org.keycloak.broker.saml.SAMLIdentityProviderFactory の継承関係図

org.keycloak.broker.saml.SAMLIdentityProviderFactory 連携図

公開メンバ関数
String	getName ()

SAMLIdentityProvider	create (KeycloakSession session, IdentityProviderModel model)

Map< String, String >	parseConfig (KeycloakSession session, InputStream inputStream)

String	getId ()

void	init (Scope config)

静的公開変数類
static final String	PROVIDER_ID = "saml"

非公開変数類
DestinationValidator	destinationValidator

詳解

著者: Pedro Igor

関数詳解

◆ create()

SAMLIdentityProvider org.keycloak.broker.saml.SAMLIdentityProviderFactory.create	(	KeycloakSession	session,
		IdentityProviderModel	model
	)

inline

                                                                                              {
         return new SAMLIdentityProvider(session, new SAMLIdentityProviderConfig(model), destinationValidator);
     }

◆ getId()

String org.keycloak.broker.saml.SAMLIdentityProviderFactory.getId ( )

inline

                           {
         return PROVIDER_ID;
     }

◆ getName()

String org.keycloak.broker.saml.SAMLIdentityProviderFactory.getName ( )

inline

                             {
         return "SAML v2.0";
     }

◆ init()

void org.keycloak.broker.saml.SAMLIdentityProviderFactory.init ( Scope config )

inline

                                    {
         super.init(config);
 
         this.destinationValidator = DestinationValidator.forProtocolMap(config.getArray("knownProtocols"));
     }

◆ parseConfig()

Map<String, String> org.keycloak.broker.saml.SAMLIdentityProviderFactory.parseConfig	(	KeycloakSession	session,
		InputStream	inputStream
	)

inline

                                                                                              {
         try {
             Object parsedObject = SAMLParser.getInstance().parse(inputStream);
             EntityDescriptorType entityType;
 
             if (EntitiesDescriptorType.class.isInstance(parsedObject)) {
                 entityType = (EntityDescriptorType) ((EntitiesDescriptorType) parsedObject).getEntityDescriptor().get(0);
             } else {
                 entityType = (EntityDescriptorType) parsedObject;
             }
 
             List<EntityDescriptorType.EDTChoiceType> choiceType = entityType.getChoiceType();
 
             if (!choiceType.isEmpty()) {
                 IDPSSODescriptorType idpDescriptor = null;
 
                 //Metadata documents can contain multiple Descriptors (See ADFS metadata documents) such as RoleDescriptor, SPSSODescriptor, IDPSSODescriptor.
                 //So we need to loop through to find the IDPSSODescriptor.
                 for(EntityDescriptorType.EDTChoiceType edtChoiceType : entityType.getChoiceType()) {
                     List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
 
                     if(!descriptors.isEmpty() && descriptors.get(0).getIdpDescriptor() != null) {
                         idpDescriptor = descriptors.get(0).getIdpDescriptor();
                     }
                 }
 
                 if (idpDescriptor != null) {
                     SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
                     String singleSignOnServiceUrl = null;
                     boolean postBindingResponse = false;
                     boolean postBindingLogout = false;
                     for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
                         if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
                             singleSignOnServiceUrl = endpoint.getLocation().toString();
                             postBindingResponse = true;
                             break;
                         } else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
                             singleSignOnServiceUrl = endpoint.getLocation().toString();
                         }
                     }
                     String singleLogoutServiceUrl = null;
                     for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
                         if (postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
                             singleLogoutServiceUrl = endpoint.getLocation().toString();
                             postBindingLogout = true;
                             break;
                         } else if (!postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
                             singleLogoutServiceUrl = endpoint.getLocation().toString();
                             break;
                         }
 
                     }
                     samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
                     samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
                     samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
                     samlIdentityProviderConfig.setAddExtensionsElementWithKeyInfo(false);
                     samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
                     samlIdentityProviderConfig.setPostBindingResponse(postBindingResponse);
                     samlIdentityProviderConfig.setPostBindingAuthnRequest(postBindingResponse);
                     samlIdentityProviderConfig.setPostBindingLogout(postBindingLogout);
 
                     List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
                     String defaultCertificate = null;
 
                     if (keyDescriptor != null) {
                         for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
                             Element keyInfo = keyDescriptorType.getKeyInfo();
                             Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
 
                             if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
                                 samlIdentityProviderConfig.addSigningCertificate(x509KeyInfo.getTextContent());
                             } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
                                 samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
                             } else if (keyDescriptorType.getUse() ==  null) {
                                 defaultCertificate = x509KeyInfo.getTextContent();
                             }
                         }
                     }
 
                     if (defaultCertificate != null) {
                         if (samlIdentityProviderConfig.getSigningCertificates().length == 0) {
                             samlIdentityProviderConfig.addSigningCertificate(defaultCertificate);
                         }
 
                         if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
                             samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
                         }
                     }
 
                     return samlIdentityProviderConfig.getConfig();
                 }
             }
         } catch (ParsingException pe) {
             throw new RuntimeException("Could not parse IdP SAML Metadata", pe);
         }
 
         return new HashMap<String, String>();
     }

メンバ詳解

◆ destinationValidator

DestinationValidator org.keycloak.broker.saml.SAMLIdentityProviderFactory.destinationValidator

private

◆ PROVIDER_ID

final String org.keycloak.broker.saml.SAMLIdentityProviderFactory.PROVIDER_ID = "saml"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java

公開メンバ関数

静的公開変数類

非公開変数類

詳解

関数詳解

◆ create()

◆ getId()

◆ getName()

◆ init()

◆ parseConfig()

メンバ詳解

◆ destinationValidator

◆ PROVIDER_ID