AbstractSPFormAuthenticator (GateIn SSO - SAML Identity provider plugin 6.1.0 API)

java.lang.Object
- org.apache.catalina.valves.ValveBase
- - org.apache.catalina.authenticator.AuthenticatorBase
  - - org.apache.catalina.authenticator.FormAuthenticator
    - - org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
      - org.gatein.sso.saml.plugin.valve.AbstractSPFormAuthenticator

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve

Direct Known Subclasses:

AbstractSAML11SPRedirectFormAuthenticator, ServiceProviderAuthenticator
```
public abstract class AbstractSPFormAuthenticator
extends BaseFormAuthenticator
```
Abstract class to be extended by Service Provider valves to handle SAML requests and responses. forked from org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator and made compatible with Tomcat 8.5 since picketlink doesn't provide such a support

Field Summary

Fields
Modifier and Type Field and Description

protected boolean jbossEnv
- Fields inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
  auditHelper, canonicalizationMethod, chain, chainConfigOptions, chainLock, configFile, configProvider, enableAudit, identityURL, idpAddress, idpCertificate, issuerID, keyManager, logger, picketLinkConfiguration, samlHandlerChainClass, saveRestoreRequest, serviceURL, spConfiguration, timer, timerInterval
- Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator
  characterEncoding, info, landingPage
- Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
  AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started
- Fields inherited from class org.apache.catalina.valves.ValveBase
  container, controller, domain, mserver, next, oname
- Fields inherited from interface org.apache.catalina.Lifecycle
  AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Fields
Modifier and Type	Field and Description
`protected boolean`	`jbossEnv`

Constructor Summary

Constructors
Constructor and Description

AbstractSPFormAuthenticator()

Constructors
Constructor and Description
`AbstractSPFormAuthenticator()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)` Authenticate the request
`protected boolean`	`doAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)`
`protected String`	`getBinding()` Return the SAML Binding that this authenticator supports
`org.apache.catalina.Context`	`getContext()`
`protected abstract String`	`getContextPath()` Subclasses need to return the context path based on the capability of their servlet api
`protected Principal`	`getGenericPrincipal(org.apache.catalina.connector.Request request, String username, List<String> roles)`
`protected void`	`initKeyProvider(org.apache.catalina.Context context)` Initialize the KeyProvider configurations.
`protected boolean`	`isHttpPostBinding()` Indicates if the SP is configure with HTTP POST Binding.
`protected boolean`	`isPOSTBindingResponse()`
`boolean`	`restoreRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session)`
`protected void`	`sendHttpPostBindingRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest)` Sends a HTTP POST request to the IDP.
`protected void`	`sendHttpRedirectRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)` Sends a HTTP Redirect request to the IDP.
`protected void`	`sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)` Send the request to the IDP.
`protected void`	`startPicketLink()`

Methods inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
doSupportSignature, getConfigFile, getConfiguration, getIdentityURL, getIdpCertificate, getIDPSSODescriptor, handleMetadata, handleMetadata, initializeHandlerChain, localAuthentication, populateChainConfig, processConfiguration, processIDPMetadataFile, sendToLogoutPage, setAuditHelper, setConfigFile, setConfigProvider, setConfigProvider, setIdpAddress, setIssuerID, setLogOutPage, setSamlHandlerChainClass, setSaveRestoreRequest, setServiceURL, setTimerInterval, testStart, validate

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator
authenticate, forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
addLifecycleListener, associate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, start, stop, unregister

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail
- jbossEnv
```
protected boolean jbossEnv
```

Constructor Detail
- AbstractSPFormAuthenticator
```
public AbstractSPFormAuthenticator()
```

Method Detail

startPicketLink
```
protected void startPicketLink()
                        throws org.apache.catalina.LifecycleException
```
Overrides:

startPicketLink in class BaseFormAuthenticator

Throws:

org.apache.catalina.LifecycleException

sendRequestToIDP

protected void sendRequestToIDP(String destination,
                                Document samlDocument,
                                String relayState,
                                org.apache.catalina.connector.Request request,
                                org.apache.catalina.connector.Response response,
                                boolean willSendRequest,
                                String destinationQueryStringWithSignature)
                         throws org.picketlink.common.exceptions.ProcessingException,
                                org.picketlink.common.exceptions.ConfigurationException,
                                IOException

Send the request to the IDP. Subclasses should override this method to implement how requests must be sent to the IDP.

Parameters:: destination - idp url; samlDocument - request or response document; relayState - used in SAML Workflow; response - Apache Catalina HTTP Response; request - Apache Catalina HTTP Request; willSendRequest - are we sending Request or Response to IDP; destinationQueryStringWithSignature - used only with Redirect binding and with signature enabled.
Throws:: org.picketlink.common.exceptions.ProcessingException - Exception to indicate a server processing error; org.picketlink.common.exceptions.ConfigurationException - Exception indicating an issue with the configuration; IOException - I/O exception

sendHttpRedirectRequest

protected void sendHttpRedirectRequest(String destination,
                                       Document samlDocument,
                                       String relayState,
                                       org.apache.catalina.connector.Response response,
                                       boolean willSendRequest,
                                       String destinationQueryStringWithSignature)
                                throws IOException,
                                       org.picketlink.common.exceptions.ProcessingException,
                                       org.picketlink.common.exceptions.ConfigurationException

Sends a HTTP Redirect request to the IDP.

Parameters:: destination - idp url; samlDocument - SAML request document; relayState - used in SAML Workflow; response - Apache Catalina HTTP Response; willSendRequest - are we sending Request or Response to IDP; destinationQueryStringWithSignature - used only with Redirect binding and with signature enabled.
Throws:: IOException - I/O exception; UnsupportedEncodingException - when decoding SAML Message; org.picketlink.common.exceptions.ConfigurationException - Exception indicating an issue with the configuration; org.picketlink.common.exceptions.ProcessingException - Exception to indicate a server processing error

sendHttpPostBindingRequest

protected void sendHttpPostBindingRequest(String destination,
                                          Document samlDocument,
                                          String relayState,
                                          org.apache.catalina.connector.Response response,
                                          boolean willSendRequest)
                                   throws org.picketlink.common.exceptions.ProcessingException,
                                          IOException,
                                          org.picketlink.common.exceptions.ConfigurationException

Sends a HTTP POST request to the IDP.

Parameters:: destination - idp url; samlDocument - request or response document; relayState - used in SAML Workflow; response - Apache Catalina HTTP Response; willSendRequest - are we sending Request or Response to IDP
Throws:: org.picketlink.common.exceptions.ProcessingException - Exception to indicate a server processing error; org.picketlink.common.exceptions.ConfigurationException - Exception indicating an issue with the configuration; IOException - I/O exception

initKeyProvider
```
protected void initKeyProvider(org.apache.catalina.Context context)
                        throws org.apache.catalina.LifecycleException
```
Initialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.

Specified by:

initKeyProvider in class BaseFormAuthenticator

Parameters:

context - Apache Catalina Context

Throws:

org.apache.catalina.LifecycleException - any exception occurred while processing key provider

doAuthenticate

protected boolean doAuthenticate(org.apache.catalina.connector.Request request,
                                 javax.servlet.http.HttpServletResponse response)
                          throws IOException

Throws:: IOException

authenticate
```
public boolean authenticate(org.apache.catalina.connector.Request request,
                            javax.servlet.http.HttpServletResponse response)
                     throws IOException
```
Authenticate the request

Specified by:

authenticate in interface org.apache.catalina.Authenticator

Overrides:

authenticate in class org.apache.catalina.authenticator.AuthenticatorBase

Parameters:

request - Apache Catalina Request

response - Apache Catalina Response

Returns:

true if authenticated, else false

Throws:

IOException - any I/O exception

isPOSTBindingResponse

protected boolean isPOSTBindingResponse()

getBinding
```
protected String getBinding()
```
Description copied from class: BaseFormAuthenticator

Return the SAML Binding that this authenticator supports

Specified by:

getBinding in class BaseFormAuthenticator

Returns:

supported SAML Binding

isHttpPostBinding
```
protected boolean isHttpPostBinding()
```
Indicates if the SP is configure with HTTP POST Binding.

Returns:

true if post binding

getContext

public org.apache.catalina.Context getContext()

restoreRequest

public boolean restoreRequest(org.apache.catalina.connector.Request request,
                              org.apache.catalina.Session session)
                       throws IOException

Overrides:: restoreRequest in class org.apache.catalina.authenticator.FormAuthenticator
Throws:: IOException

getContextPath
```
protected abstract String getContextPath()
```
Subclasses need to return the context path based on the capability of their servlet api

Returns:

Servlet Context Path

getGenericPrincipal

protected Principal getGenericPrincipal(org.apache.catalina.connector.Request request,
                                        String username,
                                        List<String> roles)

Class AbstractSPFormAuthenticator

Field Summary

Fields inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class java.lang.Object

Field Detail

jbossEnv

Constructor Detail

AbstractSPFormAuthenticator

Method Detail

startPicketLink

sendRequestToIDP

sendHttpRedirectRequest

sendHttpPostBindingRequest

initKeyProvider

doAuthenticate

authenticate

isPOSTBindingResponse

getBinding

isHttpPostBinding

getContext

restoreRequest

getContextPath

getGenericPrincipal