org.jboss.seam.security.external.spi
Interface SamlServiceProviderSpi

public interface SamlServiceProviderSpi

Interface that needs to be implemented by applications that want to act as a SAML service provider. It is the counterpart of the SamlServiceProviderApi. Most methods in this interface have a responseHolder parameter, which contains the HTTP response. This is a way of handing over the control over the browser to the application. The application is responsible for writing the response (either a normal HTML response, or an error, or a redirect). Typically, the application will redirect the user to a URL within the application.

Author:

Marcel Kolsteren

Method Summary

void	globalLogoutFailed(String statusCodeLevel1, String statusCodeLevel2, ResponseHolder responseHolder) This method is one of the asynchronous callbacks related to SamlServiceProviderApi.globalLogout(javax.servlet.http.HttpServletResponse).
void	globalLogoutSucceeded(ResponseHolder responseHolder) This method is the asynchronous callbacks related to SamlServiceProviderApi.globalLogout(javax.servlet.http.HttpServletResponse).
void	loggedIn(SamlSpSession session, String url, ResponseHolder responseHolder) When the service provider receives an unsolicited login from an identity provider, this method is called.
void	loggedOut(SamlSpSession session) When the service provider receives a logout request from an identity provider, this method is called.
void	loginFailed(String statusCodeLevel1, String statusCodeLevel2, ResponseHolder responseHolder) This method is called after failed external authentication of the user.
void	loginSucceeded(SamlSpSession session, ResponseHolder responseHolder) This method is called after successful external authentication of the user.

Method Detail

loginSucceeded

void loginSucceeded(SamlSpSession session,
                    ResponseHolder responseHolder)

This method is called after successful external authentication of the user. The session contains the details about the user. The call takes place in the same dialogue context as the corresponding API call: SamlServiceProviderApi.login(java.lang.String, javax.servlet.http.HttpServletResponse). The dialogue can be used, for example, to store the page that the user requested, so that the user can be redirected to this page after login took place.

Parameters:

session - session

responseHolder - object holding the HTTP servlet response

loginFailed

void loginFailed(String statusCodeLevel1,
                 String statusCodeLevel2,
                 ResponseHolder responseHolder)

This method is called after failed external authentication of the user. The call takes place in the same dialogue context as the corresponding API call.

Parameters:

statusCodeLevel1 - string indicating the top-level reason why the logout failed (see SAMLv2 core specification, section 3.2.2.2: top-level status code); it's required (never null)

statusCodeLevel2 - string indicating the second-level reason why the logout failed (see SAMLv2 core specification, section 3.2.2.2: second-level status code); it's optional (can be null)

responseHolder - object holding the HTTP servlet response

loggedIn

void loggedIn(SamlSpSession session,
              String url,
              ResponseHolder responseHolder)

When the service provider receives an unsolicited login from an identity provider, this method is called.

Parameters:

session - that has been created for this login

url - URL where the user needs to be redirected to; this URL is supplied by the identity provider and can be null

responseHolder - object holding the HTTP servlet response

globalLogoutSucceeded

void globalLogoutSucceeded(ResponseHolder responseHolder)

This method is the asynchronous callbacks related to SamlServiceProviderApi.globalLogout(javax.servlet.http.HttpServletResponse). It is called when the single logout was successful. Before this callback is called, the dialogue that was active at the time of the API call is restored. An implementation of this method will typically redirect the user to a page where a message is shown that the user has been logged out.

Parameters:

responseHolder - object holding the HTTP servlet response

globalLogoutFailed

void globalLogoutFailed(String statusCodeLevel1,
                        String statusCodeLevel2,
                        ResponseHolder responseHolder)

This method is one of the asynchronous callbacks related to SamlServiceProviderApi.globalLogout(javax.servlet.http.HttpServletResponse). It is called when the single logout was unsuccessful. Before this callback is called, the dialogue that was active at the time of the API call is restored. An implementation of this method will typically redirect the user to a page where a message is shown that the user could not be logged out.

The fact that the single logout failed doesn't mean that all parts of the single logout failed. Possibly only one of the session participants couldn't perform a successful logout, while the others could.

Parameters:

statusCodeLevel1 - string indicating the top-level reason why the logout failed (see SAMLv2 core specification, section 3.2.2.2: top-level status code); it's required (never null)

statusCodeLevel2 - string indicating the second-level reason why the logout failed (see SAMLv2 core specification, section 3.2.2.2: second-level status code); it's optional (can be null)

responseHolder - object holding the HTTP servlet response

loggedOut

void loggedOut(SamlSpSession session)

When the service provider receives a logout request from an identity provider, this method is called. The implementation of this method must take for granted that the user has been logged out.

Parameters:

session - that has been removed