Example 1 with SamlSession
use of org.keycloak.adapters.saml.SamlSession in project keycloak by keycloak.
the class SendUsernameServlet method getSessionInfo.
private String getSessionInfo() {
HttpSession session = httpServletRequest.getSession(false);
if (session != null) {
final SamlSession samlSession = (SamlSession) httpServletRequest.getSession(false).getAttribute(SamlSession.class.getName());
if (samlSession != null) {
String output = "Session ID: " + samlSession.getSessionIndex() + "\n";
XMLGregorianCalendar sessionNotOnOrAfter = samlSession.getSessionNotOnOrAfter();
output += "SessionNotOnOrAfter: " + (sessionNotOnOrAfter == null ? "null" : sessionNotOnOrAfter.toString());
return output;
}
return "SamlSession doesn't exist";
}
return "Session doesn't exist";
}
Also used :
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
HttpSession(javax.servlet.http.HttpSession)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Example 2 with SamlSession
use of org.keycloak.adapters.saml.SamlSession in project keycloak by keycloak.
the class WebBrowserSsoAuthenticationHandler method globalLogout.
private AuthOutcome globalLogout() {
SamlSession account = sessionStore.getAccount();
if (account == null) {
return AuthOutcome.NOT_ATTEMPTED;
}
SAML2LogoutRequestBuilder logoutBuilder = new SAML2LogoutRequestBuilder().assertionExpiration(30).issuer(deployment.getEntityID()).sessionIndex(account.getSessionIndex()).nameId(account.getPrincipal().getNameID()).destination(deployment.getIDP().getSingleLogoutService().getRequestBindingUrl());
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
if (deployment.getIDP().getSingleLogoutService().signRequest()) {
if (deployment.getSignatureCanonicalizationMethod() != null)
binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
binding.signatureAlgorithm(deployment.getSignatureAlgorithm());
binding.signWith(null, deployment.getSigningKeyPair()).signDocument();
// TODO: As part of KEYCLOAK-3810, add KeyID to the SAML document
// <related DocumentBuilder>.addExtension(new KeycloakKeySamlExtensionGenerator(<key ID>));
}
binding.relayState("logout");
try {
SamlUtil.sendSaml(true, facade, deployment.getIDP().getSingleLogoutService().getRequestBindingUrl(), binding, logoutBuilder.buildDocument(), deployment.getIDP().getSingleLogoutService().getRequestBinding());
sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_OUT);
} catch (Exception e) {
log.error("Could not send global logout SAML request", e);
return AuthOutcome.FAILED;
}
return AuthOutcome.NOT_ATTEMPTED;
}
Also used :
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
SAML2LogoutRequestBuilder(org.keycloak.saml.SAML2LogoutRequestBuilder)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Example 3 with SamlSession
use of org.keycloak.adapters.saml.SamlSession in project keycloak by keycloak.
the class FilterSamlSessionStore method saveAccount.
@Override
public void saveAccount(SamlSession account) {
HttpSession session = request.getSession(true);
session.setAttribute(SamlSession.class.getName(), account);
if (idMapper != null)
idMapper.map(account.getSessionIndex(), account.getPrincipal().getSamlSubject(), session.getId());
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Example 4 with SamlSession
use of org.keycloak.adapters.saml.SamlSession in project keycloak by keycloak.
the class FilterSamlSessionStore method logoutByPrincipal.
@Override
public void logoutByPrincipal(String principal) {
SamlSession account = getAccount();
if (account != null && account.getPrincipal().getSamlSubject().equals(principal)) {
logoutAccount();
}
if (idMapper != null) {
Set<String> sessions = idMapper.getUserSessions(principal);
if (sessions != null) {
List<String> ids = new LinkedList<String>();
ids.addAll(sessions);
for (String id : ids) {
idMapper.removeSession(id);
}
}
}
}
Also used :
SamlSession(org.keycloak.adapters.saml.SamlSession)
LinkedList(java.util.LinkedList)
Example 5 with SamlSession
use of org.keycloak.adapters.saml.SamlSession in project keycloak by keycloak.
the class JettySamlSessionStore method logoutAccount.
@Override
public void logoutAccount() {
HttpSession session = request.getSession(false);
if (session != null) {
SamlSession samlSession = (SamlSession) session.getAttribute(SamlSession.class.getName());
if (samlSession != null) {
if (samlSession.getSessionIndex() != null) {
idMapper.removeSession(session.getId());
}
session.removeAttribute(SamlSession.class.getName());
}
session.removeAttribute(SAML_REDIRECT_URI);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Aggregations
SamlSession (org.keycloak.adapters.saml.SamlSession)22
HttpSession (javax.servlet.http.HttpSession)11
HttpScope (org.wildfly.security.http.HttpScope)3
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)2
SamlAuthenticator (org.keycloak.adapters.saml.SamlAuthenticator)2
SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)2
SamlSessionStore (org.keycloak.adapters.saml.SamlSessionStore)2
SamlAuthenticationHandler (org.keycloak.adapters.saml.profile.SamlAuthenticationHandler)2
BrowserHandler (org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler)2
SamlEndpoint (org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint)2
AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)2
AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)2
HttpFacade (org.keycloak.adapters.spi.HttpFacade)2
Account (io.undertow.security.idm.Account)1
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)1
IOException (java.io.IOException)1
URI (java.net.URI)1
InvalidKeyException (java.security.InvalidKeyException)1
KeyManagementException (java.security.KeyManagementException)1
SignatureException (java.security.SignatureException)1
