Package org.keycloak.protocol.saml
Class SamlService
- java.lang.Object
-
- org.keycloak.protocol.AuthorizationEndpointBase
-
- org.keycloak.protocol.saml.SamlService
-
- Direct Known Subclasses:
SamlEcpProfileService
public class SamlService extends AuthorizationEndpointBase
Resource class for the saml connect token service- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description classSamlService.BindingProtocolprotected classSamlService.PostBindingProtocolprotected classSamlService.RedirectBindingProtocol
-
Field Summary
Fields Modifier and Type Field Description static StringARTIFACT_RESOLUTION_SERVICE_PATHprotected static org.jboss.logging.Loggerlogger-
Fields inherited from class org.keycloak.protocol.AuthorizationEndpointBase
APP_INITIATED_FLOW, authManager, clientConnection, event, headers, httpRequest, realm, session
-
-
Constructor Summary
Constructors Constructor Description SamlService(KeycloakSession session, EventBuilder event, DestinationValidator destinationValidator)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.ws.rs.core.ResponseartifactResolutionService(InputStream inputStream)Handles SOAP messages.javax.ws.rs.core.ResponseartifactResolve(ArtifactResolveType artifactResolveMessage, SAMLDocumentHolder artifactResolveHolder)Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.static intcompareKeys(KeyWrapper o1, KeyWrapper o2)StringgetDescriptor()static StringgetIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, KeycloakSession session, RealmModel realm)AuthenticationSessionModelgetOrCreateLoginSessionForIdpInitiatedSso(KeycloakSession session, RealmModel realm, ClientModel client, String relayState)Creates a client session object for SAML IdP-initiated SSO session.javax.ws.rs.core.ResponseidpInitiatedSSO(String clientUrlName, String relayState)protected javax.ws.rs.core.ResponsenewBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)protected javax.ws.rs.core.ResponsenewBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)SamlService.PostBindingProtocolnewPostBindingProtocol()SamlService.RedirectBindingProtocolnewRedirectBindingProtocol()voidpostBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)voidredirectBinding(javax.ws.rs.container.AsyncResponse asyncResponse, String samlRequest, String samlResponse, String relayState, String artifact)javax.ws.rs.core.ResponsesoapBinding(InputStream inputStream)Handles SOAP messages.-
Methods inherited from class org.keycloak.protocol.AuthorizationEndpointBase
checkRealm, checkSsl, createAuthenticationSession, createProcessor, getAuthenticationFlow, handleBrowserAuthenticationRequest
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
ARTIFACT_RESOLUTION_SERVICE_PATH
public static final String ARTIFACT_RESOLUTION_SERVICE_PATH
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SamlService
public SamlService(KeycloakSession session, EventBuilder event, DestinationValidator destinationValidator)
-
-
Method Detail
-
newBrowserAuthentication
protected javax.ws.rs.core.Response newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)
-
newBrowserAuthentication
protected javax.ws.rs.core.Response newBrowserAuthentication(AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)
-
newRedirectBindingProtocol
public SamlService.RedirectBindingProtocol newRedirectBindingProtocol()
-
newPostBindingProtocol
public SamlService.PostBindingProtocol newPostBindingProtocol()
-
redirectBinding
@GET public void redirectBinding(@Suspended javax.ws.rs.container.AsyncResponse asyncResponse, @QueryParam("SAMLRequest") String samlRequest, @QueryParam("SAMLResponse") String samlResponse, @QueryParam("RelayState") String relayState, @QueryParam("SAMLart") String artifact)
-
postBinding
@POST @Consumes("application/x-www-form-urlencoded") public void postBinding(@Suspended javax.ws.rs.container.AsyncResponse asyncResponse, @FormParam("SAMLRequest") String samlRequest, @FormParam("SAMLResponse") String samlResponse, @FormParam("RelayState") String relayState, @FormParam("SAMLart") String artifact)
-
getDescriptor
@GET @Path("descriptor") @Produces("application/xml") public String getDescriptor() throws Exception- Throws:
Exception
-
getIDPMetadataDescriptor
public static String getIDPMetadataDescriptor(javax.ws.rs.core.UriInfo uriInfo, KeycloakSession session, RealmModel realm)
-
compareKeys
public static int compareKeys(KeyWrapper o1, KeyWrapper o2)
-
idpInitiatedSSO
@GET @Path("clients/{client}") @Produces("text/html; charset=utf-8") public javax.ws.rs.core.Response idpInitiatedSSO(@PathParam("client") String clientUrlName, @QueryParam("RelayState") String relayState)
-
getOrCreateLoginSessionForIdpInitiatedSso
public AuthenticationSessionModel getOrCreateLoginSessionForIdpInitiatedSso(KeycloakSession session, RealmModel realm, ClientModel client, String relayState)
Creates a client session object for SAML IdP-initiated SSO session. The session takes the parameters from from client definition, namely binding type and redirect URL.- Parameters:
session- KC sessionrealm- Realm to create client session inclient- Client to create client session forrelayState- Optional relay state - free field as per SAML specification- Returns:
- The auth session model or null if there is no SAML url is found
-
artifactResolutionService
@POST @Path("resolve") @Consumes({"application/soap+xml","text/xml"}) public javax.ws.rs.core.Response artifactResolutionService(InputStream inputStream)Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP or Artifact- Parameters:
inputStream- the data of the request.- Returns:
- The response to the SOAP message
-
soapBinding
@POST @Consumes({"application/soap+xml","text/xml"}) public javax.ws.rs.core.Response soapBinding(InputStream inputStream)Handles SOAP messages. Chooses the correct response path depending on whether the message is of type ECP- Parameters:
inputStream- the data of the request.- Returns:
- The response to the SOAP message
-
artifactResolve
public javax.ws.rs.core.Response artifactResolve(ArtifactResolveType artifactResolveMessage, SAMLDocumentHolder artifactResolveHolder) throws ParsingException, ConfigurationException, ProcessingException
Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session of the issuer.- Parameters:
artifactResolveMessage- The artifact resolve message sent by the clientartifactResolveHolder- the document containing the artifact resolve message sent by the client- Returns:
- a Response containing the SOAP message with the ArifactResponse
- Throws:
ParsingExceptionConfigurationExceptionProcessingException
-
-