keycloak-service
公開メンバ関数 | 静的公開メンバ関数 | 静的非公開メンバ関数 | 全メンバ一覧
org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation クラス
org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation の継承関係図
Inheritance graph
org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation 連携図
Collaboration graph

公開メンバ関数

Response generateInstallation (KeycloakSession session, RealmModel realm, ClientModel client, URI serverBaseUri)
 
String getProtocol ()
 
String getDisplayType ()
 
String getHelpText ()
 
String getFilename ()
 
String getMediaType ()
 
boolean isDownloadOnly ()
 
void close ()
 
ClientInstallationProvider create (KeycloakSession session)
 
void init (Config.Scope config)
 
void postInit (KeycloakSessionFactory factory)
 
String getId ()
 

静的公開メンバ関数

static String getIDPDescriptorForClient (KeycloakSession session, RealmModel realm, ClientModel client, URI serverBaseUri)
 

静的非公開メンバ関数

static void addKeyInfo (StringBuilder target, RsaKeyMetadata key, String purpose)
 

詳解

著者
Bill Burke
バージョン
Revision
1

関数詳解

◆ addKeyInfo()

static void org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.addKeyInfo ( StringBuilder  target,
RsaKeyMetadata  key,
String  purpose 
)
inlinestaticprivate
104  {
105  if (key == null) {
106  return;
107  }
108 
109  target.append(SPMetadataDescriptor.xmlKeyInfo(" ", key.getKid(), PemUtils.encodeCertificate(key.getCertificate()), purpose, false));
110  }

◆ close()

void org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.close ( )
inline
148  {
149 
150  }

◆ create()

ClientInstallationProvider org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.create ( KeycloakSession  session)
inline
153  {
154  return this;
155  }

◆ generateInstallation()

Response org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.generateInstallation ( KeycloakSession  session,
RealmModel  realm,
ClientModel  client,
URI  serverBaseUri 
)
inline
113  {
114  String descriptor = getIDPDescriptorForClient(session, realm, client, serverBaseUri);
115  return Response.ok(descriptor, MediaType.TEXT_PLAIN_TYPE).build();
116  }
org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getIDPDescriptorForClient
static String getIDPDescriptorForClient(KeycloakSession session, RealmModel realm, ClientModel client, URI serverBaseUri)
Definition: SamlIDPDescriptorClientInstallation.java:47

◆ getDisplayType()

String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getDisplayType ( )
inline
124  {
125  return "SAML Metadata IDPSSODescriptor";
126  }

◆ getFilename()

String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getFilename ( )
inline
134  {
135  return "client-tailored-saml-idp-metadata.xml";
136  }

◆ getHelpText()

String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getHelpText ( )
inline
129  {
130  return "SAML Metadata IDPSSODescriptor tailored for the client. This is special because not every client may require things like digital signatures";
131  }

◆ getId()

String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getId ( )
inline
168  {
169  return "saml-idp-descriptor";
170  }

◆ getIDPDescriptorForClient()

static String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getIDPDescriptorForClient ( KeycloakSession  session,
RealmModel  realm,
ClientModel  client,
URI  serverBaseUri 
)
inlinestatic
47  {
48  SamlClient samlClient = new SamlClient(client);
49  String idpEntityId = RealmsResource.realmBaseUrl(UriBuilder.fromUri(serverBaseUri)).build(realm.getName()).toString();
50  String bindUrl = RealmsResource.protocolUrl(UriBuilder.fromUri(serverBaseUri)).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString();
51  StringBuilder sb = new StringBuilder();
52  sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
53  + "<EntityDescriptor entityID=\"").append(idpEntityId).append("\"\n"
54  + " xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n"
55  + " xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\"\n"
56  + " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n"
57  + " <IDPSSODescriptor WantAuthnRequestsSigned=\"")
58  .append(samlClient.requiresClientSignature())
59  .append("\"\n"
60  + " protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
61 
62  // logout service
63  sb.append(" <SingleLogoutService\n"
64  + " Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n"
65  + " Location=\"").append(bindUrl).append("\" />\n");
66  if (! samlClient.forcePostBinding()) {
67  sb.append(" <SingleLogoutService\n"
68  + " Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n"
69  + " Location=\"").append(bindUrl).append("\" />\n");
70  }
71  // nameid format
72  if (samlClient.forceNameIDFormat() && samlClient.getNameIDFormat() != null) {
73  sb.append(" <NameIDFormat>").append(samlClient.getNameIDFormat()).append("</NameIDFormat>\n");
74  } else {
75  sb.append(" <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n"
76  + " <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n"
77  + " <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n"
78  + " <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n");
79  }
80  // sign on service
81  sb.append("\n"
82  + " <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n"
83  + " Location=\"").append(bindUrl).append("\" />\n");
84  if (! samlClient.forcePostBinding()) {
85  sb.append(" <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n"
86  + " Location=\"").append(bindUrl).append("\" />\n");
87 
88  }
89 
90  // keys
91  Set<RsaKeyMetadata> keys = new TreeSet<>((o1, o2) -> o1.getStatus() == o2.getStatus() // Status can be only PASSIVE OR ACTIVE, push PASSIVE to end of list
92  ? (int) (o2.getProviderPriority() - o1.getProviderPriority())
93  : (o1.getStatus() == KeyStatus.PASSIVE ? 1 : -1));
94  keys.addAll(session.keys().getRsaKeys(realm));
95  for (RsaKeyMetadata key : keys) {
96  addKeyInfo(sb, key, KeyTypes.SIGNING.value());
97  }
98 
99  sb.append(" </IDPSSODescriptor>\n"
100  + "</EntityDescriptor>\n");
101  return sb.toString();
102  }
org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.addKeyInfo
static void addKeyInfo(StringBuilder target, RsaKeyMetadata key, String purpose)
Definition: SamlIDPDescriptorClientInstallation.java:104

◆ getMediaType()

String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getMediaType ( )
inline
138  {
139  return MediaType.APPLICATION_XML;
140  }

◆ getProtocol()

String org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.getProtocol ( )
inline
119  {
120  return SamlProtocol.LOGIN_PROTOCOL;
121  }

◆ init()

void org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.init ( Config.Scope  config)
inline
158  {
159 
160  }

◆ isDownloadOnly()

boolean org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.isDownloadOnly ( )
inline
143  {
144  return false;
145  }

◆ postInit()

void org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation.postInit ( KeycloakSessionFactory  factory)
inline
163  {
164 
165  }
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分22秒作成 - keycloak-service / 構成:   doxygen 1.8.13