public class SAMLHelper extends Object
The Security Assertion Markup Language is an XML beast to permit identity federation accross cloud services. This implementation provides all the tools required to become an identity consumer, which can call an identity provider to authenticate a user.
Modifier and Type | Field and Description |
---|---|
static sirius.kernel.health.Log |
LOG
Used to log all events related to SAML.
|
static int |
MAX_TIMESTAMP_DELTA_IN_HOURS
A response as a timestamp called IssueInstant.
|
Constructor and Description |
---|
SAMLHelper() |
Modifier and Type | Method and Description |
---|---|
String |
generateAuthenticationRequest(String issuer,
String issuerIndex)
Generates a base64 encoded XML request which can be POSTed to a SAML 2 identity provider.
|
SAMLResponse |
parseSAMLResponse(WebContext ctx)
Parses a SAML 2 response from the given request.
|
public static final sirius.kernel.health.Log LOG
Some FINE loggings are provided which might support troubleshooting.
public static final int MAX_TIMESTAMP_DELTA_IN_HOURS
public String generateAuthenticationRequest(String issuer, String issuerIndex)
issuer
- the name of the issuer. This tells the identity provider "who" is asking to perform an authentication.issuerIndex
- the index of the issuer. As the identity provider might manage several endpoints for a
single issuer configuration, different indices can be passed in. The default value would
be "0"public SAMLResponse parseSAMLResponse(WebContext ctx)
Note that the fingerprint must be verified in some way or another, as this method only checks if the signature is valid, not who created it.
ctx
- the http request to read the response fromCopyright © 2018. All rights reserved.