Package org.keycloak.broker.saml
Class SAMLIdentityProvider
- java.lang.Object
-
- org.keycloak.broker.provider.AbstractIdentityProvider<SAMLIdentityProviderConfig>
-
- org.keycloak.broker.saml.SAMLIdentityProvider
-
- All Implemented Interfaces:
IdentityProvider<SAMLIdentityProviderConfig>,Provider
public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityProviderConfig>
- Author:
- Pedro Igor
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
IdentityProvider.AuthenticationCallback
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.jboss.logging.Loggerlogger-
Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session
-
Fields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
-
-
Constructor Summary
Constructors Constructor Description SAMLIdentityProvider(KeycloakSession session, SAMLIdentityProviderConfig config, DestinationValidator destinationValidator)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidauthenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)voidbackchannelLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)protected LogoutRequestTypebuildLogoutRequest(UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions)Objectcallback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.javax.ws.rs.core.Responseexport(javax.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format)Export a representation of the IdentityProvider in a specific format.IdentityProviderDataMarshallergetMarshaller()Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSessionSignatureAlgorithmgetSignatureAlgorithm()javax.ws.rs.core.ResponsekeycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)Called when a Keycloak application initiates a logout through the browser.javax.ws.rs.core.ResponseperformLogin(AuthenticationRequest request)Initiates the authentication process by sending an authentication request to an identity provider.javax.ws.rs.core.ResponseretrieveToken(KeycloakSession session, FederatedIdentityModel identity)Returns aResponsecontaining the token previously stored during the authentication process for a specific user.-
Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, getConfig, getLinkingUrl, importNewUser, preprocessFederatedIdentity, updateBrokeredUser
-
-
-
-
Constructor Detail
-
SAMLIdentityProvider
public SAMLIdentityProvider(KeycloakSession session, SAMLIdentityProviderConfig config, DestinationValidator destinationValidator)
-
-
Method Detail
-
callback
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
Description copied from interface:IdentityProviderJAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Specified by:
callbackin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
callbackin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
-
performLogin
public javax.ws.rs.core.Response performLogin(AuthenticationRequest request)
Description copied from interface:IdentityProviderInitiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Specified by:
performLoginin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
performLoginin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Parameters:
request- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
authenticationFinished
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
- Specified by:
authenticationFinishedin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
authenticationFinishedin classAbstractIdentityProvider<SAMLIdentityProviderConfig>
-
retrieveToken
public javax.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity)
Description copied from interface:IdentityProviderReturns a
Responsecontaining the token previously stored during the authentication process for a specific user.- Returns:
-
backchannelLogout
public void backchannelLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
- Specified by:
backchannelLogoutin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
backchannelLogoutin classAbstractIdentityProvider<SAMLIdentityProviderConfig>
-
keycloakInitiatedBrowserLogout
public javax.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
Description copied from interface:IdentityProviderCalled when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP- Specified by:
keycloakInitiatedBrowserLogoutin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
keycloakInitiatedBrowserLogoutin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
- null if this is not supported by this provider
-
buildLogoutRequest
protected LogoutRequestType buildLogoutRequest(UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, SamlProtocolExtensionsAwareBuilder.NodeGenerator... extensions) throws ConfigurationException
- Throws:
ConfigurationException
-
export
public javax.ws.rs.core.Response export(javax.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format)Description copied from interface:IdentityProviderExport a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor- Specified by:
exportin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
exportin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
-
getSignatureAlgorithm
public SignatureAlgorithm getSignatureAlgorithm()
-
getMarshaller
public IdentityProviderDataMarshaller getMarshaller()
Description copied from interface:IdentityProviderImplementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession- Specified by:
getMarshallerin interfaceIdentityProvider<SAMLIdentityProviderConfig>- Overrides:
getMarshallerin classAbstractIdentityProvider<SAMLIdentityProviderConfig>- Returns:
-
-