@Path(value="/") public class IdpEndpoint extends Object implements Idp, SessionHandler
Modifier and Type | Field and Description |
---|---|
protected CookieCache |
cookieCache |
static String |
SERVICES_IDP_PATH |
static com.google.common.collect.ImmutableSet<org.opensaml.security.credential.UsageType> |
USAGE_TYPES |
ACS_URL, AUTH_METHOD, COOKIE, ECP_RELAY_STATE, ECP_REQUEST_AUTHENTICATED, ECP_RESPONSE, GUEST, HTTP_ARTIFACT_BINDING, HTTP_POST_BINDING, HTTP_REDIRECT_BINDING, IDP_STATE_OBJ, ORIGINAL_BINDING, PAOS_BINDING, PKI, RELAY_STATE, SAML, SAML_REQ, SAML_RESPONSE, SAML_SOAP_BINDING, SAML_TYPE, SUPPORTED_BINDINGS, USER_PASS
Constructor and Description |
---|
IdpEndpoint(String signaturePropertiesPath,
String encryptionPropertiesPath,
EncryptionService encryptionService) |
Modifier and Type | Method and Description |
---|---|
void |
bindPresignPlugin(org.osgi.framework.ServiceReference<SamlPresignPlugin> pluginRef) |
javax.ws.rs.core.Response |
doSoapLogin(InputStream body,
javax.servlet.http.HttpServletRequest request) |
Map<String,Set<String>> |
getActiveSessions()
Gets the set of active sessions and their attached SPs.
|
Set<String> |
getActiveSps(String cacheId) |
RelayStates<LogoutState> |
getLogoutStates() |
protected org.opensaml.saml.saml2.core.Response |
handleLogin(org.opensaml.saml.saml2.core.AuthnRequest authnRequest,
String authMethod,
javax.servlet.http.HttpServletRequest request,
org.codice.ddf.security.idp.server.IdpEndpoint.AuthObj authObj,
Binding binding,
boolean passive,
boolean hasCookie,
boolean hasSignature) |
void |
init() |
javax.ws.rs.core.Response |
processLogin(String samlRequest,
String relayState,
String authMethod,
String signatureAlgorithm,
String signature,
String originalBinding,
javax.servlet.http.HttpServletRequest request)
Processes a login attempt from the IdP login web app.
|
javax.ws.rs.core.Response |
processPostLogout(String samlRequest,
String samlResponse,
String relayState,
javax.servlet.http.HttpServletRequest request) |
javax.ws.rs.core.Response |
processRedirectLogout(String samlRequest,
String samlResponse,
String relayState,
String signatureAlgorithm,
String signature,
javax.servlet.http.HttpServletRequest request)
aka HTTP-Redirect
|
javax.ws.rs.core.Response |
retrieveMetadata()
Returns the metadata associated with this IdP.
|
void |
setExpirationTime(int expirationTime) |
void |
setGuestAccess(boolean guestAccess) |
void |
setLogoutMessage(LogoutMessage logoutMessage) |
void |
setLogoutStates(RelayStates<LogoutState> logoutStates) |
void |
setSecurityManager(SecurityManager securityManager) |
void |
setSpMetadata(List<String> spMetadata) |
void |
setStrictSignature(Boolean strictSignature) |
void |
setTokenFactory(PKIAuthenticationTokenFactory tokenFactory) |
javax.ws.rs.core.Response |
showGetLogin(String samlRequest,
String relayState,
String signatureAlgorithm,
String signature,
javax.servlet.http.HttpServletRequest request)
Returns the IdP login form.
|
javax.ws.rs.core.Response |
showPostLogin(String samlRequest,
String relayState,
javax.servlet.http.HttpServletRequest request)
Returns the IdP login form.
|
void |
unbindPresignPlugin(org.osgi.framework.ServiceReference<SamlPresignPlugin> pluginRef) |
public static final String SERVICES_IDP_PATH
public static final com.google.common.collect.ImmutableSet<org.opensaml.security.credential.UsageType> USAGE_TYPES
protected CookieCache cookieCache
public IdpEndpoint(String signaturePropertiesPath, String encryptionPropertiesPath, EncryptionService encryptionService)
public void init()
public Map<String,Set<String>> getActiveSessions()
SessionHandler
getActiveSessions
in interface SessionHandler
@POST @Path(value="/login") @Consumes(value={"text/xml","application/soap+xml"}) public javax.ws.rs.core.Response doSoapLogin(InputStream body, @Context javax.servlet.http.HttpServletRequest request)
doSoapLogin
in interface Idp
@POST @Path(value="/login") public javax.ws.rs.core.Response showPostLogin(@FormParam(value="SAMLRequest") String samlRequest, @FormParam(value="RelayState") String relayState, @Context javax.servlet.http.HttpServletRequest request) throws org.apache.wss4j.common.ext.WSSecurityException
Idp
showPostLogin
in interface Idp
org.apache.wss4j.common.ext.WSSecurityException
@GET @Path(value="/login") public javax.ws.rs.core.Response showGetLogin(@QueryParam(value="SAMLRequest") String samlRequest, @Encoded @QueryParam(value="RelayState") String relayState, @QueryParam(value="SigAlg") String signatureAlgorithm, @QueryParam(value="Signature") String signature, @Context javax.servlet.http.HttpServletRequest request) throws org.apache.wss4j.common.ext.WSSecurityException
Idp
showGetLogin
in interface Idp
org.apache.wss4j.common.ext.WSSecurityException
@GET @Path(value="/login/sso") public javax.ws.rs.core.Response processLogin(@QueryParam(value="SAMLRequest") String samlRequest, @QueryParam(value="RelayState") String relayState, @QueryParam(value="AuthMethod") String authMethod, @QueryParam(value="SigAlg") String signatureAlgorithm, @QueryParam(value="Signature") String signature, @QueryParam(value="OriginalBinding") String originalBinding, @Context javax.servlet.http.HttpServletRequest request)
Idp
processLogin
in interface Idp
protected org.opensaml.saml.saml2.core.Response handleLogin(org.opensaml.saml.saml2.core.AuthnRequest authnRequest, String authMethod, javax.servlet.http.HttpServletRequest request, org.codice.ddf.security.idp.server.IdpEndpoint.AuthObj authObj, Binding binding, boolean passive, boolean hasCookie, boolean hasSignature) throws SecurityServiceException, org.apache.wss4j.common.ext.WSSecurityException
SecurityServiceException
org.apache.wss4j.common.ext.WSSecurityException
@GET @Path(value="/login/metadata") @Produces(value="application/xml") public javax.ws.rs.core.Response retrieveMetadata() throws org.apache.wss4j.common.ext.WSSecurityException, CertificateEncodingException
Idp
retrieveMetadata
in interface Idp
org.apache.wss4j.common.ext.WSSecurityException
CertificateEncodingException
@GET @Path(value="/logout") public javax.ws.rs.core.Response processRedirectLogout(@QueryParam(value="SAMLRequest") String samlRequest, @QueryParam(value="SAMLResponse") String samlResponse, @QueryParam(value="RelayState") String relayState, @QueryParam(value="SigAlg") String signatureAlgorithm, @QueryParam(value="Signature") String signature, @Context javax.servlet.http.HttpServletRequest request) throws org.apache.wss4j.common.ext.WSSecurityException, IdpException
processRedirectLogout
in interface Idp
samlRequest
- the base64 encoded saml requestsamlResponse
- the base64 encoded saml responserelayState
- the UUID that references the logout statesignatureAlgorithm
- this signing algorithmsignature
- the signature of the urlrequest
- the http servlet requestorg.apache.wss4j.common.ext.WSSecurityException
IdpException
@POST @Path(value="/logout") public javax.ws.rs.core.Response processPostLogout(@FormParam(value="SAMLRequest") String samlRequest, @FormParam(value="SAMLResponse") String samlResponse, @FormParam(value="RelayState") String relayState, @Context javax.servlet.http.HttpServletRequest request) throws org.apache.wss4j.common.ext.WSSecurityException, IdpException
processPostLogout
in interface Idp
org.apache.wss4j.common.ext.WSSecurityException
IdpException
public void setSecurityManager(SecurityManager securityManager)
public void setTokenFactory(PKIAuthenticationTokenFactory tokenFactory)
public void setStrictSignature(Boolean strictSignature)
public void setExpirationTime(int expirationTime)
public void setLogoutMessage(LogoutMessage logoutMessage)
public void setLogoutStates(RelayStates<LogoutState> logoutStates)
public RelayStates<LogoutState> getLogoutStates()
public void setGuestAccess(boolean guestAccess)
public void bindPresignPlugin(org.osgi.framework.ServiceReference<SamlPresignPlugin> pluginRef)
public void unbindPresignPlugin(org.osgi.framework.ServiceReference<SamlPresignPlugin> pluginRef)
This work is licensed under a Creative Commons Attribution 4.0 International License.