|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.SAMLPOSTProfile
Basic implementation of SAML POST browser profile
Constructor Summary | |
SAMLPOSTProfile()
|
Method Summary | |
static SAMLResponse |
accept(byte[] buf,
java.lang.String receiver,
int ttlSeconds,
boolean process)
Parse a Base-64 encoded buffer back into a SAML response and optionally test its validity against the POST profile |
static boolean |
checkReplayCache(SAMLAssertion a)
Searches the replay cache for the specified assertion and inserts a newly seen assertion into the cache |
static SAMLAssertion |
getSSOAssertion(SAMLResponse r,
java.util.Collection audiences)
Locates an assertion containing a "bearer" AuthenticationStatement in the response and validates the enclosing assertion with respect to the POST profile |
static SAMLAuthenticationStatement |
getSSOStatement(SAMLAssertion a)
Locates a "bearer" AuthenticationStatement in the assertion and validates the statement with respect to the POST profile |
static SAMLResponse |
prepare(java.lang.String recipient,
java.lang.String issuer,
java.util.Collection audiences,
SAMLNameIdentifier nameId,
java.lang.String subjectIP,
java.lang.String authMethod,
java.util.Date authInstant,
java.util.Collection bindings)
Used by authenticating site to generate a SAML response conforming to the POST profile |
static SAMLResponse |
prepare(java.lang.String recipient,
java.lang.String issuer,
java.util.Collection audiences,
java.lang.String name,
java.lang.String nameQualifier,
java.lang.String format,
java.lang.String subjectIP,
java.lang.String authMethod,
java.util.Date authInstant,
java.util.Collection bindings)
Deprecated. Callers should prefer the overloaded method that accepts SAMLNameIdentifier objects |
static void |
process(SAMLResponse r,
java.lang.String receiver,
int ttlSeconds)
Test the validity of a response against the POST profile |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public SAMLPOSTProfile()
Method Detail |
public static SAMLAssertion getSSOAssertion(SAMLResponse r, java.util.Collection audiences) throws SAMLException
r
- The response to the accepting siteaudiences
- The set of audience values to test any conditions
against
SAMLException
- Thrown if a valid SSO assertion cannot be foundpublic static SAMLAuthenticationStatement getSSOStatement(SAMLAssertion a) throws SAMLException
a
- The SSO assertion sent to the accepting site
SAMLException
- Thrown if a SSO statement cannot be foundpublic static boolean checkReplayCache(SAMLAssertion a)
Also performs garbage collection of the cache by deleting expired entries.
a
- The assertion to look up and possibly add
public static SAMLResponse accept(byte[] buf, java.lang.String receiver, int ttlSeconds, boolean process) throws SAMLException
The signature over the response is not verified or examined, nor is the identity of the signer. The replay cache is also not checked.
buf
- A Base-64 encoded buffer containing a SAML
responsereceiver
- The URL of the intended consumer of the
responsettlSeconds
- Seconds allowed to lapse from the issuance of
the responseprocess
- Process the response or just decode and parse it?
SAMLException
- Thrown if the response is invalidpublic static void process(SAMLResponse r, java.lang.String receiver, int ttlSeconds) throws SAMLException
The signature over the response is not verified or examined, nor is the identity of the signer. The replay cache is also not checked.
r
- The response to processreceiver
- The URL of the intended consumer of the
responsettlSeconds
- Seconds allowed to lapse from the issuance of
the response
SAMLException
- Thrown if the response is invalidpublic static SAMLResponse prepare(java.lang.String recipient, java.lang.String issuer, java.util.Collection audiences, java.lang.String name, java.lang.String nameQualifier, java.lang.String format, java.lang.String subjectIP, java.lang.String authMethod, java.util.Date authInstant, java.util.Collection bindings) throws SAMLException
SAMLNameIdentifier
objects
The response MUST be signed by the caller before sending to relying site.
Implementations that need to embed additional statements or more complex conditions can override or ignore this class.
recipient
- URL of intended consumerissuer
- Issuer of assertionaudiences
- URIs identifying intended relying
parties/communities (optional)name
- Name of subjectnameQualifier
- Federates or qualifies subject name (optional)format
- URI describing name semantics and format
(optional)subjectIP
- Client address of subject (optional)authMethod
- URI of authentication method being assertedauthInstant
- Date and time of authentication being assertedbindings
- Set of SAML authorities the relying party
may contact (optional)
SAMLException
- Base class of exceptions that may be thrown
during processingpublic static SAMLResponse prepare(java.lang.String recipient, java.lang.String issuer, java.util.Collection audiences, SAMLNameIdentifier nameId, java.lang.String subjectIP, java.lang.String authMethod, java.util.Date authInstant, java.util.Collection bindings) throws SAMLException
The response MUST be signed by the caller before sending to relying site.
Implementations that need to embed additional statements or more complex conditions can override or ignore this class.
recipient
- URL of intended consumerissuer
- Issuer of assertionaudiences
- URIs identifying intended relying
parties/communities (optional)nameId
- Name Identifier representing the subjectsubjectIP
- Client address of subject (optional)authMethod
- URI of authentication method being assertedauthInstant
- Date and time of authentication being assertedbindings
- Set of SAML authorities the relying party
may contact (optional)
SAMLException
- Base class of exceptions that may be thrown
during processing
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |