Module org.codelibs.saml2
Package org.codelibs.saml2

Class Auth

java.lang.Object
org.codelibs.saml2.Auth
public class Auth extends Object
Main class of Java Toolkit. This class implements the SP SAML instance. Defines the methods that you can invoke in your application in order to add SAML support (initiates sso, initiates slo, processes a SAML Response, a Logout Request or a Logout Response). This is stateful and not thread-safe, you should create a new instance for each request/response.

  • Constructor Details

    • Auth

      public Auth()
      Initializes the SP SAML instance.

    • Auth

      public Auth(org.codelibs.saml2.core.model.KeyStoreSettings keyStoreSetting)
      Initializes the SP SAML instance.
      Parameters:
      keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys

    • Auth

      public Auth(String filename)
      Initializes the SP SAML instance.
      Parameters:
      filename - String Filename with the settings

    • Auth

      public Auth(String filename, org.codelibs.saml2.core.model.KeyStoreSettings keyStoreSetting)
      Initializes the SP SAML instance.
      Parameters:
      filename - String Filename with the settings
      keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys

    • Auth

      public Auth(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Initializes the SP SAML instance.
      Parameters:
      request - HttpServletRequest object to be processed
      response - HttpServletResponse object to be used

    • Auth

      public Auth(org.codelibs.saml2.core.model.KeyStoreSettings keyStoreSetting, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Initializes the SP SAML instance.
      Parameters:
      keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys
      request - HttpServletRequest object to be processed
      response - HttpServletResponse object to be used

    • Auth

      public Auth(String filename, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Initializes the SP SAML instance.
      Parameters:
      filename - String Filename with the settings
      request - HttpServletRequest object to be processed
      response - HttpServletResponse object to be used

    • Auth

      public Auth(String filename, org.codelibs.saml2.core.model.KeyStoreSettings keyStoreSetting, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Initializes the SP SAML instance.
      Parameters:
      filename - String Filename with the settings
      keyStoreSetting - KeyStoreSettings is a KeyStore which have the Private/Public keys
      request - HttpServletRequest object to be processed
      response - HttpServletResponse object to be used

    • Auth

      public Auth(org.codelibs.saml2.core.settings.Saml2Settings settings, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Initializes the SP SAML instance.
      Parameters:
      settings - Saml2Settings object. Setting data
      request - HttpServletRequest object to be processed
      response - HttpServletResponse object to be used

  • Method Details

    • setStrict

      public void setStrict(Boolean value)
      Set the strict mode active/disable
      Parameters:
      value - Strict value

    • login

      @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq)
      Deprecated.
      use login(String, AuthnRequestParams, Boolean) with AuthnRequestParams(boolean, boolean, boolean, String) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameIdValueReq - Indicates to the IdP the subject that should be authenticated
      Returns:
      the SSO URL with the AuthNRequest if stay = True

    • login

      @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq, Map<String,String> parameters)
      Deprecated.
      use login(String, AuthnRequestParams, Boolean, Map) with AuthnRequestParams(boolean, boolean, boolean, String) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameIdValueReq - Indicates to the IdP the subject that should be authenticated
      parameters - Use it to send extra parameters in addition to the AuthNRequest
      Returns:
      the SSO URL with the AuthNRequest if stay = True

    • login

      @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay)
      Deprecated.
      use login(String, AuthnRequestParams, Boolean) with AuthnRequestParams(boolean, boolean, boolean) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SSO URL with the AuthNRequest if stay = True

    • login

      @Deprecated public void login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy)
      Deprecated.
      use login(String, AuthnRequestParams) with AuthnRequestParams(boolean, boolean, boolean) instead
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      forceAuthn - When true the AuthNRequest will set the ForceAuthn='true'
      isPassive - When true the AuthNRequest will set the IsPassive='true'
      setNameIdPolicy - When true the AuthNRequest will set a nameIdPolicy

    • login

      public void login()
      Initiates the SSO process.

    • login

      public void login(org.codelibs.saml2.core.authn.AuthnRequestParams authnRequestParams)
      Initiates the SSO process.
      Parameters:
      authnRequestParams - the authentication request input parameters

    • login

      public void login(String relayState)
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided

    • login

      public void login(String relayState, org.codelibs.saml2.core.authn.AuthnRequestParams authnRequestParams)
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      authnRequestParams - the authentication request input parameters

    • login

      public String login(String relayState, org.codelibs.saml2.core.authn.AuthnRequestParams authnRequestParams, Boolean stay)
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      authnRequestParams - the authentication request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SSO URL with the AuthNRequest if stay = True

    • login

      public String login(String relayState, org.codelibs.saml2.core.authn.AuthnRequestParams authnRequestParams, Boolean stay, Map<String,String> parameters)
      Initiates the SSO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the authenticated user should be redirected after the authentication response has been received back from the Identity Provider and validated correctly with processResponse(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      authnRequestParams - the authentication request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      parameters - Use it to send extra parameters in addition to the AuthNRequest
      Returns:
      the SSO URL with the AuthNRequest if stay = True

    • logout

      public String logout(String relayState, org.codelibs.saml2.core.logout.LogoutRequestParams logoutRequestParams, Boolean stay)
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      logoutRequestParams - the logout request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      public void logout(String relayState, org.codelibs.saml2.core.logout.LogoutRequestParams logoutRequestParams)
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      logoutRequestParams - the logout request input parameters

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier)
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format that will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
      nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      public String logout(String relayState, org.codelibs.saml2.core.logout.LogoutRequestParams logoutRequestParams, Boolean stay, Map<String,String> parameters)
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      logoutRequestParams - the logout request input parameters
      stay - True if we want to stay (returns the url string) False to execute redirection
      parameters - Use it to send extra parameters in addition to the LogoutRequest
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier, Map<String,String> parameters)
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean, Map) with LogoutRequestParams(String, String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format that will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
      nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.
      parameters - Use it to send extra parameters in addition to the LogoutRequest
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier)
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat)
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay)
      Deprecated.
      use logout(String, LogoutRequestParams, Boolean) with LogoutRequestParams(String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the SLO URL with the LogoutRequest if stay = True

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier)
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier that will be set in the LogoutRequest.
      nameIdSPNameQualifier - The NameID SP Name Qualifier that will be set in the LogoutRequest.

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier)
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      nameidFormat - The NameID Format will be set in the LogoutRequest.
      nameIdNameQualifier - The NameID NameQualifier will be set in the LogoutRequest.

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat)
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).
      nameidFormat - The NameID Format will be set in the LogoutRequest.

    • logout

      @Deprecated public void logout(String relayState, String nameId, String sessionIndex)
      Deprecated.
      use logout(String, LogoutRequestParams) with LogoutRequestParams(String, String) instead
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided
      nameId - The NameID that will be set in the LogoutRequest.
      sessionIndex - The SessionIndex (taken from the SAML Response in the SSO process).

    • logout

      public void logout()
      Initiates the SLO process.

    • logout

      public void logout(String relayState)
      Initiates the SLO process.
      Parameters:
      relayState - a state information to pass forth and back between the Service Provider and the Identity Provider; in the most simple case, it may be a URL to which the logged out user should be redirected after the logout response has been received back from the Identity Provider and validated correctly with processSLO(); please note that SAML 2.0 specification imposes a limit of max 80 characters for this relayState data and that protection strategies against tampering should better be implemented; it will be a self-routed URL when null, otherwise no relayState at all will be appended if an empty string is provided

    • getSSOurl

      public String getSSOurl()
      Returns:
      The url of the Single Sign On Service

    • getSLOurl

      public String getSLOurl()
      Returns:
      The url of the Single Logout Service

    • getSLOResponseUrl

      public String getSLOResponseUrl()
      Returns:
      The url of the Single Logout Service Response.

    • processResponse

      public void processResponse(String requestId)
      Process the SAML Response sent by the IdP.
      Parameters:
      requestId - The ID of the AuthNRequest sent by this SP to the IdP

    • processResponse

      public void processResponse()
      Process the SAML Response sent by the IdP.

    • processSLO

      public String processSLO(Boolean keepLocalSession, String requestId, Boolean stay)
      Process the SAML Logout Response / Logout Request sent by the IdP.
      Parameters:
      keepLocalSession - When true will keep the local session, otherwise will destroy it
      requestId - The ID of the LogoutRequest sent by this SP to the IdP
      stay - True if we want to stay (returns the url string) False to execute redirection
      Returns:
      the URL with the Logout Message if stay = True

    • processSLO

      public void processSLO(Boolean keepLocalSession, String requestId)
      Process the SAML Logout Response / Logout Request sent by the IdP.
      Parameters:
      keepLocalSession - When true will keep the local session, otherwise will destroy it
      requestId - The ID of the LogoutRequest sent by this SP to the IdP

    • processSLO

      public void processSLO()
      Process the SAML Logout Response / Logout Request sent by the IdP.

    • isAuthenticated

      public final boolean isAuthenticated()
      Returns:
      the authenticated

    • getAttributesName

      public final List<String> getAttributesName()
      Returns:
      the list of the names of the SAML attributes.

    • getAttributes

      public final Map<String,List<String>> getAttributes()
      Returns:
      the set of SAML attributes.

    • getAttribute

      public final Collection<String> getAttribute(String name)
      Parameters:
      name - Name of the attribute
      Returns:
      the attribute value

    • getNameId

      public final String getNameId()
      Returns:
      the nameID of the assertion

    • getNameIdFormat

      public final String getNameIdFormat()
      Returns:
      the nameID Format of the assertion

    • getNameIdNameQualifier

      public final String getNameIdNameQualifier()
      Returns:
      the NameQualifier of the assertion

    • getNameIdSPNameQualifier

      public final String getNameIdSPNameQualifier()
      Returns:
      the SPNameQualifier of the assertion

    • getSessionIndex

      public final String getSessionIndex()
      Returns:
      the SessionIndex of the assertion

    • getSessionExpiration

      public final Instant getSessionExpiration()
      Returns:
      the SessionNotOnOrAfter of the assertion

    • getLastMessageId

      public String getLastMessageId()
      Returns:
      The ID of the last message processed

    • getLastMessageIssueInstant

      public Calendar getLastMessageIssueInstant()
      Returns the issue instant of the last message processed.
      Returns:
      The issue instant of the last message processed

    • getLastAssertionId

      public String getLastAssertionId()
      Returns:
      The ID of the last assertion processed

    • getLastAssertionNotOnOrAfter

      public List<Instant> getLastAssertionNotOnOrAfter()
      Returns:
      The NotOnOrAfter values of the last assertion processed

    • getErrors

      public List<String> getErrors()
      Returns:
      an array with the errors, the array is empty when the validation was successful

    • getLastErrorReason

      public String getLastErrorReason()
      Returns:
      the reason for the last error

    • getLastValidationException

      public Exception getLastValidationException()
      Returns:
      the exception for the last error

    • getLastRequestId

      public String getLastRequestId()
      Returns:
      the id of the last request generated (AuthnRequest or LogoutRequest), null if none

    • getLastRequestIssueInstant

      public Calendar getLastRequestIssueInstant()
      Returns the issue instant of the last request generated (AuthnRequest or LogoutRequest).
      Returns:
      the issue instant of the last request generated (AuthnRequest or LogoutRequest), null if none

    • getSettings

      public org.codelibs.saml2.core.settings.Saml2Settings getSettings()
      Returns:
      the Saml2Settings object. The Settings data.

    • isDebugActive

      public Boolean isDebugActive()
      Returns:
      if debug mode is active

    • buildRequestSignature

      public String buildRequestSignature(String samlRequest, String relayState, String signAlgorithm)
      Generates the Signature for a SAML Request
      Parameters:
      samlRequest - The SAML Request
      relayState - The RelayState
      signAlgorithm - Signature algorithm method
      Returns:
      a base64 encoded signature

    • buildResponseSignature

      public String buildResponseSignature(String samlResponse, String relayState, String signAlgorithm)
      Generates the Signature for a SAML Response
      Parameters:
      samlResponse - The SAML Response
      relayState - The RelayState
      signAlgorithm - Signature algorithm method
      Returns:
      the base64 encoded signature

    • getLastRequestXML

      public String getLastRequestXML()
      Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
      Returns:
      the last Request XML

    • getLastResponseXML

      public String getLastResponseXML()
      Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.
      Returns:
      the last Response XML

    • setSamlMessageFactory

      public void setSamlMessageFactory(SamlMessageFactory samlMessageFactory)
      Sets the factory this Auth will use to create SAML messages.

      This allows consumers to provide their own extension classes for SAML message XML generation and/or processing.

      Parameters:
      samlMessageFactory - the factory to use to create SAML message objects; if null, a default provider will be used which creates the standard message implementation provided by this library (i.e.: AuthnRequest, SamlResponse, LogoutRequest and LogoutResponse)