org.pac4j.saml.client

Class SAML2Client

java.lang.Object

org.pac4j.core.util.InitializableWebObject

org.pac4j.core.client.BaseClient<C,U>

org.pac4j.core.client.IndirectClient<SAML2Credentials,SAML2Profile>

org.pac4j.saml.client.SAML2Client

All Implemented Interfaces:

Cloneable, Client<SAML2Credentials,SAML2Profile>

public class SAML2Client
extends IndirectClient<SAML2Credentials,SAML2Profile>

This class is the client to authenticate users with a SAML2 Identity Provider. This implementation relies on the Web Browser SSO profile with HTTP-POST binding. (http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf).

Since:

1.5.0

Author:

Michael Remond, Misagh Moayyed

Field Summary

Fields

Modifier and Type	Field and Description
protected SAML2ClientConfiguration	configuration
protected SAMLContextProvider	contextProvider
protected CredentialProvider	credentialProvider
protected org.opensaml.saml.saml2.encryption.Decrypter	decrypter
protected SAML2MetadataResolver	idpMetadataResolver
protected static org.slf4j.Logger	logger
protected SAML2ProfileHandler<org.opensaml.saml.saml2.core.AuthnRequest>	profileHandler
protected SAML2ResponseValidator	responseValidator
static String	SAML_RELAY_STATE_ATTRIBUTE
protected SAML2ObjectBuilder<org.opensaml.saml.saml2.core.AuthnRequest>	saml2ObjectBuilder
protected SignatureSigningParametersProvider	signatureSigningParametersProvider
protected SAML2SignatureTrustEngineProvider	signatureTrustEngineProvider
protected SAML2MetadataResolver	spMetadataResolver

Fields inherited from class org.pac4j.core.client.IndirectClient

ATTEMPTED_AUTHENTICATION_SUFFIX, callbackUrl, callbackUrlResolver, NEEDS_CLIENT_REDIRECTION_PARAMETER

Constructor Summary

Constructors

Constructor and Description
SAML2Client()
SAML2Client(SAML2ClientConfiguration configuration)

Method Summary

Modifier and Type	Method and Description
ClientType	getClientType() Return the client type.
SAML2ClientConfiguration	getConfiguration()
SAML2MetadataResolver	getIdentityProviderMetadataResolver()
String	getIdentityProviderResolvedEntityId()
SAML2ResponseValidator	getResponseValidator()
SAML2MetadataResolver	getServiceProviderMetadataResolver()
String	getServiceProviderResolvedEntityId()
protected String	getStateParameter(WebContext webContext) Return the state parameter required by some security protocols like SAML or OAuth.
protected org.opensaml.saml.metadata.resolver.ChainingMetadataResolver	initChainingMetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver idpMetadataProvider, org.opensaml.saml.metadata.resolver.MetadataResolver spMetadataProvider)
protected void	initCredentialProvider()
protected void	initDecrypter()
protected org.opensaml.saml.metadata.resolver.MetadataResolver	initIdentityProviderMetadataResolver()
protected void	initSAMLContextProvider(org.opensaml.saml.metadata.resolver.MetadataResolver metadataManager)
protected void	initSAMLObjectBuilder()
protected void	initSAMLProfileHandler()
protected void	initSAMLResponseValidator()
protected org.opensaml.saml.metadata.resolver.MetadataResolver	initServiceProviderMetadataResolver(WebContext context)
protected void	initSignatureSigningParametersProvider()
protected void	initSignatureTrustEngineProvider(org.opensaml.saml.metadata.resolver.MetadataResolver metadataManager)
protected void	internalInit(WebContext context) Internal initialization of the object.
protected boolean	isDirectRedirection() Define if this client has a direct redirection.
protected BaseClient<SAML2Credentials,SAML2Profile>	newClient() Create a new instance of the client.
protected SAML2Credentials	retrieveCredentials(WebContext wc)
protected RedirectAction	retrieveRedirectAction(WebContext wc)
protected SAML2Profile	retrieveUserProfile(SAML2Credentials credentials, WebContext context)
void	setConfiguration(SAML2ClientConfiguration configuration)

Methods inherited from class org.pac4j.core.client.IndirectClient

computeFinalCallbackUrl, getAjaxRequestResolver, getCallbackUrl, getCallbackUrlResolver, getCredentials, getRedirectAction, getRedirectionUrl, isIncludeClientNameInCallbackUrl, redirect, setAjaxRequestResolver, setCallbackUrl, setCallbackUrlResolver, setIncludeClientNameInCallbackUrl

Methods inherited from class org.pac4j.core.client.BaseClient

addAuthorizationGenerator, clone, getAuthorizationGenerators, getName, getUserProfile, setAuthorizationGenerator, setAuthorizationGenerators, setAuthorizationGenerators, setName, toString

Methods inherited from class org.pac4j.core.util.InitializableWebObject

init, reinit

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

logger

protected static final org.slf4j.Logger logger

SAML_RELAY_STATE_ATTRIBUTE

public static final String SAML_RELAY_STATE_ATTRIBUTE

See Also:

Constant Field Values

credentialProvider

protected CredentialProvider credentialProvider

contextProvider

protected SAMLContextProvider contextProvider

saml2ObjectBuilder

protected SAML2ObjectBuilder<org.opensaml.saml.saml2.core.AuthnRequest> saml2ObjectBuilder

signatureSigningParametersProvider

protected SignatureSigningParametersProvider signatureSigningParametersProvider

profileHandler

protected SAML2ProfileHandler<org.opensaml.saml.saml2.core.AuthnRequest> profileHandler

responseValidator

protected SAML2ResponseValidator responseValidator

signatureTrustEngineProvider

protected SAML2SignatureTrustEngineProvider signatureTrustEngineProvider

idpMetadataResolver

protected SAML2MetadataResolver idpMetadataResolver

spMetadataResolver

protected SAML2MetadataResolver spMetadataResolver

decrypter

protected org.opensaml.saml.saml2.encryption.Decrypter decrypter

configuration

protected SAML2ClientConfiguration configuration

Constructor Detail

SAML2Client

public SAML2Client()

SAML2Client

public SAML2Client(SAML2ClientConfiguration configuration)

Method Detail

internalInit

protected void internalInit(WebContext context)

Description copied from class: InitializableWebObject

Internal initialization of the object.

Specified by:

internalInit in class InitializableWebObject

Parameters:

context - the web context

initSAMLProfileHandler

protected void initSAMLProfileHandler()

initSAMLResponseValidator

protected void initSAMLResponseValidator()

initSignatureTrustEngineProvider

protected void initSignatureTrustEngineProvider(org.opensaml.saml.metadata.resolver.MetadataResolver metadataManager)

initSAMLObjectBuilder

protected void initSAMLObjectBuilder()

initSAMLContextProvider

protected void initSAMLContextProvider(org.opensaml.saml.metadata.resolver.MetadataResolver metadataManager)

initServiceProviderMetadataResolver

protected org.opensaml.saml.metadata.resolver.MetadataResolver initServiceProviderMetadataResolver(WebContext context)

initIdentityProviderMetadataResolver

protected org.opensaml.saml.metadata.resolver.MetadataResolver initIdentityProviderMetadataResolver()

initCredentialProvider

protected void initCredentialProvider()

initDecrypter

protected void initDecrypter()

initSignatureSigningParametersProvider

protected void initSignatureSigningParametersProvider()

initChainingMetadataResolver

protected org.opensaml.saml.metadata.resolver.ChainingMetadataResolver initChainingMetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver idpMetadataProvider,
                                                                                                    org.opensaml.saml.metadata.resolver.MetadataResolver spMetadataProvider)

newClient

protected BaseClient<SAML2Credentials,SAML2Profile> newClient()

Description copied from class: BaseClient

Create a new instance of the client.

Specified by:

newClient in class BaseClient<SAML2Credentials,SAML2Profile>

Returns:

A new instance of the client

isDirectRedirection

protected boolean isDirectRedirection()

Description copied from class: IndirectClient

Define if this client has a direct redirection.

Specified by:

isDirectRedirection in class IndirectClient<SAML2Credentials,SAML2Profile>

Returns:

if this client has a direct redirection

retrieveRedirectAction

protected RedirectAction retrieveRedirectAction(WebContext wc)

Specified by:

retrieveRedirectAction in class IndirectClient<SAML2Credentials,SAML2Profile>

retrieveCredentials

protected SAML2Credentials retrieveCredentials(WebContext wc)
                                        throws RequiresHttpAction

Specified by:

retrieveCredentials in class IndirectClient<SAML2Credentials,SAML2Profile>

Throws:

RequiresHttpAction

retrieveUserProfile

protected SAML2Profile retrieveUserProfile(SAML2Credentials credentials,
                                           WebContext context)

Specified by:

retrieveUserProfile in class BaseClient<SAML2Credentials,SAML2Profile>

getStateParameter

protected String getStateParameter(WebContext webContext)

Description copied from class: IndirectClient

Return the state parameter required by some security protocols like SAML or OAuth.

Overrides:

getStateParameter in class IndirectClient<SAML2Credentials,SAML2Profile>

Parameters:

webContext - web context

Returns:

the state

getResponseValidator

public final SAML2ResponseValidator getResponseValidator()

getServiceProviderMetadataResolver

public final SAML2MetadataResolver getServiceProviderMetadataResolver()

getIdentityProviderMetadataResolver

public final SAML2MetadataResolver getIdentityProviderMetadataResolver()

getClientType

public final ClientType getClientType()

Description copied from class: BaseClient

Return the client type.

Specified by:

getClientType in class BaseClient<SAML2Credentials,SAML2Profile>

Returns:

the client type

getIdentityProviderResolvedEntityId

public final String getIdentityProviderResolvedEntityId()

getServiceProviderResolvedEntityId

public final String getServiceProviderResolvedEntityId()

setConfiguration

public void setConfiguration(SAML2ClientConfiguration configuration)

getConfiguration

public final SAML2ClientConfiguration getConfiguration()