org.picketlink.identity.federation.bindings.tomcat.sp
public abstract class BaseFormAuthenticator extends org.apache.catalina.authenticator.FormAuthenticator
Modifier and Type | Field and Description |
---|---|
protected org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper |
auditHelper |
protected String |
canonicalizationMethod |
protected org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain |
chain |
protected Map<String,Object> |
chainConfigOptions |
protected Lock |
chainLock
A Lock for Handler operations in the chain
|
protected String |
configFile |
protected org.picketlink.identity.federation.web.util.SAMLConfigurationProvider |
configProvider
The user can inject a fully qualified name of a
SAMLConfigurationProvider |
protected boolean |
enableAudit |
protected String |
identityURL |
protected String |
idpAddress |
protected X509Certificate |
idpCertificate
If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata
|
protected String |
issuerID |
protected org.picketlink.identity.federation.core.interfaces.TrustKeyManager |
keyManager |
protected static org.picketlink.common.PicketLinkLogger |
logger |
protected org.picketlink.config.federation.PicketLinkType |
picketLinkConfiguration |
protected String |
samlHandlerChainClass |
protected boolean |
saveRestoreRequest |
protected String |
serviceURL |
protected org.picketlink.config.federation.SPType |
spConfiguration |
protected Timer |
timer |
protected int |
timerInterval |
characterEncoding, info, landingPage
AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sso, started, unregisterSsoOnLogout
Constructor and Description |
---|
BaseFormAuthenticator() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled.
|
protected abstract String |
getBinding()
Return the SAML Binding that this authenticator supports
|
String |
getConfigFile()
Get the name of the configuration file
|
org.picketlink.config.federation.SPType |
getConfiguration()
Get the
SPType |
String |
getIdentityURL()
Get the Identity URL
|
X509Certificate |
getIdpCertificate()
Get the
X509Certificate of the IDP if provided via the IDP metadata file |
protected org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType |
getIDPSSODescriptor(org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType entities) |
protected org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType |
handleMetadata(org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType entities) |
protected org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType |
handleMetadata(org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType entityDescriptor) |
protected void |
initializeHandlerChain() |
protected abstract void |
initKeyProvider(org.apache.catalina.Context context) |
protected boolean |
localAuthentication(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.deploy.LoginConfig loginConfig)
Fall back on local authentication at the service provider side
|
protected void |
populateChainConfig() |
protected void |
processConfiguration()
Process the configuration from the configuration file
|
protected void |
processIDPMetadataFile(String idpMetadataFile)
Attempt to process a metadata file available locally
|
protected void |
register(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
Principal principal,
String arg3,
String arg4,
String arg5)
This method is a hack!!! Tomcat on account of Servlet3 changed their authenticator method signatures We utilize Java
Reflection to identify the super register method on the first call and save it.
|
protected void |
sendToLogoutPage(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.Session session) |
void |
setAuditHelper(org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper auditHelper) |
void |
setConfigFile(String configFile)
Set the name of the configuration file
|
void |
setConfigProvider(org.picketlink.identity.federation.web.util.SAMLConfigurationProvider configProvider)
Set an instance of the
SAMLConfigurationProvider |
void |
setConfigProvider(String cp)
Set the
SAMLConfigurationProvider fqn |
void |
setIdpAddress(String idpAddress)
If the request.getRemoteAddr is not exactly the IDP address that you have keyed in your deployment descriptor for
keystore alias, you can set it here explicitly
|
void |
setIssuerID(String issuerID)
Set a separate issuer id
|
void |
setLogOutPage(String logOutPage)
Set the logout page
|
void |
setSamlHandlerChainClass(String samlHandlerChainClass)
Set the SAML Handler Chain Class fqn
|
void |
setSaveRestoreRequest(boolean saveRestoreRequest)
Set whether the authenticator saves/restores the request
during form authentication
|
void |
setServiceURL(String serviceURL)
Set the service URL
|
void |
setTimerInterval(String value)
Set the Timer Value to reload the configuration
|
protected void |
startPicketLink() |
void |
testStart() |
protected boolean |
validate(org.apache.catalina.connector.Request request)
Perform validation os the request object
|
authenticate, forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage
addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, isUnregisterSsoOnLogout, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, setUnregisterSsoOnLogout, start, stop, unregister
protected static final org.picketlink.common.PicketLinkLogger logger
protected boolean enableAudit
protected org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper auditHelper
protected org.picketlink.identity.federation.core.interfaces.TrustKeyManager keyManager
protected org.picketlink.config.federation.SPType spConfiguration
protected org.picketlink.config.federation.PicketLinkType picketLinkConfiguration
protected String serviceURL
protected String identityURL
protected String issuerID
protected String configFile
protected transient X509Certificate idpCertificate
protected transient org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain chain
protected transient String samlHandlerChainClass
protected boolean saveRestoreRequest
protected Lock chainLock
protected String canonicalizationMethod
protected org.picketlink.identity.federation.web.util.SAMLConfigurationProvider configProvider
SAMLConfigurationProvider
protected int timerInterval
protected Timer timer
protected String idpAddress
public void setIdpAddress(String idpAddress)
public String getConfigFile()
public void setConfigFile(String configFile)
configFile
- public void setSamlHandlerChainClass(String samlHandlerChainClass)
samlHandlerChainClass
- public void setServiceURL(String serviceURL)
serviceURL
- public void setSaveRestoreRequest(boolean saveRestoreRequest)
saveRestoreRequest
- public void setConfigProvider(String cp)
SAMLConfigurationProvider
fqncp
- fqn of a SAMLConfigurationProvider
public void setConfigProvider(org.picketlink.identity.federation.web.util.SAMLConfigurationProvider configProvider)
SAMLConfigurationProvider
configProvider
- public org.picketlink.config.federation.SPType getConfiguration()
SPType
public void setIssuerID(String issuerID)
issuerID
- public void setLogOutPage(String logOutPage)
logOutPage
- public void setTimerInterval(String value)
value
- an integer value that represents timer value (in miliseconds)protected boolean validate(org.apache.catalina.connector.Request request)
request
- IOException
GeneralSecurityException
public String getIdentityURL()
public X509Certificate getIdpCertificate()
X509Certificate
of the IDP if provided via the IDP metadata fileX509Certificate
or nullprotected void register(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, Principal principal, String arg3, String arg4, String arg5)
Method
org.apache.catalina.authenticator.AuthenticatorBase#register(org.apache.catalina.connector.Request,
org.apache.catalina.connector.Response, java.security.Principal, java.lang.String, java.lang.String,
java.lang.String)
protected boolean localAuthentication(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig) throws IOException
request
- response
- loginConfig
- IOException
protected abstract String getBinding()
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}
,
JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}
protected void processIDPMetadataFile(String idpMetadataFile)
protected void processConfiguration()
protected org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType handleMetadata(org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType entities)
protected org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType handleMetadata(org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType entityDescriptor)
protected org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType getIDPSSODescriptor(org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType entities)
protected void initializeHandlerChain() throws org.picketlink.common.exceptions.ConfigurationException, org.picketlink.common.exceptions.ProcessingException
org.picketlink.common.exceptions.ConfigurationException
org.picketlink.common.exceptions.ProcessingException
protected void populateChainConfig() throws org.picketlink.common.exceptions.ConfigurationException, org.picketlink.common.exceptions.ProcessingException
org.picketlink.common.exceptions.ConfigurationException
org.picketlink.common.exceptions.ProcessingException
protected void sendToLogoutPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.Session session) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void testStart() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected void startPicketLink() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected boolean doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. Subclasses that supports signature should override this method.
protected abstract void initKeyProvider(org.apache.catalina.Context context) throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
public void setAuditHelper(org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper auditHelper)
Copyright © 2015 JBoss by Red Hat. All Rights Reserved.