Class Saml2AuthnRequestAuthenticationProvider
java.lang.Object
se.swedenconnect.spring.saml.idp.authnrequest.Saml2AuthnRequestAuthenticationProvider
- All Implemented Interfaces:
org.springframework.security.authentication.AuthenticationProvider
public class Saml2AuthnRequestAuthenticationProvider
extends Object
implements org.springframework.security.authentication.AuthenticationProvider
An
AuthenticationProvider that processes a Saml2AuthnRequestAuthenticationToken and if the processing
is succesful returns a Saml2UserAuthenticationInputToken.
The signature on the authentication request is verified, and the request is checked against the IdP configuration before proceeding with the actual user authentication.
- Author:
- Martin Lindström
-
Constructor Summary
ConstructorsConstructorDescriptionSaml2AuthnRequestAuthenticationProvider(Saml2IdpEventPublisher eventPublisher, AuthnRequestValidator signatureValidator, AuthnRequestValidator assertionConsumerServiceValidator, AuthnRequestValidator replayValidator, AuthnRequestValidator encryptCapabilitiesValidator, List<RequestedAttributeProcessor> requestedAttributesProcessors, NameIDGeneratorFactory nameIDGeneratorFactory, Saml2ServiceProviderFilter serviceProviderFilter) Constructor.Saml2AuthnRequestAuthenticationProvider(Saml2IdpEventPublisher eventPublisher, AuthnRequestValidator signatureValidator, AuthnRequestValidator assertionConsumerServiceValidator, AuthnRequestValidator replayValidator, AuthnRequestValidator encryptCapabilitiesValidator, List<RequestedAttributeProcessor> requestedAttributesProcessors, NameIDGeneratorFactory nameIDGeneratorFactory, Saml2ServiceProviderFilter serviceProviderFilter, SignatureMessageExtensionExtractor signatureMessageExtensionExtractor, PrincipalSelectionProcessor principalSelectionProcessor) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.core.Authenticationauthenticate(org.springframework.security.core.Authentication authentication) protected AuthenticationRequirementsCreates anAuthenticationRequirementsobject.protected Collection<RequestedAttribute> extractRequestedAttributes(Saml2AuthnRequestAuthenticationToken authnRequestToken) Extracts the requested attributes by invoking the configuredRequestedAttributeProcessors.voidsetSignatureMessagePreprocessor(SignatureMessagePreprocessor signatureMessagePreprocessor) Assigns aSignatureMessagePreprocessorfor preparing the sign message for display.voidsetUserMessagePreprocessor(UserMessagePreprocessor userMessagePreprocessor) Assigns aUserMessagePreprocessorfor preparing the user messages for display.booleanSupportsSaml2AuthnRequestAuthenticationToken.
-
Constructor Details
-
Saml2AuthnRequestAuthenticationProvider
public Saml2AuthnRequestAuthenticationProvider(Saml2IdpEventPublisher eventPublisher, AuthnRequestValidator signatureValidator, AuthnRequestValidator assertionConsumerServiceValidator, AuthnRequestValidator replayValidator, AuthnRequestValidator encryptCapabilitiesValidator, List<RequestedAttributeProcessor> requestedAttributesProcessors, NameIDGeneratorFactory nameIDGeneratorFactory, Saml2ServiceProviderFilter serviceProviderFilter) Constructor. SeeSaml2AuthnRequestAuthenticationProviderConfigurerfor how to configuration and setup.- Parameters:
eventPublisher- the event publishersignatureValidator- the signature validator to useassertionConsumerServiceValidator- validator checking the AssertionConsumerServicereplayValidator- for protecting against replay attacksencryptCapabilitiesValidator- validator asserting that we can encrypt assertionsrequestedAttributesProcessors- extracts the requested attributesnameIDGeneratorFactory- theNameIDGeneratorFactoryto use when creating aNameIDGeneratorinstanceserviceProviderFilter- filter for checking whether an SP is acceptable
-
Saml2AuthnRequestAuthenticationProvider
public Saml2AuthnRequestAuthenticationProvider(Saml2IdpEventPublisher eventPublisher, AuthnRequestValidator signatureValidator, AuthnRequestValidator assertionConsumerServiceValidator, AuthnRequestValidator replayValidator, AuthnRequestValidator encryptCapabilitiesValidator, List<RequestedAttributeProcessor> requestedAttributesProcessors, NameIDGeneratorFactory nameIDGeneratorFactory, Saml2ServiceProviderFilter serviceProviderFilter, SignatureMessageExtensionExtractor signatureMessageExtensionExtractor, PrincipalSelectionProcessor principalSelectionProcessor) Constructor. SeeSaml2AuthnRequestAuthenticationProviderConfigurerfor how to configuration and setup.- Parameters:
eventPublisher- the event publishersignatureValidator- the signature validator to useassertionConsumerServiceValidator- validator checking the AssertionConsumerServicereplayValidator- for protecting against replay attacksencryptCapabilitiesValidator- validator asserting that we can encrypt assertionsrequestedAttributesProcessors- extracts the requested attributesnameIDGeneratorFactory- theNameIDGeneratorFactoryto use when creating aNameIDGeneratorinstanceserviceProviderFilter- filter for checking whether an SP is acceptablesignatureMessageExtensionExtractor- extracts theSignMessageextension (may benull)principalSelectionProcessor- extracts thePrincipalSelectionattribute values (may benull)
-
-
Method Details
-
authenticate
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException - Specified by:
authenticatein interfaceorg.springframework.security.authentication.AuthenticationProvider- Throws:
org.springframework.security.core.AuthenticationException
-
supports
SupportsSaml2AuthnRequestAuthenticationToken.- Specified by:
supportsin interfaceorg.springframework.security.authentication.AuthenticationProvider
-
setSignatureMessagePreprocessor
public void setSignatureMessagePreprocessor(SignatureMessagePreprocessor signatureMessagePreprocessor) Assigns aSignatureMessagePreprocessorfor preparing the sign message for display.- Parameters:
signatureMessagePreprocessor- aSignatureMessagePreprocessor
-
setUserMessagePreprocessor
Assigns aUserMessagePreprocessorfor preparing the user messages for display.- Parameters:
userMessagePreprocessor- aUserMessagePreprocessor
-
createAuthenticationRequirements
protected AuthenticationRequirements createAuthenticationRequirements(Saml2AuthnRequestAuthenticationToken token) throws Saml2ErrorStatusException, UnrecoverableSaml2IdpException Creates anAuthenticationRequirementsobject.- Parameters:
token- the input token- Returns:
- an
AuthenticationRequirementsobject - Throws:
Saml2ErrorStatusException- for errors that should be reported backUnrecoverableSaml2IdpException- for unrecoverable errors
-
extractRequestedAttributes
protected Collection<RequestedAttribute> extractRequestedAttributes(Saml2AuthnRequestAuthenticationToken authnRequestToken) Extracts the requested attributes by invoking the configuredRequestedAttributeProcessors.- Parameters:
authnRequestToken- the input token- Returns:
- a
CollectionofRequestedAttributes
-