SamlServiceProviderApi (Seam Security External Authentication Services 3.0.0-SNAPSHOT API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.seam.security.external.saml.api
Interface SamlServiceProviderApi

All Known Implementing Classes:: SamlSpSingleUser

public interface SamlServiceProviderApi

API to the SAMLv2 compliant service provider. In order to use this API, one of the following alternative beans needs to be activated:

The former will install the service provider in application scope, the latter will install it in virtual application scope. The virtual application scope allows for using different service provider configurations depending on the server name. See VirtualApplicationScoped.

This API (implemented by the framework) comes along with an SPI: SamlServiceProviderSpi (implemented by the client application). Dialogues are used to bridge corresponding API and SPI calls (see Dialogued).

Most methods in this API require that the HTTP response is passed as a parameter. The implementation needs the response, in order to redirect the browser to the relying party. Beware not to touch the HTTP response after one of these method returns.

Author:: Marcel Kolsteren

Method Summary
`SamlSpSession`	`getSession()` Gets the current session (login).
`void`	`globalLogout(HttpServletResponse response)` Globally logs out the user.
`void`	`localLogout()` Locally logs out the user.
`void`	`login(String idpEntityId, HttpServletResponse response)` Sends the user agent to the site of the given identity provider, where the user can be authenticated.

Method Detail

login

void login(String idpEntityId,
           HttpServletResponse response)

Sends the user agent to the site of the given identity provider, where the user can be authenticated. When the call returns, a redirect on the HTTP response has taken place. The response of the identity provider will be sent asynchronously through the SPI methods SamlSingleUserServiceProviderSpi#loginSucceeded(OpenIdSession) or SamlSingleUserServiceProviderSpi#loginFailed(OpenIdSession). If the method is called within a dialogue, that same dialogue will be active when the SPI method is called. Thus, the dialogue can be used to store API client state that needs to survive the sign on process.

Parameters:: idpEntityId -; response - the HTTP servlet response

localLogout

void localLogout()

Locally logs out the user. This use case is considered out of scope by the SAML spec (see the SAMLv2 Profiles document, section 4.4). The local logout means that the session established by the SAML SP is not used any more by the application. So when the SAML SP will receive a logout request for this session in the future, it won't pass that on to the application.

This method doesn't write the HTTP response.

globalLogout

void globalLogout(HttpServletResponse response)

Globally logs out the user. The browser of the user is redirected to the site of the identity provider, so that the identity provider can logout the user from all applications that share the same session at the identity provider. The result of the logout operation is reported back asynchronously through the SPI methods SamlSingleUserServiceProviderSpi#globalLogoutSucceeded() and SamlSingleUserServiceProviderSpi#singleLogoutFailed(). If this method is called with an active dialogue scope, the same dialogue will be active when the SPI method is called. This allows the API client to store state information in the dialogue.

Parameters:: response - the HTTP servlet response

getSession

SamlSpSession getSession()

Gets the current session (login). If there is no active session, null is returned.

Returns:: active session, or null