public class SAML2AuthenticationHandler extends BaseSAML2Handler
Handles for dealing with SAML2 Authentication
Configuration Options:a milisecond value sets a skew for checking the validity of assertion (SP
Setting)
,
Setting a value will disable the generation of an AuthnStatement (IDP
Setting)
,
Setting any value will disable the generation and return of roles to SP (IDP
Setting)
,
Setting any value will have an attribute statement with multiple values
(IDP
Setting)
,
Setting to true will disable picking IDP attribute statements (SP Setting)
,
a csv list of strings that represent the roles coming from IDP (SP Setting)
,
Setting to a value will provide the nameid format to be sent to IDP (SP Setting)
,
the url to be used for assertionConsumerURL (SP Setting)
SAML2Handler.HANDLER_TYPE
Modifier and Type | Field and Description |
---|---|
static String |
SINGLE_ATTRIBUTE_STATEMENT |
handlerChainConfig, handlerConfig, logger
ASSERTION_CONSUMER_URL, CLOCK_SKEW_MILIS, DISABLE_AUTHN_STATEMENT, DISABLE_ROLE_PICKING, DISABLE_SENDING_ROLES, ROLE_KEY, USE_MULTI_VALUED_ROLES
Constructor and Description |
---|
SAML2AuthenticationHandler() |
Modifier and Type | Method and Description |
---|---|
void |
generateSAMLRequest(SAML2HandlerRequest request,
SAML2HandlerResponse response)
Generate a SAML Request to be sent to the IDP if the handler is invoked at the SP and vice-versa
|
protected List<AttributeStatementType> |
getAttributeStatements(SAML2HandlerRequest request)
This method is invoked during the process of issuing an assertion by the IdP.
|
void |
handleRequestType(SAML2HandlerRequest request,
SAML2HandlerResponse response)
Handle a SAML2 RequestAbstractType
|
void |
handleStatusResponseType(SAML2HandlerRequest request,
SAML2HandlerResponse response)
Handle a SAML2 Status Response Type
|
checkDestination, checkDestination, getHttpRequest, getHttpSession, getProviderconfig, getType, initChainConfig, initHandlerConfig, reset
public static final String SINGLE_ATTRIBUTE_STATEMENT
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
SAML2Handler
ProcessingException
public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
SAML2Handler
handleStatusResponseType
in interface SAML2Handler
handleStatusResponseType
in class BaseSAML2Handler
ProcessingException
SAML2Handler#handleStatusResponseType(SAML2HandlerRequest, SAML2HandlerResponse)}
public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
SAML2Handler
generateSAMLRequest
in interface SAML2Handler
generateSAMLRequest
in class BaseSAML2Handler
ProcessingException
SAML2Handler.generateSAMLRequest(SAML2HandlerRequest, SAML2HandlerResponse)
protected List<AttributeStatementType> getAttributeStatements(SAML2HandlerRequest request)
This method is invoked during the process of issuing an assertion by the IdP. It returns a list of AttributeStatementType
that are going to be added to the assertion.
Subclasses may override this method to customize the attributes sent by the IdP to relying parties.
Before overriden this method, developers must consider using a org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2AttributeManager
.
This method provides more access to the invocation context, which can be access from the given SAML2HandlerRequest
.
request
- Copyright © 2019 JBoss by Red Hat. All rights reserved.