Package com.onelogin.saml2

Class Auth

java.lang.Object
com.onelogin.saml2.Auth
public class Auth extends Object
Main class of OneLogin's Java Toolkit. This class implements the SP SAML instance. Defines the methods that you can invoke in your application in order to add SAML support (initiates sso, initiates slo, processes a SAML Response, a Logout Request or a Logout Response). This is stateful and not thread-safe, you should create a new instance for each request/response.

  • Field Details

    • LOGGER

      private static final org.slf4j.Logger LOGGER
      Private property to construct a logger for this class.

    • settings

      private Saml2Settings settings
      Settings data.

    • request

      private jakarta.servlet.http.HttpServletRequest request
      HttpServletRequest object to be processed (Contains GET and POST parameters, session, ...).

    • response

      private jakarta.servlet.http.HttpServletResponse response
      HttpServletResponse object to be used (For example to execute the redirections).

    • nameid

      private String nameid
      NameID.

    • nameidFormat

      private String nameidFormat
      NameIDFormat.

    • nameidNameQualifier

      private String nameidNameQualifier
      nameId NameQualifier

    • nameidSPNameQualifier

      private String nameidSPNameQualifier
      nameId SP NameQualifier

    • sessionIndex

      private String sessionIndex
      SessionIndex. When the user is logged, this stored it from the AuthnStatement of the SAML Response

    • sessionExpiration

      private Instant sessionExpiration
      SessionNotOnOrAfter. When the user is logged, this stored it from the AuthnStatement of the SAML Response

    • lastMessageId

      private String lastMessageId
      The ID of the last message processed

    • lastMessageIssueInstant

      private Calendar lastMessageIssueInstant
      The issue instant of the last message processed

    • lastAssertionId

      private String lastAssertionId
      The ID of the last assertion processed

    • lastAssertionNotOnOrAfter

      private List<Instant> lastAssertionNotOnOrAfter
      The NotOnOrAfter values of the last assertion processed

    • attributes

      private Map<String,List<String>> attributes
      User attributes data.

    • authenticated

      private boolean authenticated
      If user is authenticated.

    • errors

      private List<String> errors
      Stores any error.

    • errorReason

      private String errorReason
      Reason of the last error.

    • validationException

      private Exception validationException
      Exception of the last error.

    • lastRequestId

      private String lastRequestId
      The id of the last request (Authn or Logout) generated

    • lastRequestIssueInstant

      private Calendar lastRequestIssueInstant
      The issue instant of the last request (Authn or Logout) generated

    • lastRequest

      private String lastRequest
      The most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)

    • lastResponse

      private String lastResponse
      The most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML

    • DEFAULT_SAML_MESSAGE_FACTORY

      private static final SamlMessageFactory DEFAULT_SAML_MESSAGE_FACTORY

    • samlMessageFactory

      private SamlMessageFactory samlMessageFactory

  • Constructor Details

  • Method Details

    • setStrict

      public void setStrict(Boolean value)
      Set the strict mode active/disable
      Parameters:
      value - Strict value

    • login

      @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq) throws IOException, SettingsException
      Deprecated.
      use login(String, AuthnRequestParams, Boolean) with AuthnRequestParams(boolean, boolean, boolean, String) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameIdValueReq - Indicates to the IdP the subject that should be authenticated
      Returns:
      the SSO URL with the AuthNRequest if stay = True
      Throws:
      IOException
      SettingsException

    • login

      @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq, Map<String,String> parameters) throws IOException, SettingsException
      Deprecated.
      use login(String, AuthnRequestParams, Boolean, Map) with AuthnRequestParams(boolean, boolean, boolean, String) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameIdValueReq - Indicates to the IdP the subject that should be authenticated
      parameters - Use it to send extra parameters in addition to the AuthNRequest
      Returns:
      the SSO URL with the AuthNRequest if stay = True
      Throws:
      IOException
      SettingsException

    • login

      @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay) throws IOException, SettingsException
      Deprecated.
      use login(String, AuthnRequestParams, Boolean) with AuthnRequestParams(boolean, boolean, boolean) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SSO URL with the AuthNRequest if stay = True
      Throws:
      IOException
      SettingsException

    • login

      @Deprecated public void login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) throws IOException, SettingsException
      Deprecated.
      use login(String, AuthnRequestParams) with AuthnRequestParams(boolean, boolean, boolean) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      Throws:
      IOException
      SettingsException

    • login

      public void login() throws IOException, SettingsException
      Initiates the SSO process.
      Throws:
      IOException
      SettingsException

    • login

      public void login(AuthnRequestParams authnRequestParams) throws IOException, SettingsException
      Initiates the SSO process.
      Parameters:
      authnRequestParams - the authentication request input parameters
      Throws:
      IOException
      SettingsException

    • login

      public void login(String relayState) throws IOException, SettingsException
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      Throws:
      IOException
      SettingsException

    • login

      public void login(String relayState, AuthnRequestParams authnRequestParams) throws IOException, SettingsException
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      authnRequestParams - the authentication request input parameters
      Throws:
      IOException
      SettingsException

    • login

      public String login(String relayState, AuthnRequestParams authnRequestParams, Boolean stay) throws IOException, SettingsException
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      authnRequestParams - the authentication request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SSO URL with the AuthNRequest if stay = True
      Throws:
      IOException
      SettingsException

    • login

      public String login(String relayState, AuthnRequestParams authnRequestParams, Boolean stay, Map<String,String> parameters) throws IOException, SettingsException
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      authnRequestParams - the authentication request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      parameters - Use it to send extra parameters in addition to the AuthNRequest
      Returns:
      the SSO URL with the AuthNRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      public String logout(String relayState, LogoutRequestParams logoutRequestParams, Boolean stay) throws IOException, SettingsException
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      logoutRequestParams - the logout request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      public void logout(String relayState, LogoutRequestParams logoutRequestParams) throws IOException, SettingsException
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      logoutRequestParams - the logout request input parameters
      Throws:
      IOException
      SettingsException

    • logout

      public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format that will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
      nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      public String logout(String relayState, LogoutRequestParams logoutRequestParams, Boolean stay, Map<String,String> parameters) throws IOException, SettingsException
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      logoutRequestParams - the logout request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      parameters - Use it to send extra parameters in addition to the LogoutRequest
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier, Map<String,String> parameters) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean, Map) with LogoutRequestParams(String, String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format that will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
      nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
      parameters - Use it to send extra parameters in addition to the LogoutRequest
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SLO URL with the LogoutRequest if stay = True
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
      nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      Throws:
      IOException
      SettingsException

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex) throws IOException, SettingsException
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      Throws:
      IOException
      SettingsException

    • logout

      public void logout() throws IOException, SettingsException
      Initiates the SLO process.
      Throws:
      IOException
      SettingsException

    • logout

      public void logout(String relayState) throws IOException, SettingsException
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      Throws:
      IOException
      SettingsException

    • getSSOurl

      public String getSSOurl()
      Returns:
      The url of the Single Sign On Service

    • getSLOurl

      public String getSLOurl()
      Returns:
      The url of the Single Logout Service

    • getSLOResponseUrl

      public String getSLOResponseUrl()
      Returns:
      The url of the Single Logout Service Response.

    • processResponse

      public void processResponse(String requestId) throws Exception
      Process the SAML Response sent by the IdP.
      Parameters:
      requestId - The ID of the AuthNRequest sent by this SP to the IdP
      Throws:
      Exception

    • processResponse

      public void processResponse() throws Exception
      Process the SAML Response sent by the IdP.
      Throws:
      Exception

    • processSLO

      public String processSLO(Boolean keepLocalSession, String requestId, Boolean stay) throws Exception
      Process the SAML Logout Response / Logout Request sent by the IdP.
      Parameters:
      keepLocalSession - When true will keep the local session, otherwise will destroy it
      requestId - The ID of the LogoutRequest sent by this SP to the IdP
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the URL with the Logout Message if stay = True
      Throws:
      Exception

    • processSLO

      public void processSLO(Boolean keepLocalSession, String requestId) throws Exception
      Process the SAML Logout Response / Logout Request sent by the IdP.
      Parameters:
      keepLocalSession - When true will keep the local session, otherwise will destroy it
      requestId - The ID of the LogoutRequest sent by this SP to the IdP
      Throws:
      Exception

    • processSLO

      public void processSLO() throws Exception
      Process the SAML Logout Response / Logout Request sent by the IdP.
      Throws:
      Exception

    • isAuthenticated

      public final boolean isAuthenticated()
      Returns:
      the authenticated

    • getAttributesName

      public final List<String> getAttributesName()
      Returns:
      the list of the names of the SAML attributes.

    • getAttributes

      public final Map<String,List<String>> getAttributes()
      Returns:
      the set of SAML attributes.

    • getAttribute

      public final Collection<String> getAttribute(String name)
      Parameters:
      name - Name of the attribute
      Returns:
      the attribute value

    • getNameId

      public final String getNameId()
      Returns:
      the nameID of the assertion

    • getNameIdFormat

      public final String getNameIdFormat()
      Returns:
      the nameID Format of the assertion

    • getNameIdNameQualifier

      public final String getNameIdNameQualifier()
      Returns:
      the NameQualifier of the assertion

    • getNameIdSPNameQualifier

      public final String getNameIdSPNameQualifier()
      Returns:
      the SPNameQualifier of the assertion

    • getSessionIndex

      public final String getSessionIndex()
      Returns:
      the SessionIndex of the assertion

    • getSessionExpiration

      public final Instant getSessionExpiration()
      Returns:
      the SessionNotOnOrAfter of the assertion

    • getLastMessageId

      public String getLastMessageId()
      Returns:
      The ID of the last message processed

    • getLastMessageIssueInstant

      public Calendar getLastMessageIssueInstant()
      Returns the issue instant of the last message processed.
      Returns:
      The issue instant of the last message processed

    • getLastAssertionId

      public String getLastAssertionId()
      Returns:
      The ID of the last assertion processed

    • getLastAssertionNotOnOrAfter

      public List<Instant> getLastAssertionNotOnOrAfter()
      Returns:
      The NotOnOrAfter values of the last assertion processed

    • getErrors

      public List<String> getErrors()
      Returns:
      an array with the errors, the array is empty when the validation was successful

    • getLastErrorReason

      public String getLastErrorReason()
      Returns:
      the reason for the last error

    • getLastValidationException

      public Exception getLastValidationException()
      Returns:
      the exception for the last error

    • getLastRequestId

      public String getLastRequestId()
      Returns:
      the id of the last request generated (AuthnRequest or LogoutRequest), null if none

    • getLastRequestIssueInstant

      public Calendar getLastRequestIssueInstant()
      Returns the issue instant of the last request generated (AuthnRequest or LogoutRequest).
      Returns:
      the issue instant of the last request generated (AuthnRequest or LogoutRequest), null if none

    • getSettings

      public Saml2Settings getSettings()
      Returns:
      the Saml2Settings object. The Settings data.

    • isDebugActive

      public Boolean isDebugActive()
      Returns:
      if debug mode is active

    • buildRequestSignature

      public String buildRequestSignature(String samlRequest, String relayState, String signAlgorithm) throws SettingsException
      Generates the Signature for a SAML Request
      Parameters:
      samlRequest - The SAML Request
      relayState - The RelayState
      signAlgorithm - Signature algorithm method
      Returns:
      a base64 encoded signature
      Throws:
      SettingsException

    • buildResponseSignature

      public String buildResponseSignature(String samlResponse, String relayState, String signAlgorithm) throws SettingsException
      Generates the Signature for a SAML Response
      Parameters:
      samlResponse - The SAML Response
      relayState - The RelayState
      signAlgorithm - Signature algorithm method
      Returns:
      the base64 encoded signature
      Throws:
      SettingsException

    • buildSignature

      private String buildSignature(String samlMessage, String relayState, String signAlgorithm, String type) throws SettingsException, IllegalArgumentException
      Generates the Signature for a SAML Message
      Parameters:
      samlMessage - The SAML Message
      relayState - The RelayState
      signAlgorithm - Signature algorithm method
      type - The type of the message
      Returns:
      the base64 encoded signature
      Throws:
      SettingsException
      IllegalArgumentException

    • getLastRequestXML

      public String getLastRequestXML()
      Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
      Returns:
      the last Request XML

    • getLastResponseXML

      public String getLastResponseXML()
      Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.
      Returns:
      the last Response XML

    • setSamlMessageFactory

      public void setSamlMessageFactory(SamlMessageFactory samlMessageFactory)
      Sets the factory this Auth will use to create SAML messages.

      This allows consumers to provide their own extension classes for SAML message XML generation and/or processing.

      Parameters:
      samlMessageFactory - the factory to use to create SAML message objects; if null, a default provider will be used which creates the standard message implementation provided by this library (i.e.: AuthnRequest, SamlResponse, LogoutRequest and LogoutResponse)