Package org.nuxeo.ecm.platform.auth.saml
Class SAMLAuthenticationProvider
java.lang.Object
org.nuxeo.ecm.platform.auth.saml.SAMLAuthenticationProvider
- All Implemented Interfaces:
NuxeoAuthenticationPlugin
,NuxeoAuthenticationPluginLogoutExtension
,LoginProviderLinkComputer
public class SAMLAuthenticationProvider
extends Object
implements NuxeoAuthenticationPlugin, LoginProviderLinkComputer, NuxeoAuthenticationPluginLogoutExtension
A SAML2 authentication provider.
- Since:
- 6.0
-
Field Summary
Modifier and TypeFieldDescriptionprotected static final Class<? extends UserResolver>
static final String
static final String
static final String
protected SAMLProcessorFactory
protected static final Class<? extends UserResolver>
protected UserResolver
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncomputeUrl
(javax.servlet.http.HttpServletRequest request, String requestedUrl) Compute Url that should be used to login via this login provider.findOrCreateNuxeoUser
(UserResolver userResolver, SAMLCredential credential) protected String
getSLOUrl
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Returns a Logout URL to use with HTTP RedirectReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.handleLoginPrompt
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String baseURL) Handles the Login Prompt.handleLogout
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handles logout operation.handleRetrieveIdentity
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Retrieves user identification information from the request.protected static void
void
initPlugin
(Map<String, String> parameters) Initializes the Plugin from parameters set in the XML descriptor.needLoginPrompt
(javax.servlet.http.HttpServletRequest httpRequest) Defines if the authentication plugin needs to do a login prompt.protected void
removeCookie
(javax.servlet.http.HttpServletResponse httpResponse, javax.servlet.http.Cookie cookie)
-
Field Details
-
ERROR_PAGE
- See Also:
-
ERROR_AUTH
- See Also:
-
ERROR_USER
- See Also:
-
DEFAULT_USER_RESOLVER_CLASS
-
USERMAPPER_USER_RESOLVER_CLASS
-
userResolver
-
processorFactory
- Since:
- 2023.0
-
-
Constructor Details
-
SAMLAuthenticationProvider
public SAMLAuthenticationProvider()
-
-
Method Details
-
initPlugin
Description copied from interface:NuxeoAuthenticationPlugin
Initializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPlugin
in interfaceNuxeoAuthenticationPlugin
-
initOpenSAML
protected static void initOpenSAML() -
computeUrl
Description copied from interface:LoginProviderLinkComputer
Compute Url that should be used to login via this login provider. Because the url can depend onb the context, it is computed by this method rather than using a static property- Specified by:
computeUrl
in interfaceLoginProviderLinkComputer
-
handleLoginPrompt
public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String baseURL) Description copied from interface:NuxeoAuthenticationPlugin
Handles the Login Prompt.- Specified by:
handleLoginPrompt
in interfaceNuxeoAuthenticationPlugin
- Parameters:
request
- the requestresponse
- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Description copied from interface:NuxeoAuthenticationPlugin
Retrieves user identification information from the request.- Specified by:
handleRetrieveIdentity
in interfaceNuxeoAuthenticationPlugin
- Parameters:
request
- the requestresponse
- the response
-
needLoginPrompt
Description copied from interface:NuxeoAuthenticationPlugin
Defines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPrompt
in interfaceNuxeoAuthenticationPlugin
- Returns:
- true if LoginPrompt is used
-
getUnAuthenticatedURLPrefix
Description copied from interface:NuxeoAuthenticationPlugin
Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefix
in interfaceNuxeoAuthenticationPlugin
-
getSLOUrl
protected String getSLOUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Returns a Logout URL to use with HTTP Redirect -
handleLogout
public Boolean handleLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Description copied from interface:NuxeoAuthenticationPluginLogoutExtension
Handles logout operation.Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.
- Specified by:
handleLogout
in interfaceNuxeoAuthenticationPluginLogoutExtension
- Returns:
- true if caller must stop execution (ie: logout generated a redirect), false otherwise
-
removeCookie
protected void removeCookie(javax.servlet.http.HttpServletResponse httpResponse, javax.servlet.http.Cookie cookie) -
findOrCreateNuxeoUser
protected Optional<String> findOrCreateNuxeoUser(UserResolver userResolver, SAMLCredential credential)
-