exception
- Throws:
Exception
-
getIDPMetadataDescriptor
public static String getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, KeycloakSession session, RealmModel realm)
-
compareKeys
public static int compareKeys(KeyWrapper o1, KeyWrapper o2)
-
idpInitiatedSSO
@GET @Path("clients/{client}") @Produces("text/html; charset=utf-8") public javax.ws.rs.core.Response idpInitiatedSSO(@PathParam("client") String clientUrlName, @QueryParam("RelayState") String relayState)
-
getOrCreateLoginSessionForIdpInitiatedSso
public AuthenticationSessionModel getOrCreateLoginSessionForIdpInitiatedSso(KeycloakSession session, RealmModel realm, ClientModel client, String relayState)
Creates a client session object for SAML IdP-initiated SSO session. The session takes the parameters from from client definition, namely binding type and redirect URL.- Parameters:
session
- KC sessionrealm
- Realm to create client session inclient
- Client to create client session forrelayState
- Optional relay state - free field as per SAML specification- Returns:
- The auth session model or null if there is no SAML url is found
-
artifactResolutionService
@POST @Path("resolve") @Consumes({"application/soap+xml","text/xml"}) public javax.ws.rs.core.Response artifactResolutionService(InputStream inputStream)
Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP or Artifact- Parameters:
inputStream
- the data of the request.- Returns:
- The response to the SOAP message
-
soapBinding
@POST @Consumes({"application/soap+xml","text/xml"}) public javax.ws.rs.core.Response soapBinding(InputStream inputStream)
Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP- Parameters:
inputStream
- the data of the request.- Returns:
- The response to the SOAP message
-
artifactResolve
public javax.ws.rs.core.Response artifactResolve(ArtifactResolveType artifactResolveMessage, SAMLDocumentHolder artifactResolveHolder) throws ParsingException, ConfigurationException, ProcessingException
Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.- Parameters:
artifactResolveMessage
- The artifact resolve message sent by the clientartifactResolveHolder
- the document containing the artifact resolve message sent by the client- Returns:
- a Response containing the SOAP message with the ArifactResponse
- Throws:
ParsingException
ConfigurationException
ProcessingException
-
-