Package com.onelogin.saml2

Class Auth

  • public class Auth
extends java.lang.Object
    Main class of OneLogin's Java Toolkit. This class implements the SP SAML instance. Defines the methods that you can invoke in your application in order to add SAML support (initiates sso, initiates slo, processes a SAML Response, a Logout Request or a Logout Response). This is stateful and not thread-safe, you should create a new instance for each request/response.

    • Field Detail

      • LOGGER

        private static final org.slf4j.Logger LOGGER
        Private property to construct a logger for this class.

      • request

        private javax.servlet.http.HttpServletRequest request
        HttpServletRequest object to be processed (Contains GET and POST parameters, session, ...).

      • response

        private javax.servlet.http.HttpServletResponse response
        HttpServletResponse object to be used (For example to execute the redirections).

      • nameid

        private java.lang.String nameid
        NameID.

      • nameidFormat

        private java.lang.String nameidFormat
        NameIDFormat.

      • nameidNameQualifier

        private java.lang.String nameidNameQualifier
        nameId NameQualifier

      • nameidSPNameQualifier

        private java.lang.String nameidSPNameQualifier
        nameId SP NameQualifier

      • sessionIndex

        private java.lang.String sessionIndex
        SessionIndex. When the user is logged, this stored it from the AuthnStatement of the SAML Response

      • sessionExpiration

        private org.joda.time.DateTime sessionExpiration
        SessionNotOnOrAfter. When the user is logged, this stored it from the AuthnStatement of the SAML Response

      • lastMessageId

        private java.lang.String lastMessageId
        The ID of the last message processed

      • lastMessageIssueInstant

        private java.util.Calendar lastMessageIssueInstant
        The issue instant of the last message processed

      • lastAssertionId

        private java.lang.String lastAssertionId
        The ID of the last assertion processed

      • lastAssertionNotOnOrAfter

        private java.util.List<org.joda.time.Instant> lastAssertionNotOnOrAfter
        The NotOnOrAfter values of the last assertion processed

      • attributes

        private java.util.Map<java.lang.String,​java.util.List<java.lang.String>> attributes
        User attributes data.

      • authenticated

        private boolean authenticated
        If user is authenticated.

      • errors

        private java.util.List<java.lang.String> errors
        Stores any error.

      • errorReason

        private java.lang.String errorReason
        Reason of the last error.

      • validationException

        private java.lang.Exception validationException
        Exception of the last error.

      • lastRequestId

        private java.lang.String lastRequestId
        The id of the last request (Authn or Logout) generated

      • lastRequestIssueInstant

        private java.util.Calendar lastRequestIssueInstant
        The issue instant of the last request (Authn or Logout) generated

      • lastRequest

        private java.lang.String lastRequest
        The most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)

      • lastResponse

        private java.lang.String lastResponse
        The most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML

      • DEFAULT_SAML_MESSAGE_FACTORY

        private static final SamlMessageFactory DEFAULT_SAML_MESSAGE_FACTORY

    • Constructor Detail

      • Auth

        public Auth​(java.lang.String filename)
     throws java.io.IOException,
            SettingsException,
            Error
        Initializes the SP SAML instance.
        Parameters:
        filename - String Filename with the settings
        Throws:
        java.io.IOException
        SettingsException
        Error

      • Auth

        public Auth​(java.lang.String filename,
            KeyStoreSettings keyStoreSetting)
     throws java.io.IOException,
            SettingsException,
            Error
        Initializes the SP SAML instance.
        Parameters:
        filename - String Filename with the settings
        keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys
        Throws:
        java.io.IOException
        SettingsException
        Error

      • Auth

        public Auth​(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws java.io.IOException,
            SettingsException,
            Error
        Initializes the SP SAML instance.
        Parameters:
        request - HttpServletRequest object to be processed
        response - HttpServletResponse object to be used
        Throws:
        java.io.IOException
        SettingsException
        Error

      • Auth

        public Auth​(KeyStoreSettings keyStoreSetting,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws java.io.IOException,
            SettingsException,
            Error
        Initializes the SP SAML instance.
        Parameters:
        keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys
        request - HttpServletRequest object to be processed
        response - HttpServletResponse object to be used
        Throws:
        java.io.IOException
        SettingsException
        Error

      • Auth

        public Auth​(java.lang.String filename,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException,
            java.io.IOException,
            Error
        Initializes the SP SAML instance.
        Parameters:
        filename - String Filename with the settings
        request - HttpServletRequest object to be processed
        response - HttpServletResponse object to be used
        Throws:
        SettingsException
        java.io.IOException
        Error

      • Auth

        public Auth​(java.lang.String filename,
            KeyStoreSettings keyStoreSetting,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException,
            java.io.IOException,
            Error
        Initializes the SP SAML instance.
        Parameters:
        filename - String Filename with the settings
        keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys
        request - HttpServletRequest object to be processed
        response - HttpServletResponse object to be used
        Throws:
        SettingsException
        java.io.IOException
        Error

      • Auth

        public Auth​(Saml2Settings settings,
            javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)
     throws SettingsException
        Initializes the SP SAML instance.
        Parameters:
        settings - Saml2Settings object. Setting data
        request - HttpServletRequest object to be processed
        response - HttpServletResponse object to be used
        Throws:
        SettingsException

    • Method Detail

      • setStrict

        public void setStrict​(java.lang.Boolean value)
        Set the strict mode active/disable
        Parameters:
        value - Strict value

      • login

        @Deprecated
public java.lang.String login​(java.lang.String relayState,
                              java.lang.Boolean forceAuthn,
                              java.lang.Boolean isPassive,
                              java.lang.Boolean setNameIdPolicy,
                              java.lang.Boolean stay,
                              java.lang.String nameIdValueReq)
                       throws java.io.IOException,
                              SettingsException
        Deprecated.
        use login(String, AuthnRequestParams, Boolean) with AuthnRequestParams(boolean, boolean, boolean, String) instead
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
        isPassive - When true the AuthNRequest will set the IsPassive='true'
        setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
        stay - True if we want to stay (returns the url string) False to execute redirection
        nameIdValueReq - Indicates to the IdP the subject that should be authenticated
        Returns:
        the SSO URL with the AuthNRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • login

        @Deprecated
public java.lang.String login​(java.lang.String relayState,
                              java.lang.Boolean forceAuthn,
                              java.lang.Boolean isPassive,
                              java.lang.Boolean setNameIdPolicy,
                              java.lang.Boolean stay,
                              java.lang.String nameIdValueReq,
                              java.util.Map<java.lang.String,​java.lang.String> parameters)
                       throws java.io.IOException,
                              SettingsException
        Deprecated.
        use login(String, AuthnRequestParams, Boolean, Map) with AuthnRequestParams(boolean, boolean, boolean, String) instead
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
        isPassive - When true the AuthNRequest will set the IsPassive='true'
        setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
        stay - True if we want to stay (returns the url string) False to execute redirection
        nameIdValueReq - Indicates to the IdP the subject that should be authenticated
        parameters - Use it to send extra parameters in addition to the AuthNRequest
        Returns:
        the SSO URL with the AuthNRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • login

        @Deprecated
public java.lang.String login​(java.lang.String relayState,
                              java.lang.Boolean forceAuthn,
                              java.lang.Boolean isPassive,
                              java.lang.Boolean setNameIdPolicy,
                              java.lang.Boolean stay)
                       throws java.io.IOException,
                              SettingsException
        Deprecated.
        use login(String, AuthnRequestParams, Boolean) with AuthnRequestParams(boolean, boolean, boolean) instead
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
        isPassive - When true the AuthNRequest will set the IsPassive='true'
        setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
        stay - True if we want to stay (returns the url string) False to execute redirection
        Returns:
        the SSO URL with the AuthNRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • login

        @Deprecated
public void login​(java.lang.String relayState,
                  java.lang.Boolean forceAuthn,
                  java.lang.Boolean isPassive,
                  java.lang.Boolean setNameIdPolicy)
           throws java.io.IOException,
                  SettingsException
        Deprecated.
        use login(String, AuthnRequestParams) with AuthnRequestParams(boolean, boolean, boolean) instead
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
        isPassive - When true the AuthNRequest will set the IsPassive='true'
        setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
        Throws:
        java.io.IOException
        SettingsException

      • login

        public void login​(AuthnRequestParams authnRequestParams)
           throws java.io.IOException,
                  SettingsException
        Initiates the SSO process.
        Parameters:
        authnRequestParams - the authentication request input parameters
        Throws:
        java.io.IOException
        SettingsException

      • login

        public void login​(java.lang.String relayState)
           throws java.io.IOException,
                  SettingsException
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        Throws:
        java.io.IOException
        SettingsException

      • login

        public void login​(java.lang.String relayState,
                  AuthnRequestParams authnRequestParams)
           throws java.io.IOException,
                  SettingsException
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        authnRequestParams - the authentication request input parameters
        Throws:
        java.io.IOException
        SettingsException

      • login

        public java.lang.String login​(java.lang.String relayState,
                              AuthnRequestParams authnRequestParams,
                              java.lang.Boolean stay)
                       throws java.io.IOException,
                              SettingsException
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        authnRequestParams - the authentication request input parameters
        stay - True if we want to stay (returns the url string) False to execute redirection
        Returns:
        the SSO URL with the AuthNRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • login

        public java.lang.String login​(java.lang.String relayState,
                              AuthnRequestParams authnRequestParams,
                              java.lang.Boolean stay,
                              java.util.Map<java.lang.String,​java.lang.String> parameters)
                       throws java.io.IOException,
                              SettingsException
        Initiates the SSO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        authnRequestParams - the authentication request input parameters
        stay - True if we want to stay (returns the url string) False to execute redirection
        parameters - Use it to send extra parameters in addition to the AuthNRequest
        Returns:
        the SSO URL with the AuthNRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        public java.lang.String logout​(java.lang.String relayState,
                               LogoutRequestParams logoutRequestParams,
                               java.lang.Boolean stay)
                        throws java.io.IOException,
                               SettingsException
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        stay - True if we want to stay (returns the url string) False to execute redirection
        logoutRequestParams - the logout request input parameters
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        public void logout​(java.lang.String relayState,
                   LogoutRequestParams logoutRequestParams)
            throws java.io.IOException,
                   SettingsException
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        logoutRequestParams - the logout request input parameters
        Throws:
        java.io.IOException
        SettingsException

      • logout

        public java.lang.String logout​(java.lang.String relayState,
                               java.lang.String nameId,
                               java.lang.String sessionIndex,
                               java.lang.Boolean stay,
                               java.lang.String nameidFormat,
                               java.lang.String nameIdNameQualifier,
                               java.lang.String nameIdSPNameQualifier)
                        throws java.io.IOException,
                               SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        stay - True if we want to stay (returns the url string) False to execute redirection
        nameidFormat - The NameID Format that will be set in the LogoutRequest.
        nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
        nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        public java.lang.String logout​(java.lang.String relayState,
                               LogoutRequestParams logoutRequestParams,
                               java.lang.Boolean stay,
                               java.util.Map<java.lang.String,​java.lang.String> parameters)
                        throws java.io.IOException,
                               SettingsException
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        logoutRequestParams - the logout request input parameters
        stay - True if we want to stay (returns the url string) False to execute redirection
        parameters - Use it to send extra parameters in addition to the LogoutRequest
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public java.lang.String logout​(java.lang.String relayState,
                               java.lang.String nameId,
                               java.lang.String sessionIndex,
                               java.lang.Boolean stay,
                               java.lang.String nameidFormat,
                               java.lang.String nameIdNameQualifier,
                               java.lang.String nameIdSPNameQualifier,
                               java.util.Map<java.lang.String,​java.lang.String> parameters)
                        throws java.io.IOException,
                               SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams, Boolean, Map) with LogoutRequestParams(String, String, String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        stay - True if we want to stay (returns the url string) False to execute redirection
        nameidFormat - The NameID Format that will be set in the LogoutRequest.
        nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
        nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
        parameters - Use it to send extra parameters in addition to the LogoutRequest
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public java.lang.String logout​(java.lang.String relayState,
                               java.lang.String nameId,
                               java.lang.String sessionIndex,
                               java.lang.Boolean stay,
                               java.lang.String nameidFormat,
                               java.lang.String nameIdNameQualifier)
                        throws java.io.IOException,
                               SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        stay - True if we want to stay (returns the url string) False to execute redirection
        nameidFormat - The NameID Format will be set in the LogoutRequest.
        nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public java.lang.String logout​(java.lang.String relayState,
                               java.lang.String nameId,
                               java.lang.String sessionIndex,
                               java.lang.Boolean stay,
                               java.lang.String nameidFormat)
                        throws java.io.IOException,
                               SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        stay - True if we want to stay (returns the url string) False to execute redirection
        nameidFormat - The NameID Format will be set in the LogoutRequest.
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public java.lang.String logout​(java.lang.String relayState,
                               java.lang.String nameId,
                               java.lang.String sessionIndex,
                               java.lang.Boolean stay)
                        throws java.io.IOException,
                               SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        stay - True if we want to stay (returns the url string) False to execute redirection
        Returns:
        the SLO URL with the LogoutRequest if stay = True
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public void logout​(java.lang.String relayState,
                   java.lang.String nameId,
                   java.lang.String sessionIndex,
                   java.lang.String nameidFormat,
                   java.lang.String nameIdNameQualifier,
                   java.lang.String nameIdSPNameQualifier)
            throws java.io.IOException,
                   SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        nameidFormat - The NameID Format will be set in the LogoutRequest.
        nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
        nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public void logout​(java.lang.String relayState,
                   java.lang.String nameId,
                   java.lang.String sessionIndex,
                   java.lang.String nameidFormat,
                   java.lang.String nameIdNameQualifier)
            throws java.io.IOException,
                   SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        nameidFormat - The NameID Format will be set in the LogoutRequest.
        nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public void logout​(java.lang.String relayState,
                   java.lang.String nameId,
                   java.lang.String sessionIndex,
                   java.lang.String nameidFormat)
            throws java.io.IOException,
                   SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        nameidFormat - The NameID Format will be set in the LogoutRequest.
        Throws:
        java.io.IOException
        SettingsException

      • logout

        @Deprecated
public void logout​(java.lang.String relayState,
                   java.lang.String nameId,
                   java.lang.String sessionIndex)
            throws java.io.IOException,
                   SettingsException
        Deprecated.
        use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String) instead
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        nameId - The NameID that will be set in the LogoutRequest.
        sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
        Throws:
        java.io.IOException
        SettingsException

      • logout

        public void logout​(java.lang.String relayState)
            throws java.io.IOException,
                   SettingsException
        Initiates the SLO process.
        Parameters:
        relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
        Throws:
        java.io.IOException
        SettingsException

      • getSSOurl

        public java.lang.String getSSOurl()
        Returns:
        The url of the Single Sign On Service

      • getSLOurl

        public java.lang.String getSLOurl()
        Returns:
        The url of the Single Logout Service

      • getSLOResponseUrl

        public java.lang.String getSLOResponseUrl()
        Returns:
        The url of the Single Logout Service Response.

      • processResponse

        public void processResponse​(java.lang.String requestId)
                     throws java.lang.Exception
        Process the SAML Response sent by the IdP.
        Parameters:
        requestId - The ID of the AuthNRequest sent by this SP to the IdP
        Throws:
        java.lang.Exception

      • processResponse

        public void processResponse()
                     throws java.lang.Exception
        Process the SAML Response sent by the IdP.
        Throws:
        java.lang.Exception

      • processSLO

        public java.lang.String processSLO​(java.lang.Boolean keepLocalSession,
                                   java.lang.String requestId,
                                   java.lang.Boolean stay)
                            throws java.lang.Exception
        Process the SAML Logout Response / Logout Request sent by the IdP.
        Parameters:
        keepLocalSession - When true will keep the local session, otherwise will destroy it
        requestId - The ID of the LogoutRequest sent by this SP to the IdP
        stay - True if we want to stay (returns the url string) False to execute redirection
        Returns:
        the URL with the Logout Message if stay = True
        Throws:
        java.lang.Exception

      • processSLO

        public void processSLO​(java.lang.Boolean keepLocalSession,
                       java.lang.String requestId)
                throws java.lang.Exception
        Process the SAML Logout Response / Logout Request sent by the IdP.
        Parameters:
        keepLocalSession - When true will keep the local session, otherwise will destroy it
        requestId - The ID of the LogoutRequest sent by this SP to the IdP
        Throws:
        java.lang.Exception

      • processSLO

        public void processSLO()
                throws java.lang.Exception
        Process the SAML Logout Response / Logout Request sent by the IdP.
        Throws:
        java.lang.Exception

      • isAuthenticated

        public final boolean isAuthenticated()
        Returns:
        the authenticated

      • getAttributesName

        public final java.util.List<java.lang.String> getAttributesName()
        Returns:
        the list of the names of the SAML attributes.

      • getAttributes

        public final java.util.Map<java.lang.String,​java.util.List<java.lang.String>> getAttributes()
        Returns:
        the set of SAML attributes.

      • getAttribute

        public final java.util.Collection<java.lang.String> getAttribute​(java.lang.String name)
        Parameters:
        name - Name of the attribute
        Returns:
        the attribute value

      • getNameId

        public final java.lang.String getNameId()
        Returns:
        the nameID of the assertion

      • getNameIdFormat

        public final java.lang.String getNameIdFormat()
        Returns:
        the nameID Format of the assertion

      • getNameIdNameQualifier

        public final java.lang.String getNameIdNameQualifier()
        Returns:
        the NameQualifier of the assertion

      • getNameIdSPNameQualifier

        public final java.lang.String getNameIdSPNameQualifier()
        Returns:
        the SPNameQualifier of the assertion

      • getSessionIndex

        public final java.lang.String getSessionIndex()
        Returns:
        the SessionIndex of the assertion

      • getSessionExpiration

        public final org.joda.time.DateTime getSessionExpiration()
        Returns:
        the SessionNotOnOrAfter of the assertion

      • getLastMessageId

        public java.lang.String getLastMessageId()
        Returns:
        The ID of the last message processed

      • getLastMessageIssueInstant

        public java.util.Calendar getLastMessageIssueInstant()
        Returns the issue instant of the last message processed.
        Returns:
        The issue instant of the last message processed

      • getLastAssertionId

        public java.lang.String getLastAssertionId()
        Returns:
        The ID of the last assertion processed

      • getLastAssertionNotOnOrAfter

        public java.util.List<org.joda.time.Instant> getLastAssertionNotOnOrAfter()
        Returns:
        The NotOnOrAfter values of the last assertion processed

      • getErrors

        public java.util.List<java.lang.String> getErrors()
        Returns:
        an array with the errors, the array is empty when the validation was successful

      • getLastErrorReason

        public java.lang.String getLastErrorReason()
        Returns:
        the reason for the last error

      • getLastValidationException

        public java.lang.Exception getLastValidationException()
        Returns:
        the exception for the last error

      • getLastRequestId

        public java.lang.String getLastRequestId()
        Returns:
        the id of the last request generated (AuthnRequest or LogoutRequest), null if none

      • getLastRequestIssueInstant

        public java.util.Calendar getLastRequestIssueInstant()
        Returns the issue instant of the last request generated (AuthnRequest or LogoutRequest).
        Returns:
        the issue instant of the last request generated (AuthnRequest or LogoutRequest), null if none

      • getSettings

        public Saml2Settings getSettings()
        Returns:
        the Saml2Settings object. The Settings data.

      • isDebugActive

        public java.lang.Boolean isDebugActive()
        Returns:
        if debug mode is active

      • buildRequestSignature

        public java.lang.String buildRequestSignature​(java.lang.String samlRequest,
                                              java.lang.String relayState,
                                              java.lang.String signAlgorithm)
                                       throws SettingsException
        Generates the Signature for a SAML Request
        Parameters:
        samlRequest - The SAML Request
        relayState - The RelayState
        signAlgorithm - Signature algorithm method
        Returns:
        a base64 encoded signature
        Throws:
        SettingsException

      • buildResponseSignature

        public java.lang.String buildResponseSignature​(java.lang.String samlResponse,
                                               java.lang.String relayState,
                                               java.lang.String signAlgorithm)
                                        throws SettingsException
        Generates the Signature for a SAML Response
        Parameters:
        samlResponse - The SAML Response
        relayState - The RelayState
        signAlgorithm - Signature algorithm method
        Returns:
        the base64 encoded signature
        Throws:
        SettingsException

      • buildSignature

        private java.lang.String buildSignature​(java.lang.String samlMessage,
                                        java.lang.String relayState,
                                        java.lang.String signAlgorithm,
                                        java.lang.String type)
                                 throws SettingsException,
                                        java.lang.IllegalArgumentException
        Generates the Signature for a SAML Message
        Parameters:
        samlMessage - The SAML Message
        relayState - The RelayState
        signAlgorithm - Signature algorithm method
        type - The type of the message
        Returns:
        the base64 encoded signature
        Throws:
        SettingsException
        java.lang.IllegalArgumentException

      • getLastRequestXML

        public java.lang.String getLastRequestXML()
        Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
        Returns:
        the last Request XML

      • getLastResponseXML

        public java.lang.String getLastResponseXML()
        Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.
        Returns:
        the last Response XML

      • setSamlMessageFactory

        public void setSamlMessageFactory​(SamlMessageFactory samlMessageFactory)
        Sets the factory this Auth will use to create SAML messages.

        This allows consumers to provide their own extension classes for SAML message XML generation and/or processing.

        Parameters:
        samlMessageFactory - the factory to use to create SAML message objects; if null, a default provider will be used which creates the standard message implementation provided by this library (i.e.: AuthnRequest, SamlResponse, LogoutRequest and LogoutResponse)