public abstract class BaseFormAuthenticator
extends FormAuthenticator
Modifier and Type | Field and Description |
---|---|
protected PicketLinkAuditHelper |
auditHelper |
protected String |
canonicalizationMethod |
protected SAML2HandlerChain |
chain |
protected Map<String,Object> |
chainConfigOptions |
protected Lock |
chainLock
A Lock for Handler operations in the chain
|
protected String |
configFile |
protected SAMLConfigurationProvider |
configProvider
The user can inject a fully qualified name of a
SAMLConfigurationProvider |
protected boolean |
enableAudit |
protected String |
identityURL |
protected String |
idpAddress |
protected X509Certificate |
idpCertificate
If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata
|
protected String |
issuerID |
protected TrustKeyManager |
keyManager |
protected static PicketLinkLogger |
logger |
protected PicketLinkType |
picketLinkConfiguration |
protected String |
samlHandlerChainClass |
protected boolean |
saveRestoreRequest |
protected String |
serviceURL |
protected SPType |
spConfiguration |
protected Timer |
timer |
protected int |
timerInterval |
Constructor and Description |
---|
BaseFormAuthenticator() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled.
|
protected abstract String |
getBinding()
Return the SAML Binding that this authenticator supports
|
String |
getConfigFile()
Get the name of the configuration file
|
SPType |
getConfiguration()
Get the
SPType |
String |
getIdentityURL()
Get the Identity URL
|
X509Certificate |
getIdpCertificate()
Get the
X509Certificate of the IDP if provided via the IDP metadata file |
protected IDPSSODescriptorType |
getIDPSSODescriptor(EntitiesDescriptorType entities) |
protected IDPSSODescriptorType |
handleMetadata(EntitiesDescriptorType entities) |
protected IDPSSODescriptorType |
handleMetadata(EntityDescriptorType entityDescriptor) |
protected void |
initializeHandlerChain() |
protected abstract void |
initKeyProvider(Context context) |
protected boolean |
localAuthentication(Request request,
Response response,
LoginConfig loginConfig)
Fall back on local authentication at the service provider side
|
protected void |
populateChainConfig() |
protected void |
processConfiguration()
Process the configuration from the configuration file
|
protected void |
processIDPMetadataFile(String idpMetadataFile)
Attempt to process a metadata file available locally
|
protected void |
register(Request request,
Response response,
Principal principal,
String arg3,
String arg4,
String arg5)
This method is a hack!!! Tomcat on account of Servlet3 changed their authenticator method signatures We utilize Java
Reflection to identify the super register method on the first call and save it.
|
protected void |
sendToLogoutPage(Request request,
Response response,
Session session) |
void |
setAuditHelper(PicketLinkAuditHelper auditHelper) |
void |
setConfigFile(String configFile)
Set the name of the configuration file
|
void |
setConfigProvider(SAMLConfigurationProvider configProvider)
Set an instance of the
SAMLConfigurationProvider |
void |
setConfigProvider(String cp)
Set the
SAMLConfigurationProvider fqn |
void |
setIdpAddress(String idpAddress)
If the request.getRemoteAddr is not exactly the IDP address that you have keyed in your deployment descriptor for
keystore alias, you can set it here explicitly
|
void |
setIssuerID(String issuerID)
Set a separate issuer id
|
void |
setLogOutPage(String logOutPage)
Set the logout page
|
void |
setSamlHandlerChainClass(String samlHandlerChainClass)
Set the SAML Handler Chain Class fqn
|
void |
setSaveRestoreRequest(boolean saveRestoreRequest)
Set whether the authenticator saves/restores the request
during form authentication
|
void |
setServiceURL(String serviceURL)
Set the service URL
|
void |
setTimerInterval(String value)
Set the Timer Value to reload the configuration
|
protected void |
startPicketLink() |
void |
testStart() |
protected boolean |
validate(Request request)
Perform validation os the request object
|
protected static final PicketLinkLogger logger
protected boolean enableAudit
protected PicketLinkAuditHelper auditHelper
protected TrustKeyManager keyManager
protected SPType spConfiguration
protected PicketLinkType picketLinkConfiguration
protected String serviceURL
protected String identityURL
protected String issuerID
protected String configFile
protected transient X509Certificate idpCertificate
protected transient SAML2HandlerChain chain
protected transient String samlHandlerChainClass
protected boolean saveRestoreRequest
protected Lock chainLock
protected String canonicalizationMethod
protected SAMLConfigurationProvider configProvider
SAMLConfigurationProvider
protected int timerInterval
protected Timer timer
protected String idpAddress
public void setIdpAddress(String idpAddress)
public String getConfigFile()
public void setConfigFile(String configFile)
configFile
- public void setSamlHandlerChainClass(String samlHandlerChainClass)
samlHandlerChainClass
- public void setServiceURL(String serviceURL)
serviceURL
- public void setSaveRestoreRequest(boolean saveRestoreRequest)
saveRestoreRequest
- public void setConfigProvider(String cp)
SAMLConfigurationProvider
fqncp
- fqn of a SAMLConfigurationProvider
public void setConfigProvider(SAMLConfigurationProvider configProvider)
SAMLConfigurationProvider
configProvider
- public void setIssuerID(String issuerID)
issuerID
- public void setLogOutPage(String logOutPage)
logOutPage
- public void setTimerInterval(String value)
value
- an integer value that represents timer value (in miliseconds)protected boolean validate(Request request)
request
- IOException
GeneralSecurityException
public String getIdentityURL()
public X509Certificate getIdpCertificate()
X509Certificate
of the IDP if provided via the IDP metadata fileX509Certificate
or nullprotected void register(Request request, Response response, Principal principal, String arg3, String arg4, String arg5)
Method
org.apache.catalina.authenticator.AuthenticatorBase#register(org.apache.catalina.connector.Request,
org.apache.catalina.connector.Response, java.security.Principal, java.lang.String, java.lang.String,
java.lang.String)
protected boolean localAuthentication(Request request, Response response, LoginConfig loginConfig) throws IOException
request
- response
- loginConfig
- IOException
protected abstract String getBinding()
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}
,
JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}
protected void processIDPMetadataFile(String idpMetadataFile)
protected void processConfiguration()
protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entities)
protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptor)
protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entities)
protected void initializeHandlerChain() throws ConfigurationException, ProcessingException
protected void populateChainConfig() throws ConfigurationException, ProcessingException
protected void sendToLogoutPage(Request request, Response response, Session session) throws IOException, ServletException
IOException
ServletException
public void testStart() throws LifecycleException
LifecycleException
protected void startPicketLink() throws LifecycleException
LifecycleException
protected boolean doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. Subclasses that supports signature should override this method.
protected abstract void initKeyProvider(Context context) throws LifecycleException
LifecycleException
public void setAuditHelper(PicketLinkAuditHelper auditHelper)
Copyright © 2021 JBoss by Red Hat. All rights reserved.