Class SAMLAuthenticationProvider

java.lang.Object
org.nuxeo.ecm.platform.auth.saml.SAMLAuthenticationProvider
All Implemented Interfaces:
NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension, LoginProviderLinkComputer

public class SAMLAuthenticationProvider extends Object implements NuxeoAuthenticationPlugin, LoginProviderLinkComputer, NuxeoAuthenticationPluginLogoutExtension
A SAML2 authentication provider.
Since:
6.0
  • Field Details

  • Constructor Details

    • SAMLAuthenticationProvider

      public SAMLAuthenticationProvider()
  • Method Details

    • initPlugin

      public void initPlugin(Map<String,String> parameters)
      Description copied from interface: NuxeoAuthenticationPlugin
      Initializes the Plugin from parameters set in the XML descriptor.
      Specified by:
      initPlugin in interface NuxeoAuthenticationPlugin
    • initOpenSAML

      protected static void initOpenSAML()
    • computeUrl

      public String computeUrl(javax.servlet.http.HttpServletRequest request, String requestedUrl)
      Description copied from interface: LoginProviderLinkComputer
      Compute Url that should be used to login via this login provider. Because the url can depend onb the context, it is computed by this method rather than using a static property
      Specified by:
      computeUrl in interface LoginProviderLinkComputer
    • handleLoginPrompt

      public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String baseURL)
      Description copied from interface: NuxeoAuthenticationPlugin
      Handles the Login Prompt.
      Specified by:
      handleLoginPrompt in interface NuxeoAuthenticationPlugin
      Parameters:
      request - the request
      response - the response
      Returns:
      true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
    • handleRetrieveIdentity

      public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Description copied from interface: NuxeoAuthenticationPlugin
      Retrieves user identification information from the request.
      Specified by:
      handleRetrieveIdentity in interface NuxeoAuthenticationPlugin
      Parameters:
      request - the request
      response - the response
    • needLoginPrompt

      public Boolean needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)
      Description copied from interface: NuxeoAuthenticationPlugin
      Defines if the authentication plugin needs to do a login prompt.
      Specified by:
      needLoginPrompt in interface NuxeoAuthenticationPlugin
      Returns:
      true if LoginPrompt is used
    • getUnAuthenticatedURLPrefix

      public List<String> getUnAuthenticatedURLPrefix()
      Description copied from interface: NuxeoAuthenticationPlugin
      Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
      Specified by:
      getUnAuthenticatedURLPrefix in interface NuxeoAuthenticationPlugin
    • getSLOUrl

      protected String getSLOUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Returns a Logout URL to use with HTTP Redirect
    • handleLogout

      public Boolean handleLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Description copied from interface: NuxeoAuthenticationPluginLogoutExtension
      Handles logout operation.

      Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.

      Specified by:
      handleLogout in interface NuxeoAuthenticationPluginLogoutExtension
      Returns:
      true if caller must stop execution (ie: logout generated a redirect), false otherwise
    • removeCookie

      protected void removeCookie(javax.servlet.http.HttpServletResponse httpResponse, javax.servlet.http.Cookie cookie)
    • findOrCreateNuxeoUser

      protected Optional<String> findOrCreateNuxeoUser(UserResolver userResolver, SAMLCredential credential)