org.jboss.seam.security.external.spi
Interface SamlIdentityProviderSpi

public interface SamlIdentityProviderSpi

Interface that needs to be implemented by applications that want to act as a SAML identity provider. It is the counterpart of the SamlIdentityProviderApi. Most methods in this interface have a responseHolder parameter, which contains the HTTP response. This is a way of handing over the control over the browser to the application. The application is responsible for writing the response (either a normal HTML response, or an error, or a redirect). Typically, the application will redirect the user to a URL within the application.

Author:

Marcel Kolsteren

Method Summary

void	authenticate(ResponseHolder responseHolder) This method is called after receipt of an authentication request from a service provider.
void	globalLogoutFailed(ResponseHolder responseHolder) This method is one of the asynchronous callbacks related to SamlIdentityProviderApi.globalLogout(javax.servlet.http.HttpServletResponse).
void	globalLogoutSucceeded(ResponseHolder responseHolder) This method is the asynchronous callbacks related to SamlIdentityProviderApi#globalLogout().
void	loggedOut(SamlIdpSession session) When the service provider receives a logout request from a service provider, this method is called.

Method Detail

authenticate

void authenticate(ResponseHolder responseHolder)

This method is called after receipt of an authentication request from a service provider. Upon receipt of this call, the application should try to authenticate the user, or, if the user is already logged in, reuse an existing session of the user. The result of the authentication needs to be reported back using the API calls SamlIdentityProviderApi.authenticationSucceeded(javax.servlet.http.HttpServletResponse) or SamlIdentityProviderApi.authenticationFailed(javax.servlet.http.HttpServletResponse). Those API calls should be called in the same dialogue as this SPI call. When redirecting the user to a page where she can be authenticated, it is convenient to use ResponseHolder.redirectWithDialoguePropagation(String), so that the current dialogue is automatically propagated to the next request.

Parameters:

responseHolder - object holding the HTTP servlet response

loggedOut

void loggedOut(SamlIdpSession session)

When the service provider receives a logout request from a service provider, this method is called. The implementation of this method must take for granted that the user has been logged out.

Parameters:

session - that has been removed

globalLogoutSucceeded

void globalLogoutSucceeded(ResponseHolder responseHolder)

This method is the asynchronous callbacks related to SamlIdentityProviderApi#globalLogout(). It is called when the global logout was successful. Before this callback is called, the dialogue that was active at the time of the API call is restored. An implementation of this method will typically redirect the user to a page where a message is shown that the user has been logged out.

Parameters:

responseHolder - object holding the HTTP servlet response

globalLogoutFailed

void globalLogoutFailed(ResponseHolder responseHolder)

This method is one of the asynchronous callbacks related to SamlIdentityProviderApi.globalLogout(javax.servlet.http.HttpServletResponse). It is called when the single logout was unsuccessful. Before this callback is called, the dialogue that was active at the time of the API call is restored. An implementation of this method will typically redirect the user to a page where a message is shown that the user could not be logged out.

The fact that the single logout failed doesn't mean that all parts of the single logout failed. Possibly only one of the session participants couldn't perform a successful logout, while the others could.

Parameters:

responseHolder - object holding the HTTP servlet response