keycloak
公開メンバ関数 | 静的公開メンバ関数 | 静的公開変数類 | 静的非公開メンバ関数 | 全メンバ一覧
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter クラス
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter の継承関係図
Inheritance graph
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter 連携図
Collaboration graph

公開メンバ関数

boolean isSupported (String description)
 
ClientRepresentation convertToInternal (String description)
 
ClientDescriptionConverter create (KeycloakSession session)
 
void init (Config.Scope config)
 
void postInit (KeycloakSessionFactory factory)
 
void close ()
 
String getId ()
 
default int order ()
 

静的公開メンバ関数

static SPSSODescriptorType getSPDescriptor (EntityDescriptorType entityDescriptor)
 
static String getServiceURL (SPSSODescriptorType sp, String bindingURI)
 

静的公開変数類

static final String ID = "saml2-entity-descriptor"
 

静的非公開メンバ関数

static ClientRepresentation loadEntityDescriptors (InputStream is)
 
static String getLogoutLocation (SPSSODescriptorType idp, String bindingURI)
 

詳解

著者
Bill Burke
バージョン
Revision
1

関数詳解

◆ close()

void org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.close ( )
inline

org.keycloak.provider.Providerを実装しています。

236  {
237  }

◆ convertToInternal()

ClientRepresentation org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.convertToInternal ( String  description)
inline

org.keycloak.exportimport.ClientDescriptionConverterを実装しています。

67  {
68  return loadEntityDescriptors(new ByteArrayInputStream(description.getBytes()));
69  }
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.loadEntityDescriptors
static ClientRepresentation loadEntityDescriptors(InputStream is)
Definition: EntityDescriptorDescriptionConverter.java:106

◆ create()

ClientDescriptionConverter org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.create ( KeycloakSession  session)
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

223  {
224  return this;
225  }

◆ getId()

String org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getId ( )
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

240  {
241  return ID;
242  }
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.ID
static final String ID
Definition: EntityDescriptorDescriptionConverter.java:58

◆ getLogoutLocation()

static String org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getLogoutLocation ( SPSSODescriptorType  idp,
String  bindingURI 
)
inlinestaticprivate
203  {
204  String logoutResponseLocation = null;
205 
206  List<EndpointType> endpoints = idp.getSingleLogoutService();
207  for (EndpointType endpoint : endpoints) {
208  if (endpoint.getBinding().toString().equals(bindingURI)) {
209  if (endpoint.getLocation() != null) {
210  logoutResponseLocation = endpoint.getLocation().toString();
211  } else {
212  logoutResponseLocation = null;
213  }
214 
215  break;
216  }
217 
218  }
219  return logoutResponseLocation;
220  }

◆ getServiceURL()

static String org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getServiceURL ( SPSSODescriptorType  sp,
String  bindingURI 
)
inlinestatic

Get the service url for the SP

引数
sp
bindingURI
戻り値
95  {
96  List<IndexedEndpointType> endpoints = sp.getAssertionConsumerService();
97  for (IndexedEndpointType endpoint : endpoints) {
98  if (Objects.equals(endpoint.getBinding().toString(), bindingURI)) {
99  return endpoint.getLocation().toString();
100  }
101 
102  }
103  return null;
104  }

◆ getSPDescriptor()

static SPSSODescriptorType org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getSPDescriptor ( EntityDescriptorType  entityDescriptor)
inlinestatic

Get the SP Descriptor from an entity descriptor

引数
entityDescriptor
戻り値
78  {
79  return entityDescriptor.getChoiceType().stream()
80  .flatMap(d -> d.getDescriptors().stream())
81  .map(EDTDescriptorChoiceType::getSpDescriptor)
82  .filter(Objects::nonNull)
83  .findFirst()
84  .orElse(null);
85  }

◆ init()

void org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.init ( Config.Scope  config)
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

228  {
229  }

◆ isSupported()

boolean org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.isSupported ( String  description)
inline

org.keycloak.exportimport.ClientDescriptionConverterFactoryを実装しています。

61  {
62  description = description.trim();
63  return (description.startsWith("<") && description.endsWith(">") && description.contains("EntityDescriptor"));
64  }

◆ loadEntityDescriptors()

static ClientRepresentation org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.loadEntityDescriptors ( InputStream  is)
inlinestaticprivate
106  {
107  Object metadata;
108  try {
109  metadata = SAMLParser.getInstance().parse(is);
110  } catch (ParsingException e) {
111  throw new RuntimeException(e);
112  }
113  EntitiesDescriptorType entities;
114 
115  if (EntitiesDescriptorType.class.isInstance(metadata)) {
116  entities = (EntitiesDescriptorType) metadata;
117  } else {
118  entities = new EntitiesDescriptorType();
119  entities.addEntityDescriptor(metadata);
120  }
121 
122  if (entities.getEntityDescriptor().size() != 1) {
123  throw new RuntimeException("Expected one entity descriptor");
124  }
125 
126  EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0);
127  String entityId = entity.getEntityID();
128 
129  ClientRepresentation app = new ClientRepresentation();
130  app.setClientId(entityId);
131 
132  Map<String, String> attributes = new HashMap<>();
133  app.setAttributes(attributes);
134 
135  List<String> redirectUris = new LinkedList<>();
136  app.setRedirectUris(redirectUris);
137 
138  app.setFullScopeAllowed(true);
139  app.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
140  attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE); // default to true
141  attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE_KEYINFO_EXT, SamlProtocol.ATTRIBUTE_FALSE_VALUE); // default to false
142  attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
143  attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
144  SPSSODescriptorType spDescriptorType = getSPDescriptor(entity);
145  if (spDescriptorType.isWantAssertionsSigned()) {
146  attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
147  }
148  String logoutPost = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
149  if (logoutPost != null) attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutPost);
150  String logoutRedirect = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
151  if (logoutRedirect != null) attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, logoutRedirect);
152 
153  String assertionConsumerServicePostBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
154  if (assertionConsumerServicePostBinding != null) {
155  attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, assertionConsumerServicePostBinding);
156  redirectUris.add(assertionConsumerServicePostBinding);
157  }
158  String assertionConsumerServiceRedirectBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
159  if (assertionConsumerServiceRedirectBinding != null) {
160  attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, assertionConsumerServiceRedirectBinding);
161  redirectUris.add(assertionConsumerServiceRedirectBinding);
162  }
163  String assertionConsumerServiceSoapBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_SOAP_BINDING.get());
164  if (assertionConsumerServiceSoapBinding != null) {
165  redirectUris.add(assertionConsumerServiceSoapBinding);
166  }
167  String assertionConsumerServicePaosBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_PAOS_BINDING.get());
168  if (assertionConsumerServicePaosBinding != null) {
169  redirectUris.add(assertionConsumerServicePaosBinding);
170  }
171  if (spDescriptorType.getNameIDFormat() != null) {
172  for (String format : spDescriptorType.getNameIDFormat()) {
173  String attribute = SamlClient.samlNameIDFormatToClientAttribute(format);
174  if (attribute != null) {
175  attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, attribute);
176  break;
177  }
178  }
179  }
180 
181  for (KeyDescriptorType keyDescriptor : spDescriptorType.getKeyDescriptor()) {
182  X509Certificate cert = null;
183  try {
184  cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
185  } catch (ConfigurationException e) {
186  throw new RuntimeException(e);
187  } catch (ProcessingException e) {
188  throw new RuntimeException(e);
189  }
190  String certPem = KeycloakModelUtils.getPemFromCertificate(cert);
191  if (keyDescriptor.getUse() == KeyTypes.SIGNING) {
192  attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
193  attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, certPem);
194  } else if (keyDescriptor.getUse() == KeyTypes.ENCRYPTION) {
195  attributes.put(SamlConfigAttributes.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
196  attributes.put(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, certPem);
197  }
198  }
199 
200  return app;
201  }
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getServiceURL
static String getServiceURL(SPSSODescriptorType sp, String bindingURI)
Definition: EntityDescriptorDescriptionConverter.java:95
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getSPDescriptor
static SPSSODescriptorType getSPDescriptor(EntityDescriptorType entityDescriptor)
Definition: EntityDescriptorDescriptionConverter.java:78
org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.getLogoutLocation
static String getLogoutLocation(SPSSODescriptorType idp, String bindingURI)
Definition: EntityDescriptorDescriptionConverter.java:203

◆ order()

default int org.keycloak.provider.ProviderFactory< T extends Provider >.order ( )
inlineinherited

org.keycloak.protocol.docker.DockerAuthV2ProtocolFactory, org.keycloak.urls.HostnameProviderFactory, org.keycloak.protocol.oidc.ext.OIDCExtProviderFactoryで実装されています。

56  {
57  return 0;
58  }

◆ postInit()

void org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.postInit ( KeycloakSessionFactory  factory)
inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

232  {
233  }

メンバ詳解

◆ ID

final String org.keycloak.protocol.saml.EntityDescriptorDescriptionConverter.ID = "saml2-entity-descriptor"
static
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時35分36秒作成 - keycloak / 構成:   doxygen 1.8.13