Package org.keycloak.protocol.saml
Class SamlService.BindingProtocol
java.lang.Object
org.keycloak.protocol.saml.SamlService.BindingProtocol
- Direct Known Subclasses:
SamlService.PostBindingProtocol
,SamlService.RedirectBindingProtocol
- Enclosing class:
- SamlService
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected jakarta.ws.rs.core.Response
basicChecks
(String samlRequest, String samlResponse, String artifact) protected abstract boolean
containsUnencryptedSignature
(SAMLDocumentHolder documentHolder) protected abstract String
encodeSamlDocument
(Document samlDocument) protected abstract jakarta.ws.rs.core.Response
error
(KeycloakSession session, AuthenticationSessionModel authenticationSession, jakarta.ws.rs.core.Response.Status status, String message, Object... parameters) void
execute
(jakarta.ws.rs.container.AsyncResponse asyncReponse, String samlRequest, String samlResponse, String relayState, String artifact) jakarta.ws.rs.core.Response
protected abstract SAMLDocumentHolder
extractRequestDocument
(String samlRequest) protected abstract SAMLDocumentHolder
extractResponseDocument
(String response) protected abstract String
protected String
getBindingType
(AuthnRequestType requestAbstractType) protected URI
getExpectedDestinationUri
(KeycloakSession session) KEYCLOAK-12616, KEYCLOAK-12944: construct the expected destination URI using the configured base URI.protected void
handleArtifact
(jakarta.ws.rs.container.AsyncResponse asyncResponse, String artifact, String relayState) Handle a received artifact message.protected jakarta.ws.rs.core.Response
handleSamlRequest
(String samlRequest, String relayState) protected jakarta.ws.rs.core.Response
handleSamlResponse
(String samlResponse, String relayState) protected boolean
protected jakarta.ws.rs.core.Response
loginRequest
(String relayState, AuthnRequestType requestAbstractType, ClientModel client) protected jakarta.ws.rs.core.Response
logoutRequest
(LogoutRequestType logoutRequest, ClientModel client, String relayState) protected abstract void
verifySignature
(SAMLDocumentHolder documentHolder, ClientModel client)
-
Field Details
-
redirectToAuthentication
protected boolean redirectToAuthentication
-
-
Constructor Details
-
BindingProtocol
public BindingProtocol()
-
-
Method Details
-
error
protected abstract jakarta.ws.rs.core.Response error(KeycloakSession session, AuthenticationSessionModel authenticationSession, jakarta.ws.rs.core.Response.Status status, String message, Object... parameters) -
basicChecks
-
isDestinationRequired
protected boolean isDestinationRequired() -
handleSamlResponse
-
handleSamlRequest
-
handleArtifact
protected void handleArtifact(jakarta.ws.rs.container.AsyncResponse asyncResponse, String artifact, String relayState) Handle a received artifact message. This means finding the client based on the content of the artifact, sending an ArtifactResolve, receiving an ArtifactResponse, and handling its content based on the "standard" workflows.- Parameters:
artifact
- the received artifactrelayState
- the current relay state
-
encodeSamlDocument
- Throws:
ProcessingException
-
verifySignature
protected abstract void verifySignature(SAMLDocumentHolder documentHolder, ClientModel client) throws VerificationException - Throws:
VerificationException
-
containsUnencryptedSignature
-
extractRequestDocument
-
extractResponseDocument
-
loginRequest
protected jakarta.ws.rs.core.Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client) -
getBindingType
-
getBindingType
-
logoutRequest
protected jakarta.ws.rs.core.Response logoutRequest(LogoutRequestType logoutRequest, ClientModel client, String relayState) -
execute
-
execute
-
getExpectedDestinationUri
KEYCLOAK-12616, KEYCLOAK-12944: construct the expected destination URI using the configured base URI.- Parameters:
session
- a reference to theKeycloakSession
.- Returns:
- the constructed
URI
.
-