SamlProtocol (Keycloak 1.2.0.Beta1 API)

java.lang.Object
- org.keycloak.protocol.saml.SamlProtocol

All Implemented Interfaces:

LoginProtocol, Provider
```
public class SamlProtocol
extends Object
implements LoginProtocol
```
Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class SamlProtocol.ProtocolMapperProcessor<T>

Nested Classes
Modifier and Type	Class and Description
`static class`	`SamlProtocol.ProtocolMapperProcessor<T>`

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`ATTRIBUTE_FALSE_VALUE`
`static String`	`ATTRIBUTE_TRUE_VALUE`
`protected EventBuilder`	`event`
`protected javax.ws.rs.core.HttpHeaders`	`headers`
`protected static org.jboss.logging.Logger`	`logger`
`static String`	`LOGIN_PROTOCOL`
`protected RealmModel`	`realm`
`static String`	`SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE`
`static String`	`SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE`
`static String`	`SAML_ASSERTION_SIGNATURE`
`static String`	`SAML_AUTHNSTATEMENT`
`static String`	`SAML_BINDING`
`static String`	`SAML_CLIENT_SIGNATURE_ATTRIBUTE`
`static String`	`SAML_DEFAULT_NAMEID_FORMAT`
`static String`	`SAML_ENCRYPT`
`static String`	`SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE`
`static String`	`SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE`
`static String`	`SAML_FORCE_POST_BINDING`
`static String`	`SAML_LOGOUT_BINDING`
`static String`	`SAML_LOGOUT_BINDING_URI`
`static String`	`SAML_LOGOUT_RELAY_STATE`
`static String`	`SAML_LOGOUT_REQUEST_ID`
`static String`	`SAML_LOGOUT_SIGNATURE_ALGORITHM`
`static String`	`SAML_NAME_ID`
`static String`	`SAML_NAME_ID_FORMAT`
`static String`	`SAML_NAME_ID_FORMAT_ATTRIBUTE`
`static String`	`SAML_PERSISTENT_NAME_ID_FOR`
`static String`	`SAML_POST_BINDING`
`static String`	`SAML_REDIRECT_BINDING`
`static String`	`SAML_REQUEST_ID`
`static String`	`SAML_SERVER_SIGNATURE`
`static String`	`SAML_SIGNATURE_ALGORITHM`
`static String`	`SAML_SIGNING_CERTIFICATE_ATTRIBUTE`
`static String`	`SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE`
`static String`	`SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE`
`protected KeycloakSession`	`session`
`protected javax.ws.rs.core.UriInfo`	`uriInfo`

Constructor Summary

Constructors
Constructor and Description

SamlProtocol()

Constructors
Constructor and Description
`SamlProtocol()`

Method Summary

Methods
Modifier and Type	Method and Description
`javax.ws.rs.core.Response`	`authenticated(UserSessionModel userSession, ClientSessionCode accessCode)`
`void`	`backchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession)`
`javax.ws.rs.core.Response`	`cancelLogin(ClientSessionModel clientSession)`
`void`	`close()`
`javax.ws.rs.core.Response`	`consentDenied(ClientSessionModel clientSession)`
`protected SAML2LogoutRequestBuilder`	`createLogoutRequest(String logoutUrl, ClientSessionModel clientSession, ClientModel client)`
`javax.ws.rs.core.Response`	`finishLogout(UserSessionModel userSession)`
`static boolean`	`forceNameIdFormat(ClientModel client)`
`static boolean`	`forcePostBinding(ClientModel client)`
`javax.ws.rs.core.Response`	`frontchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession)`
`protected javax.ws.rs.core.Response`	`getErrorResponse(ClientSessionModel clientSession, String status)`
`static String`	`getLogoutServiceUrl(javax.ws.rs.core.UriInfo uriInfo, ClientModel client, String bindingType)`
`protected String`	`getNameId(String nameIdFormat, ClientSessionModel clientSession, UserSessionModel userSession)`
`protected String`	`getNameIdFormat(ClientSessionModel clientSession)`
`protected String`	`getResponseIssuer(RealmModel realm)`
`static SignatureAlgorithm`	`getSignatureAlgorithm(ClientModel client)`
`static boolean`	`includeAuthnStatement(ClientModel client)`
`javax.ws.rs.core.Response`	`invalidSessionError(ClientSessionModel clientSession)`
`protected boolean`	`isLogoutPostBindingForClient(ClientSessionModel clientSession)`
`protected boolean`	`isLogoutPostBindingForInitiator(UserSessionModel session)`
`protected boolean`	`isPostBinding(ClientSessionModel clientSession)`
`void`	`populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper, org.picketlink.identity.federation.saml.v2.protocol.ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)`
`static boolean`	`requiresAssertionSignature(ClientModel client)`
`static boolean`	`requiresRealmSignature(ClientModel client)`
`SamlProtocol`	`setEventBuilder(EventBuilder event)`
`SamlProtocol`	`setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)`
`SamlProtocol`	`setRealm(RealmModel realm)`
`SamlProtocol`	`setSession(KeycloakSession session)`
`SamlProtocol`	`setUriInfo(javax.ws.rs.core.UriInfo uriInfo)`
`void`	`transformAttributeStatement(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers, org.picketlink.identity.federation.saml.v2.protocol.ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)`
`org.picketlink.identity.federation.saml.v2.protocol.ResponseType`	`transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers, org.picketlink.identity.federation.saml.v2.protocol.ResponseType response, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

ATTRIBUTE_TRUE_VALUE

public static final String ATTRIBUTE_TRUE_VALUE

See Also:: Constant Field Values

ATTRIBUTE_FALSE_VALUE

public static final String ATTRIBUTE_FALSE_VALUE

See Also:: Constant Field Values

SAML_SIGNING_CERTIFICATE_ATTRIBUTE

public static final String SAML_SIGNING_CERTIFICATE_ATTRIBUTE

See Also:: Constant Field Values

SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE

public static final String SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE

See Also:: Constant Field Values

SAML_CLIENT_SIGNATURE_ATTRIBUTE

public static final String SAML_CLIENT_SIGNATURE_ATTRIBUTE

See Also:: Constant Field Values

SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

See Also:: Constant Field Values

SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

public static final String SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

See Also:: Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

See Also:: Constant Field Values

SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

See Also:: Constant Field Values

SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE

public static final String SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE

See Also:: Constant Field Values

SAML_NAME_ID_FORMAT_ATTRIBUTE

public static final String SAML_NAME_ID_FORMAT_ATTRIBUTE

See Also:: Constant Field Values

LOGIN_PROTOCOL

public static final String LOGIN_PROTOCOL

See Also:: Constant Field Values

SAML_BINDING

public static final String SAML_BINDING

See Also:: Constant Field Values

SAML_POST_BINDING

public static final String SAML_POST_BINDING

See Also:: Constant Field Values

SAML_REDIRECT_BINDING

public static final String SAML_REDIRECT_BINDING

See Also:: Constant Field Values

SAML_SERVER_SIGNATURE

public static final String SAML_SERVER_SIGNATURE

See Also:: Constant Field Values

SAML_ASSERTION_SIGNATURE

public static final String SAML_ASSERTION_SIGNATURE

See Also:: Constant Field Values

SAML_AUTHNSTATEMENT

public static final String SAML_AUTHNSTATEMENT

See Also:: Constant Field Values

SAML_SIGNATURE_ALGORITHM

public static final String SAML_SIGNATURE_ALGORITHM

See Also:: Constant Field Values

SAML_ENCRYPT

public static final String SAML_ENCRYPT

See Also:: Constant Field Values

SAML_FORCE_POST_BINDING

public static final String SAML_FORCE_POST_BINDING

See Also:: Constant Field Values

SAML_REQUEST_ID

public static final String SAML_REQUEST_ID

See Also:: Constant Field Values

SAML_LOGOUT_BINDING

public static final String SAML_LOGOUT_BINDING

See Also:: Constant Field Values

SAML_LOGOUT_REQUEST_ID

public static final String SAML_LOGOUT_REQUEST_ID

See Also:: Constant Field Values

SAML_LOGOUT_RELAY_STATE

public static final String SAML_LOGOUT_RELAY_STATE

See Also:: Constant Field Values

SAML_LOGOUT_BINDING_URI

public static final String SAML_LOGOUT_BINDING_URI

See Also:: Constant Field Values

SAML_LOGOUT_SIGNATURE_ALGORITHM

public static final String SAML_LOGOUT_SIGNATURE_ALGORITHM

See Also:: Constant Field Values

SAML_NAME_ID

public static final String SAML_NAME_ID

See Also:: Constant Field Values

SAML_NAME_ID_FORMAT

public static final String SAML_NAME_ID_FORMAT

See Also:: Constant Field Values

SAML_DEFAULT_NAMEID_FORMAT

public static final String SAML_DEFAULT_NAMEID_FORMAT

SAML_PERSISTENT_NAME_ID_FOR

public static final String SAML_PERSISTENT_NAME_ID_FOR

See Also:: Constant Field Values

session
```
protected KeycloakSession session
```

realm
```
protected RealmModel realm
```

uriInfo

protected javax.ws.rs.core.UriInfo uriInfo

headers

protected javax.ws.rs.core.HttpHeaders headers

event
```
protected EventBuilder event
```

Constructor Detail
- SamlProtocol
```
public SamlProtocol()
```

Method Detail

setSession

public SamlProtocol setSession(KeycloakSession session)

Specified by:: setSession in interface LoginProtocol

setRealm

public SamlProtocol setRealm(RealmModel realm)

Specified by:: setRealm in interface LoginProtocol

setUriInfo

public SamlProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)

Specified by:: setUriInfo in interface LoginProtocol

setHttpHeaders

public SamlProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)

Specified by:: setHttpHeaders in interface LoginProtocol

setEventBuilder
```
public SamlProtocol setEventBuilder(EventBuilder event)
```
Specified by:

setEventBuilder in interface LoginProtocol

cancelLogin

public javax.ws.rs.core.Response cancelLogin(ClientSessionModel clientSession)

Specified by:: cancelLogin in interface LoginProtocol

invalidSessionError

public javax.ws.rs.core.Response invalidSessionError(ClientSessionModel clientSession)

Specified by:: invalidSessionError in interface LoginProtocol

getResponseIssuer

protected String getResponseIssuer(RealmModel realm)

getErrorResponse

protected javax.ws.rs.core.Response getErrorResponse(ClientSessionModel clientSession,
                                         String status)

isPostBinding

protected boolean isPostBinding(ClientSessionModel clientSession)

isLogoutPostBindingForInitiator

protected boolean isLogoutPostBindingForInitiator(UserSessionModel session)

isLogoutPostBindingForClient

protected boolean isLogoutPostBindingForClient(ClientSessionModel clientSession)

forcePostBinding

public static boolean forcePostBinding(ClientModel client)

getNameIdFormat

protected String getNameIdFormat(ClientSessionModel clientSession)

forceNameIdFormat

public static boolean forceNameIdFormat(ClientModel client)

getNameId

protected String getNameId(String nameIdFormat,
               ClientSessionModel clientSession,
               UserSessionModel userSession)

authenticated

public javax.ws.rs.core.Response authenticated(UserSessionModel userSession,
                                      ClientSessionCode accessCode)

Specified by:: authenticated in interface LoginProtocol

requiresRealmSignature

public static boolean requiresRealmSignature(ClientModel client)

requiresAssertionSignature

public static boolean requiresAssertionSignature(ClientModel client)

includeAuthnStatement

public static boolean includeAuthnStatement(ClientModel client)

getSignatureAlgorithm

public static SignatureAlgorithm getSignatureAlgorithm(ClientModel client)

transformAttributeStatement

public void transformAttributeStatement(List<SamlProtocol.ProtocolMapperProcessor<SAMLAttributeStatementMapper>> attributeStatementMappers,
                               org.picketlink.identity.federation.saml.v2.protocol.ResponseType response,
                               KeycloakSession session,
                               UserSessionModel userSession,
                               ClientSessionModel clientSession)

transformLoginResponse

public org.picketlink.identity.federation.saml.v2.protocol.ResponseType transformLoginResponse(List<SamlProtocol.ProtocolMapperProcessor<SAMLLoginResponseMapper>> mappers,
                                                                                      org.picketlink.identity.federation.saml.v2.protocol.ResponseType response,
                                                                                      KeycloakSession session,
                                                                                      UserSessionModel userSession,
                                                                                      ClientSessionModel clientSession)

populateRoles

public void populateRoles(SamlProtocol.ProtocolMapperProcessor<SAMLRoleListMapper> roleListMapper,
                 org.picketlink.identity.federation.saml.v2.protocol.ResponseType response,
                 KeycloakSession session,
                 UserSessionModel userSession,
                 ClientSessionModel clientSession)

consentDenied

public javax.ws.rs.core.Response consentDenied(ClientSessionModel clientSession)

Specified by:: consentDenied in interface LoginProtocol

getLogoutServiceUrl

public static String getLogoutServiceUrl(javax.ws.rs.core.UriInfo uriInfo,
                         ClientModel client,
                         String bindingType)

frontchannelLogout

public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession,
                                           ClientSessionModel clientSession)

Specified by:: frontchannelLogout in interface LoginProtocol

finishLogout

public javax.ws.rs.core.Response finishLogout(UserSessionModel userSession)

Specified by:: finishLogout in interface LoginProtocol

backchannelLogout

public void backchannelLogout(UserSessionModel userSession,
                     ClientSessionModel clientSession)

Specified by:: backchannelLogout in interface LoginProtocol

createLogoutRequest

protected SAML2LogoutRequestBuilder createLogoutRequest(String logoutUrl,
                                            ClientSessionModel clientSession,
                                            ClientModel client)

close
```
public void close()
```
Specified by:

close in interface Provider

Class SamlProtocol

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

logger

ATTRIBUTE_TRUE_VALUE

ATTRIBUTE_FALSE_VALUE

SAML_SIGNING_CERTIFICATE_ATTRIBUTE

SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE

SAML_CLIENT_SIGNATURE_ATTRIBUTE

SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE

SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE

SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE

SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE

SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE

SAML_NAME_ID_FORMAT_ATTRIBUTE

LOGIN_PROTOCOL

SAML_BINDING

SAML_POST_BINDING

SAML_REDIRECT_BINDING

SAML_SERVER_SIGNATURE

SAML_ASSERTION_SIGNATURE

SAML_AUTHNSTATEMENT

SAML_SIGNATURE_ALGORITHM

SAML_ENCRYPT

SAML_FORCE_POST_BINDING

SAML_REQUEST_ID

SAML_LOGOUT_BINDING

SAML_LOGOUT_REQUEST_ID

SAML_LOGOUT_RELAY_STATE

SAML_LOGOUT_BINDING_URI

SAML_LOGOUT_SIGNATURE_ALGORITHM

SAML_NAME_ID

SAML_NAME_ID_FORMAT

SAML_DEFAULT_NAMEID_FORMAT

SAML_PERSISTENT_NAME_ID_FOR

session

realm

uriInfo

headers

event

Constructor Detail

SamlProtocol

Method Detail

setSession

setRealm

setUriInfo

setHttpHeaders

setEventBuilder

cancelLogin

invalidSessionError

getResponseIssuer

getErrorResponse

isPostBinding

isLogoutPostBindingForInitiator

isLogoutPostBindingForClient

forcePostBinding

getNameIdFormat

forceNameIdFormat

getNameId

authenticated

requiresRealmSignature

requiresAssertionSignature

includeAuthnStatement

getSignatureAlgorithm

transformAttributeStatement

transformLoginResponse

populateRoles

consentDenied

getLogoutServiceUrl

frontchannelLogout

finishLogout

backchannelLogout

createLogoutRequest

close