org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService の継承関係図

org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService 連携図

公開メンバ関数
	SamlEcpProfileService (RealmModel realm, EventBuilder event, DestinationValidator destinationValidator)

Response	authenticate (InputStream inputStream)

Response	redirectBinding (@QueryParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest, @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, @QueryParam(GeneralConstants.RELAY_STATE) String relayState)

Response	postBinding (@FormParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest, @FormParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, @FormParam(GeneralConstants.RELAY_STATE) String relayState)

String	getDescriptor () throws Exception

Response	idpInitiatedSSO (@PathParam("client") String clientUrlName, @QueryParam("RelayState") String relayState)

AuthenticationSessionModel	getOrCreateLoginSessionForIdpInitiatedSso (KeycloakSession session, RealmModel realm, ClientModel client, String relayState)

Response	soapBinding (InputStream inputStream)

静的公開メンバ関数
static String	getIDPMetadataDescriptor (UriInfo uriInfo, KeycloakSession session, RealmModel realm) throws IOException

静的公開変数類
static final String	APP_INITIATED_FLOW = "APP_INITIATED_FLOW"

限定公開メンバ関数
Response	newBrowserAuthentication (AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication, SamlProtocol samlProtocol)

AuthenticationFlowModel	getAuthenticationFlow (AuthenticationSessionModel authSession)

Response	newBrowserAuthentication (AuthenticationSessionModel authSession, boolean isPassive, boolean redirectToAuthentication)

AuthenticationProcessor	createProcessor (AuthenticationSessionModel authSession, String flowId, String flowPath)

Response	handleBrowserAuthenticationRequest (AuthenticationSessionModel authSession, LoginProtocol protocol, boolean isPassive, boolean redirectToAuthentication)

void	checkSsl ()

void	checkRealm ()

AuthenticationSessionModel	createAuthenticationSession (ClientModel client, String requestState)

限定公開変数類
RealmModel	realm

EventBuilder	event

AuthenticationManager	authManager

HttpHeaders	headers

HttpRequest	httpRequest

KeycloakSession	session

ClientConnection	clientConnection

静的限定公開変数類
static final Logger	logger = Logger.getLogger(SamlService.class)

非公開メンバ関数
SamlProtocol	createEcpSamlProtocol ()

静的非公開変数類
static final String	NS_PREFIX_PROFILE_ECP = "ecp"

static final String	NS_PREFIX_SAML_PROTOCOL = "samlp"

static final String	NS_PREFIX_SAML_ASSERTION = "saml"

詳解

著者: Pedro Igor

構築子と解体子

◆ SamlEcpProfileService()

org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.SamlEcpProfileService	(	RealmModel	realm,
		EventBuilder	event,
		DestinationValidator	destinationValidator
	)

inline

                                                                                                                   {
         super(realm, event, destinationValidator);
     }

関数詳解

◆ authenticate()

Response org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.authenticate ( InputStream inputStream )

inline

                                                           {
         try {
             return new PostBindingProtocol() {
                 @Override
                 protected String getBindingType(AuthnRequestType requestAbstractType) {
                     return SamlProtocol.SAML_SOAP_BINDING;
                 }
 
                 @Override
                 protected Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client) {
                     // force passive authentication when executing this profile
                     requestAbstractType.setIsPassive(true);
                     requestAbstractType.setDestination(session.getContext().getUri().getAbsolutePath());
                     return super.loginRequest(relayState, requestAbstractType, client);
                 }
             }.execute(Soap.toSamlHttpPostMessage(inputStream), null, null);
         } catch (Exception e) {
             String reason = "Some error occurred while processing the AuthnRequest.";
             String detail = e.getMessage();
 
             if (detail == null) {
                 detail = reason;
             }
 
             return Soap.createFault().reason(reason).detail(detail).build();
         }
     }

◆ checkRealm()

void org.keycloak.protocol.AuthorizationEndpointBase.checkRealm ( )

inlineprotectedinherited

                                 {
         if (!realm.isEnabled()) {
             event.error(Errors.REALM_DISABLED);
             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.REALM_NOT_ENABLED);
         }
     }

◆ checkSsl()

void org.keycloak.protocol.AuthorizationEndpointBase.checkSsl ( )

inlineprotectedinherited

                               {
         if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
             event.error(Errors.SSL_REQUIRED);
             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED);
         }
     }

◆ createAuthenticationSession()

AuthenticationSessionModel org.keycloak.protocol.AuthorizationEndpointBase.createAuthenticationSession	(	ClientModel	client,
		String	requestState
	)

inlineprotectedinherited

                                                                                                               {
         AuthenticationSessionManager manager = new AuthenticationSessionManager(session);
         RootAuthenticationSessionModel rootAuthSession = manager.getCurrentRootAuthenticationSession(realm);
 
         AuthenticationSessionModel authSession;
 
         if (rootAuthSession != null) {
             authSession = rootAuthSession.createAuthenticationSession(client);
 
             logger.debugf("Sent request to authz endpoint. Root authentication session with ID '%s' exists. Client is '%s' . Created new authentication session with tab ID: %s",
                     rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
         } else {
             UserSessionCrossDCManager userSessionCrossDCManager = new UserSessionCrossDCManager(session);
             UserSessionModel userSession = userSessionCrossDCManager.getUserSessionIfExistsRemotely(manager, realm);
 
             if (userSession != null) {
                 String userSessionId = userSession.getId();
                 rootAuthSession = session.authenticationSessions().createRootAuthenticationSession(userSessionId, realm);
                 authSession = rootAuthSession.createAuthenticationSession(client);
                 logger.debugf("Sent request to authz endpoint. We don't have root authentication session with ID '%s' but we have userSession." +
                         "Re-created root authentication session with same ID. Client is: %s . New authentication session tab ID: %s", userSessionId, client.getClientId(), authSession.getTabId());
             } else {
                 rootAuthSession = manager.createAuthenticationSession(realm, true);
                 authSession = rootAuthSession.createAuthenticationSession(client);
                 logger.debugf("Sent request to authz endpoint. Created new root authentication session with ID '%s' . Client: %s . New authentication session tab ID: %s",
                         rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
             }
         }
 
         session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession);
 
         return authSession;
 
     }

◆ createEcpSamlProtocol()

SamlProtocol org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.createEcpSamlProtocol ( )

inlineprivate

                                                  {
         return new SamlProtocol() {
             // method created to send a SOAP Binding response instead of a HTTP POST response
             @Override
             protected Response buildAuthenticatedResponse(AuthenticatedClientSessionModel clientSession, String redirectUri, Document samlDocument, JaxrsSAML2BindingBuilder bindingBuilder) throws ConfigurationException, ProcessingException, IOException {
                 Document document = bindingBuilder.postBinding(samlDocument).getDocument();
 
                 try {
                     Soap.SoapMessageBuilder messageBuilder = Soap.createMessage()
                             .addNamespace(NS_PREFIX_SAML_ASSERTION, JBossSAMLURIConstants.ASSERTION_NSURI.get())
                             .addNamespace(NS_PREFIX_SAML_PROTOCOL, JBossSAMLURIConstants.PROTOCOL_NSURI.get())
                             .addNamespace(NS_PREFIX_PROFILE_ECP, JBossSAMLURIConstants.ECP_PROFILE.get());
 
                     createEcpResponseHeader(redirectUri, messageBuilder);
                     createRequestAuthenticatedHeader(clientSession, messageBuilder);
 
                     messageBuilder.addToBody(document);
 
                     return messageBuilder.build();
                 } catch (Exception e) {
                     throw new RuntimeException("Error while creating SAML response.", e);
                 }
             }
 
             private void createRequestAuthenticatedHeader(AuthenticatedClientSessionModel clientSession, Soap.SoapMessageBuilder messageBuilder) {
                 ClientModel client = clientSession.getClient();
 
                 if ("true".equals(client.getAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE))) {
                     SOAPHeaderElement ecpRequestAuthenticated = messageBuilder.addHeader(JBossSAMLConstants.REQUEST_AUTHENTICATED.get(), NS_PREFIX_PROFILE_ECP);
 
                     ecpRequestAuthenticated.setMustUnderstand(true);
                     ecpRequestAuthenticated.setActor("http://schemas.xmlsoap.org/soap/actor/next");
                 }
             }
 
             private void createEcpResponseHeader(String redirectUri, Soap.SoapMessageBuilder messageBuilder) throws SOAPException {
                 SOAPHeaderElement ecpResponseHeader = messageBuilder.addHeader(JBossSAMLConstants.RESPONSE__ECP.get(), NS_PREFIX_PROFILE_ECP);
 
                 ecpResponseHeader.setMustUnderstand(true);
                 ecpResponseHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next");
                 ecpResponseHeader.addAttribute(messageBuilder.createName(JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_URL.get()), redirectUri);
             }
 
             @Override
             protected Response buildErrorResponse(boolean isPostBinding, String uri, JaxrsSAML2BindingBuilder binding, Document document) throws ConfigurationException, ProcessingException, IOException {
                 return Soap.createMessage().addToBody(document).build();
             }
 
             @Override
             protected Response buildLogoutResponse(UserSessionModel userSession, String logoutBindingUri, SAML2LogoutResponseBuilder builder, JaxrsSAML2BindingBuilder binding) throws ConfigurationException, ProcessingException, IOException {
                 return Soap.createFault().reason("Logout not supported.").build();
             }
         }.setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri());
     }

◆ createProcessor()

AuthenticationProcessor org.keycloak.protocol.AuthorizationEndpointBase.createProcessor	(	AuthenticationSessionModel	authSession,
		String	flowId,
		String	flowPath
	)

inlineprotectedinherited

                                                                                                                               {
         AuthenticationProcessor processor = new AuthenticationProcessor();
         processor.setAuthenticationSession(authSession)
                 .setFlowPath(flowPath)
                 .setFlowId(flowId)
                 .setBrowserFlow(true)
                 .setConnection(clientConnection)
                 .setEventBuilder(event)
                 .setRealm(realm)
                 .setSession(session)
                 .setUriInfo(session.getContext().getUri())
                 .setRequest(httpRequest);
 
         authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);
 
         return processor;
     }

◆ getAuthenticationFlow()

AuthenticationFlowModel org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.getAuthenticationFlow ( AuthenticationSessionModel authSession )

inlineprotected

                                                                                                     {
         for (AuthenticationFlowModel flowModel : realm.getAuthenticationFlows()) {
             if (flowModel.getAlias().equals(DefaultAuthenticationFlows.SAML_ECP_FLOW)) {
                 return flowModel;
             }
         }
 
         throw new RuntimeException("Could not resolve authentication flow for SAML ECP Profile.");
     }

◆ getDescriptor()

String org.keycloak.protocol.saml.SamlService.getDescriptor ( ) throws Exception

inlineinherited

                                                    {
         return getIDPMetadataDescriptor(session.getContext().getUri(), session, realm);
 
     }

◆ getIDPMetadataDescriptor()

static String org.keycloak.protocol.saml.SamlService.getIDPMetadataDescriptor	(	UriInfo	uriInfo,
		KeycloakSession	session,
		RealmModel	realm
	)		throws IOException

inlinestaticinherited

                                                                                                                                  {
         InputStream is = SamlService.class.getResourceAsStream("/idp-metadata-template.xml");
         String template = StreamUtil.readString(is);
         Properties props = new Properties();
         props.put("idp.entityID", RealmsResource.realmBaseUrl(uriInfo).build(realm.getName()).toString());
         props.put("idp.sso.HTTP-POST", RealmsResource.protocolUrl(uriInfo).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString());
         props.put("idp.sso.HTTP-Redirect", RealmsResource.protocolUrl(uriInfo).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString());
         props.put("idp.sls.HTTP-POST", RealmsResource.protocolUrl(uriInfo).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString());
         StringBuilder keysString = new StringBuilder();
         Set<RsaKeyMetadata> keys = new TreeSet<>((o1, o2) -> o1.getStatus() == o2.getStatus() // Status can be only PASSIVE OR ACTIVE, push PASSIVE to end of list
           ? (int) (o2.getProviderPriority() - o1.getProviderPriority())
           : (o1.getStatus() == KeyStatus.PASSIVE ? 1 : -1));
         keys.addAll(session.keys().getRsaKeys(realm));
         for (RsaKeyMetadata key : keys) {
             addKeyInfo(keysString, key, KeyTypes.SIGNING.value());
         }
         props.put("idp.signing.certificates", keysString.toString());
         return StringPropertyReplacer.replaceProperties(template, props);
     }

◆ getOrCreateLoginSessionForIdpInitiatedSso()

AuthenticationSessionModel org.keycloak.protocol.saml.SamlService.getOrCreateLoginSessionForIdpInitiatedSso	(	KeycloakSession	session,
		RealmModel	realm,
		ClientModel	client,
		String	relayState
	)

inlineinherited

Creates a client session object for SAML IdP-initiated SSO session. The session takes the parameters from from client definition, namely binding type and redirect URL.

引数

session	KC session
realm	Realm to create client session in
client	Client to create client session for
relayState	Optional relay state - free field as per SAML specification

戻り値

                                                                                                                                                                   {
         String bindingType = SamlProtocol.SAML_POST_BINDING;
         if (client.getManagementUrl() == null && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE) == null && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE) != null) {
             bindingType = SamlProtocol.SAML_REDIRECT_BINDING;
         }
 
         String redirect;
         if (bindingType.equals(SamlProtocol.SAML_REDIRECT_BINDING)) {
             redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE);
         } else {
             redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE);
         }
         if (redirect == null) {
             redirect = client.getManagementUrl();
         }
 
         AuthenticationSessionModel authSession = createAuthenticationSession(client, null);
 
         authSession.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
         authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
         authSession.setClientNote(SamlProtocol.SAML_BINDING, SamlProtocol.SAML_POST_BINDING);
         authSession.setClientNote(SamlProtocol.SAML_IDP_INITIATED_LOGIN, "true");
         authSession.setRedirectUri(redirect);
 
         if (relayState == null) {
             relayState = client.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_RELAY_STATE);
         }
         if (relayState != null && !relayState.trim().equals("")) {
             authSession.setClientNote(GeneralConstants.RELAY_STATE, relayState);
         }
 
         return authSession;
     }

◆ handleBrowserAuthenticationRequest()

Response org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest	(	AuthenticationSessionModel	authSession,
		LoginProtocol	protocol,
		boolean	isPassive,
		boolean	redirectToAuthentication
	)

inlineprotectedinherited

Common method to handle browser authentication request in protocols unified way.

引数

authSession	for current request
protocol	handler for protocol used to initiate login
isPassive	set to true if login should be passive (without login screen shown)
redirectToAuthentication	if true redirect to flow url. If initial call to protocol is a POST, you probably want to do this. This is so we can disable the back button on browser

戻り値: response to be returned to the browser

                                                                                                                                                                                {
         AuthenticationFlowModel flow = getAuthenticationFlow(authSession);
         String flowId = flow.getId();
         AuthenticationProcessor processor = createProcessor(authSession, flowId, LoginActionsService.AUTHENTICATE_PATH);
         event.detail(Details.CODE_ID, authSession.getParentSession().getId());
         if (isPassive) {
             // OIDC prompt == NONE or SAML 2 IsPassive flag
             // This means that client is just checking if the user is already completely logged in.
             // We cancel login if any authentication action or required action is required
             try {
                 if (processor.authenticateOnly() == null) {
                     // processor.attachSession();
                 } else {
                     Response response = protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED);
                     return response;
                 }
 
                 AuthenticationManager.setClientScopesInSession(authSession);
 
                 if (processor.nextRequiredAction() != null) {
                     Response response = protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
                     return response;
                 }
 
                 // Attach session once no requiredActions or other things are required
                 processor.attachSession();
             } catch (Exception e) {
                 return processor.handleBrowserException(e);
             }
             return processor.finishAuthentication(protocol);
         } else {
             try {
                 RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession);
                 if (redirectToAuthentication) {
                     return processor.redirectToFlow();
                 }
                 return processor.authenticate();
             } catch (Exception e) {
                 return processor.handleBrowserException(e);
             }
         }
     }

◆ idpInitiatedSSO()

Response org.keycloak.protocol.saml.SamlService.idpInitiatedSSO	(	@PathParam("client") String	clientUrlName,
		@QueryParam("RelayState") String	relayState
	)

inlineinherited

                                                                                                                             {
         event.event(EventType.LOGIN);
         CacheControlUtil.noBackButtonCacheControlHeader();
         ClientModel client = null;
         for (ClientModel c : realm.getClients()) {
             String urlName = c.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME);
             if (urlName == null)
                 continue;
             if (urlName.equals(clientUrlName)) {
                 client = c;
                 break;
             }
         }
         if (client == null) {
             event.error(Errors.CLIENT_NOT_FOUND);
             return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
         }
         if (!client.isEnabled()) {
             event.error(Errors.CLIENT_DISABLED);
             return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
         }
         if (client.getManagementUrl() == null && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE) == null && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE) == null) {
             logger.error("SAML assertion consumer url not set up");
             event.error(Errors.INVALID_REDIRECT_URI);
             return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REDIRECT_URI);
         }
 
         session.getContext().setClient(client);
 
         AuthenticationSessionModel authSession = getOrCreateLoginSessionForIdpInitiatedSso(this.session, this.realm, client, relayState);
 
         return newBrowserAuthentication(authSession, false, false);
     }

◆ newBrowserAuthentication() [1/2]

Response org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.newBrowserAuthentication	(	AuthenticationSessionModel	authSession,
		boolean	isPassive,
		boolean	redirectToAuthentication,
		SamlProtocol	samlProtocol
	)

inlineprotected

                                                                                                                                                                         {
         return super.newBrowserAuthentication(authSession, isPassive, redirectToAuthentication, createEcpSamlProtocol());
     }

◆ newBrowserAuthentication() [2/2]

Response org.keycloak.protocol.saml.SamlService.newBrowserAuthentication	(	AuthenticationSessionModel	authSession,
		boolean	isPassive,
		boolean	redirectToAuthentication
	)

inlineprotectedinherited

                                                                                                                                              {
         SamlProtocol samlProtocol = new SamlProtocol().setEventBuilder(event).setHttpHeaders(headers).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri());
         return newBrowserAuthentication(authSession, isPassive, redirectToAuthentication, samlProtocol);
     }

◆ postBinding()

Response org.keycloak.protocol.saml.SamlService.postBinding	(	@FormParam(GeneralConstants.SAML_REQUEST_KEY) String	samlRequest,
		@FormParam(GeneralConstants.SAML_RESPONSE_KEY) String	samlResponse,
		@FormParam(GeneralConstants.RELAY_STATE) String	relayState
	)

inlineinherited

                                                                                                                                                                                                                                   {
         logger.debug("SAML POST");
         PostBindingProtocol postBindingProtocol = new PostBindingProtocol();
         // this is to support back button on browser
         // if true, we redirect to authenticate URL otherwise back button behavior has bad side effects
         // and we want to turn it off.
         postBindingProtocol.redirectToAuthentication = true;
         return postBindingProtocol.execute(samlRequest, samlResponse, relayState);
     }

◆ redirectBinding()

Response org.keycloak.protocol.saml.SamlService.redirectBinding	(	@QueryParam(GeneralConstants.SAML_REQUEST_KEY) String	samlRequest,
		@QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String	samlResponse,
		@QueryParam(GeneralConstants.RELAY_STATE) String	relayState
	)

inlineinherited

                                                                                                                                                                                                                                          {
         logger.debug("SAML GET");
         CacheControlUtil.noBackButtonCacheControlHeader();
         return new RedirectBindingProtocol().execute(samlRequest, samlResponse, relayState);
     }

◆ soapBinding()

Response org.keycloak.protocol.saml.SamlService.soapBinding ( InputStream inputStream )

inlineinherited

                                                          {
         SamlEcpProfileService bindingService = new SamlEcpProfileService(realm, event, destinationValidator);
 
         ResteasyProviderFactory.getInstance().injectProperties(bindingService);
 
         return bindingService.authenticate(inputStream);
     }

メンバ詳解

◆ APP_INITIATED_FLOW

final String org.keycloak.protocol.AuthorizationEndpointBase.APP_INITIATED_FLOW = "APP_INITIATED_FLOW"

staticinherited

◆ authManager

AuthenticationManager org.keycloak.protocol.AuthorizationEndpointBase.authManager

protectedinherited

◆ clientConnection

ClientConnection org.keycloak.protocol.AuthorizationEndpointBase.clientConnection

protectedinherited

◆ event

EventBuilder org.keycloak.protocol.AuthorizationEndpointBase.event

protectedinherited

◆ headers

HttpHeaders org.keycloak.protocol.AuthorizationEndpointBase.headers

protectedinherited

◆ httpRequest

HttpRequest org.keycloak.protocol.AuthorizationEndpointBase.httpRequest

protectedinherited

◆ logger

final Logger org.keycloak.protocol.saml.SamlService.logger = Logger.getLogger(SamlService.class)

staticprotectedinherited

◆ NS_PREFIX_PROFILE_ECP

final String org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.NS_PREFIX_PROFILE_ECP = "ecp"

staticprivate

◆ NS_PREFIX_SAML_ASSERTION

final String org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.NS_PREFIX_SAML_ASSERTION = "saml"

staticprivate

◆ NS_PREFIX_SAML_PROTOCOL

final String org.keycloak.protocol.saml.profile.ecp.SamlEcpProfileService.NS_PREFIX_SAML_PROTOCOL = "samlp"

staticprivate

◆ realm

RealmModel org.keycloak.protocol.AuthorizationEndpointBase.realm

protectedinherited

◆ session

KeycloakSession org.keycloak.protocol.AuthorizationEndpointBase.session

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

限定公開変数類

静的限定公開変数類

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ SamlEcpProfileService()

関数詳解

◆ authenticate()

◆ checkRealm()

◆ checkSsl()

◆ createAuthenticationSession()

◆ createEcpSamlProtocol()

◆ createProcessor()

◆ getAuthenticationFlow()

◆ getDescriptor()

◆ getIDPMetadataDescriptor()

◆ getOrCreateLoginSessionForIdpInitiatedSso()

◆ handleBrowserAuthenticationRequest()

◆ idpInitiatedSSO()

◆ newBrowserAuthentication() [1/2]

◆ newBrowserAuthentication() [2/2]

◆ postBinding()

◆ redirectBinding()

◆ soapBinding()

メンバ詳解

◆ APP_INITIATED_FLOW

◆ authManager

◆ clientConnection

◆ event

◆ headers

◆ httpRequest

◆ logger

◆ NS_PREFIX_PROFILE_ECP

◆ NS_PREFIX_SAML_ASSERTION

◆ NS_PREFIX_SAML_PROTOCOL

◆ realm

◆ session