Package org.nuxeo.ecm.platform.auth.saml
Class SAMLAuthenticationProvider
java.lang.Object
org.nuxeo.ecm.platform.auth.saml.SAMLAuthenticationProvider
- All Implemented Interfaces:
NuxeoAuthenticationPlugin,NuxeoAuthenticationPluginLogoutExtension,LoginProviderLinkComputer
public class SAMLAuthenticationProvider
extends Object
implements NuxeoAuthenticationPlugin, LoginProviderLinkComputer, NuxeoAuthenticationPluginLogoutExtension
A SAML2 authentication provider.
- Since:
- 6.0
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected SAMLConfigurationstatic final Stringstatic final Stringstatic final Stringprotected SAMLProcessorFactoryprotected UserResolver -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncomputeUrl(jakarta.servlet.http.HttpServletRequest request, String requestedUrl) Compute Url that should be used to login via this login provider.findOrCreateNuxeoUser(UserResolver userResolver, SAMLCredential credential) protected StringgetSLOUrl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Returns a Logout URL to use with HTTP RedirectReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.handleLoginPrompt(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String baseURL) Handles the Login Prompt.handleLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Handles logout operation.handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Retrieves user identification information from the request.protected static voidvoidinitPlugin(Map<String, String> parameters) Initializes the Plugin from parameters set in the XML descriptor.needLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest) Defines if the authentication plugin needs to do a login prompt.protected voidremoveCookie(jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.servlet.http.Cookie cookie)
-
Field Details
-
ERROR_PAGE
- See Also:
-
ERROR_AUTH
- See Also:
-
ERROR_USER
- See Also:
-
configuration
-
userResolver
-
processorFactory
- Since:
- 2023.0
-
-
Constructor Details
-
SAMLAuthenticationProvider
public SAMLAuthenticationProvider()
-
-
Method Details
-
initPlugin
Description copied from interface:NuxeoAuthenticationPluginInitializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPluginin interfaceNuxeoAuthenticationPlugin
-
initOpenSAML
protected static void initOpenSAML() -
computeUrl
Description copied from interface:LoginProviderLinkComputerCompute Url that should be used to login via this login provider. Because the url can depend onb the context, it is computed by this method rather than using a static property- Specified by:
computeUrlin interfaceLoginProviderLinkComputer
-
handleLoginPrompt
public Boolean handleLoginPrompt(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String baseURL) Description copied from interface:NuxeoAuthenticationPluginHandles the Login Prompt.- Specified by:
handleLoginPromptin interfaceNuxeoAuthenticationPlugin- Parameters:
request- the requestresponse- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:NuxeoAuthenticationPluginRetrieves user identification information from the request.- Specified by:
handleRetrieveIdentityin interfaceNuxeoAuthenticationPlugin- Parameters:
request- the requestresponse- the response
-
needLoginPrompt
Description copied from interface:NuxeoAuthenticationPluginDefines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPromptin interfaceNuxeoAuthenticationPlugin- Returns:
- true if LoginPrompt is used
-
getUnAuthenticatedURLPrefix
Description copied from interface:NuxeoAuthenticationPluginReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefixin interfaceNuxeoAuthenticationPlugin
-
getSLOUrl
protected String getSLOUrl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Returns a Logout URL to use with HTTP Redirect -
handleLogout
public Boolean handleLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:NuxeoAuthenticationPluginLogoutExtensionHandles logout operation.Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.
- Specified by:
handleLogoutin interfaceNuxeoAuthenticationPluginLogoutExtension- Returns:
- true if caller must stop execution (ie: logout generated a redirect), false otherwise
-
removeCookie
protected void removeCookie(jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.servlet.http.Cookie cookie) -
findOrCreateNuxeoUser
protected Optional<String> findOrCreateNuxeoUser(UserResolver userResolver, SAMLCredential credential) -
getConfiguration
- Since:
- 2025.7
-