org.jboss.seam.security.external.saml.sp
Class SamlSpBean

java.lang.Object
  org.jboss.seam.security.external.EntityBean
      org.jboss.seam.security.external.saml.SamlEntityBean
          org.jboss.seam.security.external.saml.sp.SamlSpBean

All Implemented Interfaces:

EntityConfigurationApi, SamlEntityConfigurationApi, SamlServiceProviderConfigurationApi, SamlMultiUserServiceProviderApi

@Typed(value=SamlSpBean.class)
public class SamlSpBean
extends SamlEntityBean
implements SamlMultiUserServiceProviderApi, SamlServiceProviderConfigurationApi

Author:

Marcel Kolsteren

Field Summary

Fields inherited from class org.jboss.seam.security.external.saml.SamlEntityBean

metaDataJaxbContext

Fields inherited from class org.jboss.seam.security.external.EntityBean

hostName, port, protocol

Constructor Summary

SamlSpBean()

Method Summary

SamlExternalIdentityProvider	addExternalIdentityProvider(String entityId, IDPSSODescriptorType idpSsoDescriptor)
SamlExternalIdentityProvider	addExternalSamlEntity(Reader reader) This method can be used to add an external SAML entity that is trusted by the entity that is being configured.
List<SamlExternalEntity>	getExternalSamlEntities() Gets a list of all external entities that have been added previously by calling SamlEntityConfigurationApi.addExternalSamlEntity(java.io.Reader).
SamlExternalIdentityProvider	getExternalSamlEntityByEntityId(String entityId) Gets the detailed of a trusted external entity, that has been added previously by calling SamlEntityConfigurationApi.addExternalSamlEntity(java.io.Reader).
List<SamlExternalIdentityProvider>	getIdentityProviders() Returns a list with all identity providers that are trusted (i.e.
SamlIdpOrSp	getIdpOrSp()
Set<SamlSpSession>	getSessions()
void	globalLogout(SamlSpSession session, HttpServletResponse response)
boolean	isAuthnRequestsSigned() If this property is enabled, all authentication requests targeted at identity providers will be signed.
boolean	isWantAssertionsSigned() This property, which is enabled by default, determines whether incoming authentication responses from the identity provider are required to have a valid signature.
void	localLogout(SamlSpSession session)
void	login(String idpEntityId, HttpServletResponse response)
void	setAuthnRequestsSigned(boolean authnRequestsSigned) See SamlServiceProviderConfigurationApi.isAuthnRequestsSigned().
void	setWantAssertionsSigned(boolean wantAssertionsSigned) See SamlServiceProviderConfigurationApi.isWantAssertionsSigned().
void	writeMetaData(Writer writer)

Methods inherited from class org.jboss.seam.security.external.saml.SamlEntityBean

addKeyDescriptorToMetaData, addNameIDFormatsToMetaData, addSloEndpointsToMetaData, getEntityId, getMetaDataURL, getMetaInfo, getPreferredBinding, getServiceURL, getSigningKey, isSingleLogoutMessagesSigned, isWantSingleLogoutMessagesSigned, readEntitiesDescriptor, readEntityDescriptor, setEntityId, setPreferredBinding, setSigningKey, setSingleLogoutMessagesSigned, setWantSingleLogoutMessagesSigned

Methods inherited from class org.jboss.seam.security.external.EntityBean

createURL, getHostName, getPort, getProtocol, setHostName, setPort, setProtocol

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.jboss.seam.security.external.saml.api.SamlServiceProviderConfigurationApi

isSingleLogoutMessagesSigned, isWantSingleLogoutMessagesSigned, setSingleLogoutMessagesSigned, setWantSingleLogoutMessagesSigned

Methods inherited from interface org.jboss.seam.security.external.saml.api.SamlEntityConfigurationApi

getEntityId, getMetaDataURL, getPreferredBinding, setEntityId, setPreferredBinding, setSigningKey

Methods inherited from interface org.jboss.seam.security.external.api.EntityConfigurationApi

getHostName, getPort, getProtocol, setHostName, setPort, setProtocol

Constructor Detail

SamlSpBean

public SamlSpBean()

Method Detail

addExternalIdentityProvider

public SamlExternalIdentityProvider addExternalIdentityProvider(String entityId,
                                                                IDPSSODescriptorType idpSsoDescriptor)

addExternalSamlEntity

public SamlExternalIdentityProvider addExternalSamlEntity(Reader reader)

Description copied from interface: SamlEntityConfigurationApi

This method can be used to add an external SAML entity that is trusted by the entity that is being configured. If the entity that is being configured is an identity provider, this method can be used for adding trusted service providers, and vice versa. The reader must contain a UTF-8 encoded XML-file with the meta information of the entity that needs to be added. When this method returns, the configured entity trusts the added entity (has been added to the "circle of trust"). Remark that the meta data of the configured entity also needs to be loaded in the external entity. How this is done is out of scope for this API, but the needed meta information is served at the URL provided by SamlEntityConfigurationApi.getMetaDataURL().

Specified by:

addExternalSamlEntity in interface SamlEntityConfigurationApi

Specified by:

addExternalSamlEntity in class SamlEntityBean

Parameters:

reader - reader that reads the meta information of the entry that needs to be added

Returns:

the contents of the external entity (extracted from the meta information)

getExternalSamlEntities

public List<SamlExternalEntity> getExternalSamlEntities()

Description copied from interface: SamlEntityConfigurationApi

Gets a list of all external entities that have been added previously by calling SamlEntityConfigurationApi.addExternalSamlEntity(java.io.Reader).

Specified by:

getExternalSamlEntities in interface SamlEntityConfigurationApi

Specified by:

getExternalSamlEntities in class SamlEntityBean

Returns:

the list

getIdentityProviders

public List<SamlExternalIdentityProvider> getIdentityProviders()

Description copied from interface: SamlServiceProviderConfigurationApi

Returns a list with all identity providers that are trusted (i.e. identity providers that have been added by calling SamlEntityConfigurationApi.addExternalSamlEntity(java.io.Reader)). This allows the API client to present the list to the user, so that the user can choose the provider that needs to be used for doing the login.

Specified by:

getIdentityProviders in interface SamlServiceProviderConfigurationApi

Returns:

list of identity providers

isAuthnRequestsSigned

public boolean isAuthnRequestsSigned()

Description copied from interface: SamlServiceProviderConfigurationApi

If this property is enabled, all authentication requests targeted at identity providers will be signed. The property is disabled by default. When enabling it, be sure to add a signing key by calling SamlEntityConfigurationApi.setSigningKey(String, String, String, String) .

Specified by:

isAuthnRequestsSigned in interface SamlServiceProviderConfigurationApi

Returns:

true iff the authentication requests are signed

setAuthnRequestsSigned

public void setAuthnRequestsSigned(boolean authnRequestsSigned)

Description copied from interface: SamlServiceProviderConfigurationApi

See SamlServiceProviderConfigurationApi.isAuthnRequestsSigned().

Specified by:

setAuthnRequestsSigned in interface SamlServiceProviderConfigurationApi

isWantAssertionsSigned

public boolean isWantAssertionsSigned()

Description copied from interface: SamlServiceProviderConfigurationApi

This property, which is enabled by default, determines whether incoming authentication responses from the identity provider are required to have a valid signature. It is strongly discouraged to disabled signature validation, because this opens possibilities for sending fake authentication responses to the service provider.

Specified by:

isWantAssertionsSigned in interface SamlServiceProviderConfigurationApi

Returns:

true iff incoming assertions need to have a valid signature

setWantAssertionsSigned

public void setWantAssertionsSigned(boolean wantAssertionsSigned)

Description copied from interface: SamlServiceProviderConfigurationApi

See SamlServiceProviderConfigurationApi.isWantAssertionsSigned().

Specified by:

setWantAssertionsSigned in interface SamlServiceProviderConfigurationApi

getExternalSamlEntityByEntityId

public SamlExternalIdentityProvider getExternalSamlEntityByEntityId(String entityId)

Description copied from interface: SamlEntityConfigurationApi

Gets the detailed of a trusted external entity, that has been added previously by calling SamlEntityConfigurationApi.addExternalSamlEntity(java.io.Reader).

Specified by:

getExternalSamlEntityByEntityId in interface SamlEntityConfigurationApi

Specified by:

getExternalSamlEntityByEntityId in class SamlEntityBean

Parameters:

entityId - the id of the entity

Returns:

an object containing the properties of the entity

writeMetaData

public void writeMetaData(Writer writer)

Specified by:

writeMetaData in class SamlEntityBean

login

public void login(String idpEntityId,
                  HttpServletResponse response)

Specified by:

login in interface SamlMultiUserServiceProviderApi

localLogout

public void localLogout(SamlSpSession session)

Specified by:

localLogout in interface SamlMultiUserServiceProviderApi

globalLogout

public void globalLogout(SamlSpSession session,
                         HttpServletResponse response)

Specified by:

globalLogout in interface SamlMultiUserServiceProviderApi

getSessions

public Set<SamlSpSession> getSessions()

Specified by:

getSessions in interface SamlMultiUserServiceProviderApi

getIdpOrSp

public SamlIdpOrSp getIdpOrSp()

Specified by:

getIdpOrSp in class SamlEntityBean