Package org.keycloak.broker.saml
Class SAMLIdentityProvider
java.lang.Object
org.keycloak.broker.provider.AbstractIdentityProvider<SAMLIdentityProviderConfig>
org.keycloak.broker.saml.SAMLIdentityProvider
- All Implemented Interfaces:
IdentityProvider<SAMLIdentityProviderConfig>
,Provider
- Author:
- Pedro Igor
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
IdentityProvider.AuthenticationCallback
-
Field Summary
Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session
Fields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
-
Constructor Summary
ConstructorDescriptionSAMLIdentityProvider
(KeycloakSession session, SAMLIdentityProviderConfig config, DestinationValidator destinationValidator) -
Method Summary
Modifier and TypeMethodDescriptionvoid
authenticationFinished
(AuthenticationSessionModel authSession, BrokeredIdentityContext context) void
backchannelLogout
(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) protected LogoutRequestType
buildLogoutRequest
(UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions) callback
(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.jakarta.ws.rs.core.Response
export
(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format) Export a representation of the IdentityProvider in a specific format.Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSessionjakarta.ws.rs.core.Response
keycloakInitiatedBrowserLogout
(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) Called when a Keycloak application initiates a logout through the browser.jakarta.ws.rs.core.Response
performLogin
(AuthenticationRequest request) Initiates the authentication process by sending an authentication request to an identity provider.boolean
Reload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.jakarta.ws.rs.core.Response
retrieveToken
(KeycloakSession session, FederatedIdentityModel identity) Returns aResponse
containing the token previously stored during the authentication process for a specific user.boolean
Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, getConfig, getLinkingUrl, importNewUser, preprocessFederatedIdentity, updateBrokeredUser
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.broker.provider.IdentityProvider
isMapperSupported
-
Field Details
-
logger
protected static final org.jboss.logging.Logger logger
-
-
Constructor Details
-
SAMLIdentityProvider
public SAMLIdentityProvider(KeycloakSession session, SAMLIdentityProviderConfig config, DestinationValidator destinationValidator)
-
-
Method Details
-
callback
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) Description copied from interface:IdentityProvider
JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Specified by:
callback
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
callback
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
- Returns:
-
performLogin
Description copied from interface:IdentityProvider
Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Specified by:
performLogin
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
performLogin
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
- Parameters:
request
- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
authenticationFinished
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) - Specified by:
authenticationFinished
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
authenticationFinished
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
-
retrieveToken
public jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity) Description copied from interface:IdentityProvider
Returns a
Response
containing the token previously stored during the authentication process for a specific user.- Returns:
-
backchannelLogout
public void backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) - Specified by:
backchannelLogout
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
backchannelLogout
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
-
keycloakInitiatedBrowserLogout
public jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) Description copied from interface:IdentityProvider
Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP- Specified by:
keycloakInitiatedBrowserLogout
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
keycloakInitiatedBrowserLogout
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
- Returns:
- null if this is not supported by this provider
-
buildLogoutRequest
protected LogoutRequestType buildLogoutRequest(UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions) throws ConfigurationException - Throws:
ConfigurationException
-
export
public jakarta.ws.rs.core.Response export(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format) Description copied from interface:IdentityProvider
Export a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor- Specified by:
export
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
export
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
- Returns:
-
getSignatureAlgorithm
-
getMarshaller
Description copied from interface:IdentityProvider
Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession- Specified by:
getMarshaller
in interfaceIdentityProvider<SAMLIdentityProviderConfig>
- Overrides:
getMarshaller
in classAbstractIdentityProvider<SAMLIdentityProviderConfig>
- Returns:
-
reloadKeys
public boolean reloadKeys()Description copied from interface:IdentityProvider
Reload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.- Returns:
- true if reloaded, false if not
-
supportsLongStateParameter
public boolean supportsLongStateParameter()- Returns:
- true if identity provider supports long value of "state" parameter (or "RelayState" parameter), which can hold relatively big amount of context data
-