Package org.keycloak.protocol.saml
Class SamlService.BindingProtocol
- java.lang.Object
-
- org.keycloak.protocol.saml.SamlService.BindingProtocol
-
- Direct Known Subclasses:
SamlService.PostBindingProtocol,SamlService.RedirectBindingProtocol
- Enclosing class:
- SamlService
public abstract class SamlService.BindingProtocol extends Object
-
-
Field Summary
Fields Modifier and Type Field Description protected booleanredirectToAuthentication
-
Constructor Summary
Constructors Constructor Description BindingProtocol()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected javax.ws.rs.core.ResponsebasicChecks(String samlRequest, String samlResponse, String artifact)protected abstract booleancontainsUnencryptedSignature(SAMLDocumentHolder documentHolder)protected abstract StringencodeSamlDocument(Document samlDocument)protected abstract javax.ws.rs.core.Responseerror(KeycloakSession session, AuthenticationSessionModel authenticationSession, javax.ws.rs.core.Response.Status status, String message, Object... parameters)javax.ws.rs.core.Responseexecute(String samlRequest, String samlResponse, String relayState, String artifact)voidexecute(javax.ws.rs.container.AsyncResponse asyncReponse, String samlRequest, String samlResponse, String relayState, String artifact)protected abstract SAMLDocumentHolderextractRequestDocument(String samlRequest)protected abstract SAMLDocumentHolderextractResponseDocument(String response)protected abstract StringgetBindingType()protected StringgetBindingType(AuthnRequestType requestAbstractType)protected URIgetExpectedDestinationUri(KeycloakSession session)KEYCLOAK-12616, KEYCLOAK-12944: construct the expected destination URI using the configured base URI.protected voidhandleArtifact(javax.ws.rs.container.AsyncResponse asyncResponse, String artifact, String relayState)Handle a received artifact message.protected javax.ws.rs.core.ResponsehandleSamlRequest(String samlRequest, String relayState)protected javax.ws.rs.core.ResponsehandleSamlResponse(String samlResponse, String relayState)protected booleanisDestinationRequired()protected javax.ws.rs.core.ResponseloginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client)protected javax.ws.rs.core.ResponselogoutRequest(LogoutRequestType logoutRequest, ClientModel client, String relayState)protected abstract voidverifySignature(SAMLDocumentHolder documentHolder, ClientModel client)
-
-
-
Method Detail
-
error
protected abstract javax.ws.rs.core.Response error(KeycloakSession session, AuthenticationSessionModel authenticationSession, javax.ws.rs.core.Response.Status status, String message, Object... parameters)
-
basicChecks
protected javax.ws.rs.core.Response basicChecks(String samlRequest, String samlResponse, String artifact)
-
isDestinationRequired
protected boolean isDestinationRequired()
-
handleSamlResponse
protected javax.ws.rs.core.Response handleSamlResponse(String samlResponse, String relayState)
-
handleSamlRequest
protected javax.ws.rs.core.Response handleSamlRequest(String samlRequest, String relayState)
-
handleArtifact
protected void handleArtifact(javax.ws.rs.container.AsyncResponse asyncResponse, String artifact, String relayState)Handle a received artifact message. This means finding the client based on the content of the artifact, sending an ArtifactResolve, receiving an ArtifactResponse, and handling its content based on the "standard" workflows.- Parameters:
artifact- the received artifactrelayState- the current relay state
-
encodeSamlDocument
protected abstract String encodeSamlDocument(Document samlDocument) throws ProcessingException
- Throws:
ProcessingException
-
verifySignature
protected abstract void verifySignature(SAMLDocumentHolder documentHolder, ClientModel client) throws VerificationException
- Throws:
VerificationException
-
containsUnencryptedSignature
protected abstract boolean containsUnencryptedSignature(SAMLDocumentHolder documentHolder)
-
extractRequestDocument
protected abstract SAMLDocumentHolder extractRequestDocument(String samlRequest)
-
extractResponseDocument
protected abstract SAMLDocumentHolder extractResponseDocument(String response)
-
loginRequest
protected javax.ws.rs.core.Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client)
-
getBindingType
protected String getBindingType(AuthnRequestType requestAbstractType)
-
getBindingType
protected abstract String getBindingType()
-
logoutRequest
protected javax.ws.rs.core.Response logoutRequest(LogoutRequestType logoutRequest, ClientModel client, String relayState)
-
execute
public javax.ws.rs.core.Response execute(String samlRequest, String samlResponse, String relayState, String artifact)
-
execute
public void execute(javax.ws.rs.container.AsyncResponse asyncReponse, String samlRequest, String samlResponse, String relayState, String artifact)
-
getExpectedDestinationUri
protected URI getExpectedDestinationUri(KeycloakSession session)
KEYCLOAK-12616, KEYCLOAK-12944: construct the expected destination URI using the configured base URI.- Parameters:
session- a reference to theKeycloakSession.- Returns:
- the constructed
URI.
-
-