Package org.keycloak.broker.saml
Class SAMLIdentityProvider
java.lang.Object
org.keycloak.broker.provider.AbstractIdentityProvider<SAMLIdentityProviderConfig>
org.keycloak.broker.saml.SAMLIdentityProvider
- All Implemented Interfaces:
IdentityProvider<SAMLIdentityProviderConfig>,Provider
- Author:
- Pedro Igor
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
IdentityProvider.AuthenticationCallback -
Field Summary
FieldsFields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, sessionFields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN -
Constructor Summary
ConstructorsConstructorDescriptionSAMLIdentityProvider(KeycloakSession session, SAMLIdentityProviderConfig config, DestinationValidator destinationValidator) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) voidbackchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) protected LogoutRequestTypebuildLogoutRequest(UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions) callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.jakarta.ws.rs.core.Responseexport(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format) Export a representation of the IdentityProvider in a specific format.Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSessionjakarta.ws.rs.core.ResponsekeycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) Called when a Keycloak application initiates a logout through the browser.jakarta.ws.rs.core.ResponseperformLogin(AuthenticationRequest request) Initiates the authentication process by sending an authentication request to an identity provider.booleanReload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.jakarta.ws.rs.core.ResponseretrieveToken(KeycloakSession session, FederatedIdentityModel identity) Returns aResponsecontaining the token previously stored during the authentication process for a specific user.booleanMethods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, getConfig, getLinkingUrl, importNewUser, preprocessFederatedIdentity, updateBrokeredUserMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.broker.provider.IdentityProvider
isMapperSupported
-
Field Details
-
logger
protected static final org.jboss.logging.Logger logger
-
-
Constructor Details
-
SAMLIdentityProvider
public SAMLIdentityProvider(KeycloakSession session, SAMLIdentityProviderConfig config, DestinationValidator destinationValidator)
-
-
Method Details
-
callback
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) Description copied from interface:IdentityProviderJAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Specified by:
callbackin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
callbackin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
-
performLogin
Description copied from interface:IdentityProviderInitiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Specified by:
performLoginin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
performLoginin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Parameters:
request- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
authenticationFinished
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) - Specified by:
authenticationFinishedin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
authenticationFinishedin classAbstractIdentityProvider<SAMLIdentityProviderConfig>
-
retrieveToken
public jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity) Description copied from interface:IdentityProviderReturns a
Responsecontaining the token previously stored during the authentication process for a specific user.- Returns:
-
backchannelLogout
public void backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) - Specified by:
backchannelLogoutin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
backchannelLogoutin classAbstractIdentityProvider<SAMLIdentityProviderConfig>
-
keycloakInitiatedBrowserLogout
public jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) Description copied from interface:IdentityProviderCalled when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP- Specified by:
keycloakInitiatedBrowserLogoutin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
keycloakInitiatedBrowserLogoutin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
- null if this is not supported by this provider
-
buildLogoutRequest
protected LogoutRequestType buildLogoutRequest(UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions) throws ConfigurationException - Throws:
ConfigurationException
-
export
public jakarta.ws.rs.core.Response export(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format) Description copied from interface:IdentityProviderExport a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor- Specified by:
exportin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
exportin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
-
getSignatureAlgorithm
-
getMarshaller
Description copied from interface:IdentityProviderImplementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession- Specified by:
getMarshallerin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
getMarshallerin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
-
reloadKeys
public boolean reloadKeys()Description copied from interface:IdentityProviderReload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.- Returns:
- true if reloaded, false if not
-
supportsLongStateParameter
public boolean supportsLongStateParameter()- Returns:
- true if identity provider supports long value of "state" parameter (or "RelayState" parameter), which can hold relatively big amount of context data
-