public abstract class BaseFormAuthenticator
extends org.apache.catalina.authenticator.FormAuthenticator
Modifier and Type | Field and Description |
---|---|
protected String |
canonicalizationMethod |
protected SAML2HandlerChain |
chain |
protected Map<String,Object> |
chainConfigOptions |
protected Lock |
chainLock
A Lock for Handler operations in the chain
|
protected String |
configFile |
protected SAMLConfigurationProvider |
configProvider
The user can inject a fully qualified name of a
SAMLConfigurationProvider |
protected String |
identityURL |
protected String |
idpAddress |
protected X509Certificate |
idpCertificate
If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata
|
protected String |
issuerID |
protected TrustKeyManager |
keyManager |
protected static Logger |
log |
protected String |
logOutPage |
protected PicketLinkType |
picketLinkConfiguration |
protected String |
samlHandlerChainClass |
protected boolean |
saveRestoreRequest |
protected String |
serviceURL |
protected SPType |
spConfiguration |
protected boolean |
trace |
characterEncoding, info, landingPage
AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started
Constructor and Description |
---|
BaseFormAuthenticator() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled.
|
protected abstract String |
getBinding()
Return the SAML Binding that this authenticator supports
|
String |
getConfigFile() |
SPType |
getConfiguration() |
String |
getIdentityURL()
Get the Identity URL
|
X509Certificate |
getIdpCertificate()
Get the
X509Certificate of the IDP if provided via the IDP metadata file |
protected IDPSSODescriptorType |
getIDPSSODescriptor(EntitiesDescriptorType entities) |
protected IDPSSODescriptorType |
handleMetadata(EntitiesDescriptorType entities) |
protected IDPSSODescriptorType |
handleMetadata(EntityDescriptorType entityDescriptor) |
protected void |
initializeHandlerChain() |
protected abstract void |
initKeyProvider(org.apache.catalina.Context context) |
protected boolean |
localAuthentication(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.deploy.LoginConfig loginConfig)
Fall back on local authentication at the service provider side
|
protected void |
populateChainConfig() |
protected void |
processConfiguration()
Process the configuration from the configuration file
|
protected void |
processIDPMetadataFile(String idpMetadataFile)
Attempt to process a metadata file available locally
|
protected void |
processStart() |
protected void |
register(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
Principal principal,
String arg3,
String arg4,
String arg5)
This method is a hack!!! Tomcat on account of Servlet3 changed their authenticator method signatures We utilize Java
Reflection to identify the super register method on the first call and save it.
|
protected void |
sendToLogoutPage(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.Session session) |
void |
setConfigFile(String configFile) |
void |
setConfigProvider(String cp) |
void |
setIdpAddress(String idpAddress)
If the request.getRemoteAddr is not exactly the IDP address that you have keyed in your deployment descriptor for
keystore alias, you can set it here explicitly
|
void |
setIssuerID(String issuerID)
Set a separate issuer id
|
void |
setLogOutPage(String logOutPage) |
void |
setSamlHandlerChainClass(String samlHandlerChainClass) |
void |
setSaveRestoreRequest(boolean saveRestoreRequest) |
void |
setServiceURL(String serviceURL) |
void |
start() |
void |
testStart() |
protected boolean |
validate(org.apache.catalina.connector.Request request)
Perform validation os the request object
|
authenticate, forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage
addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister
protected static Logger log
protected final boolean trace
protected TrustKeyManager keyManager
protected SPType spConfiguration
protected PicketLinkType picketLinkConfiguration
protected String serviceURL
protected String identityURL
protected String issuerID
protected String configFile
protected transient X509Certificate idpCertificate
protected transient SAML2HandlerChain chain
protected transient String samlHandlerChainClass
protected boolean saveRestoreRequest
protected Lock chainLock
protected String canonicalizationMethod
protected String logOutPage
protected SAMLConfigurationProvider configProvider
SAMLConfigurationProvider
protected String idpAddress
public void setIdpAddress(String idpAddress)
public String getConfigFile()
public void setConfigFile(String configFile)
public void setSamlHandlerChainClass(String samlHandlerChainClass)
public void setServiceURL(String serviceURL)
public void setSaveRestoreRequest(boolean saveRestoreRequest)
public void setConfigProvider(String cp)
public SPType getConfiguration()
public void setIssuerID(String issuerID)
issuerID
- public void setLogOutPage(String logOutPage)
protected boolean validate(org.apache.catalina.connector.Request request)
request
- IOException
GeneralSecurityException
public void start() throws org.apache.catalina.LifecycleException
start
in interface org.apache.catalina.Lifecycle
start
in class org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.LifecycleException
public String getIdentityURL()
public X509Certificate getIdpCertificate()
X509Certificate
of the IDP if provided via the IDP metadata fileX509Certificate
or nullprotected void register(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, Principal principal, String arg3, String arg4, String arg5)
Method
org.apache.catalina.authenticator.AuthenticatorBase#register(org.apache.catalina.connector.Request,
org.apache.catalina.connector.Response, java.security.Principal, java.lang.String, java.lang.String,
java.lang.String)
protected boolean localAuthentication(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig) throws IOException
request
- response
- loginConfig
- IOException
protected abstract String getBinding()
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}
,
JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}
protected void processIDPMetadataFile(String idpMetadataFile)
protected void processConfiguration()
protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entities)
protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptor)
protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entities)
protected void initializeHandlerChain() throws ConfigurationException, ProcessingException
protected void populateChainConfig() throws ConfigurationException, ProcessingException
protected void sendToLogoutPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.Session session) throws IOException, ServletException
IOException
ServletException
public void testStart() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected void processStart() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected boolean doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. Subclasses that supports signature should override this method.
protected abstract void initKeyProvider(org.apache.catalina.Context context) throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
Copyright © 2012 JBoss by Red Hat. All Rights Reserved.