68 UriInfo uriInfo = request.getUriInfo();
69 RealmModel realm = request.getRealm();
71 String destinationUrl = getConfig().getSingleSignOnServiceUrl();
72 String nameIDPolicyFormat = getConfig().getNameIDPolicyFormat();
74 if (nameIDPolicyFormat == null) {
75 nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
78 String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
80 String assertionConsumerServiceUrl = request.getRedirectUri();
82 if (getConfig().isPostBindingResponse()) {
83 protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
86 SAML2AuthnRequestBuilder authnRequestBuilder =
new SAML2AuthnRequestBuilder()
87 .assertionConsumerUrl(assertionConsumerServiceUrl)
88 .destination(destinationUrl)
90 .forceAuthn(getConfig().isForceAuthn())
91 .protocolBinding(protocolBinding)
92 .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
93 JaxrsSAML2BindingBuilder binding =
new JaxrsSAML2BindingBuilder()
94 .relayState(request.getState().getEncoded());
95 boolean postBinding = getConfig().isPostBindingAuthnRequest();
97 if (getConfig().isWantAuthnRequestsSigned()) {
98 KeyManager.ActiveRsaKey keys = session.keys().getActiveRsaKey(realm);
100 KeyPair keypair =
new KeyPair(keys.getPublicKey(), keys.getPrivateKey());
102 String keyName = getConfig().getXmlSigKeyInfoKeyNameTransformer().getKeyName(keys.getKid(), keys.getCertificate());
103 binding.signWith(keyName, keypair);
105 binding.signDocument();
106 if (! postBinding && getConfig().isAddExtensionsElementWithKeyInfo()) {
107 authnRequestBuilder.addExtension(
new KeycloakKeySamlExtensionGenerator(keyName));
112 return binding.postBinding(authnRequestBuilder.toDocument()).request(destinationUrl);
114 return binding.redirectBinding(authnRequestBuilder.toDocument()).request(destinationUrl);
116 }
catch (Exception e) {
117 throw new IdentityBrokerException(
"Could not create authentication request.", e);
String getEntityId(UriInfo uriInfo, RealmModel realm)
Definition: SAMLIdentityProvider.java:121
SignatureAlgorithm getSignatureAlgorithm()
Definition: SAMLIdentityProvider.java:263