Module org.elasticsearch.security
Class SamlObjectHandler
java.lang.Object
org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler
- Direct Known Subclasses:
SamlLogoutRequestHandler,SamlResponseHandler
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final org.opensaml.saml.saml2.encryption.Decrypterprotected final org.apache.logging.log4j.Loggerprotected static final String -
Constructor Summary
ConstructorsConstructorDescriptionSamlObjectHandler(Clock clock, org.elasticsearch.xpack.security.authc.saml.IdpConfiguration idp, SpConfiguration sp, org.elasticsearch.core.TimeValue maxSkew) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidcheckIdpSignature(org.elasticsearch.core.CheckedFunction<org.opensaml.security.credential.Credential, Boolean, Exception> check, String signatureText, org.opensaml.saml.saml2.core.Issuer issuer) Tests whether the provided function returnstruefor any of the IdP's signing credentials.protected voidcheckIssuer(org.opensaml.saml.saml2.core.Issuer issuer, org.opensaml.core.xml.XMLObject parent) protected byte[]decodeBase64(String content) protected static Stringdescribe(X509Certificate certificate) protected static Stringdescribe(Collection<org.opensaml.security.x509.X509Credential> credentials) protected SpConfigurationprotected static byte[]inflate(byte[] bytes) protected longprotected Instantnow()protected org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler.ParsedQueryStringparseQueryStringAndValidateSignature(String queryString, String samlMessageParameterName) protected ElementparseSamlMessage(byte[] content) protected static Stringtext(org.opensaml.core.xml.XMLObject xml, int length) protected static Stringtext(org.opensaml.core.xml.XMLObject xml, int prefixLength, int suffixLength) protected voidvalidateNotOnOrAfter(Instant notOnOrAfter)
-
Field Details
-
SAML_NAMESPACE
- See Also:
-
logger
protected final org.apache.logging.log4j.Logger logger -
decrypter
@Nullable protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter
-
-
Constructor Details
-
SamlObjectHandler
public SamlObjectHandler(Clock clock, org.elasticsearch.xpack.security.authc.saml.IdpConfiguration idp, SpConfiguration sp, org.elasticsearch.core.TimeValue maxSkew)
-
-
Method Details
-
getSpConfiguration
-
describe
-
describe
-
checkIdpSignature
protected void checkIdpSignature(org.elasticsearch.core.CheckedFunction<org.opensaml.security.credential.Credential, Boolean, Exception> check, String signatureText, @Nullable org.opensaml.saml.saml2.core.Issuer issuer) Tests whether the provided function returnstruefor any of the IdP's signing credentials.- Throws:
ElasticsearchSecurityException- - A SAML exception if no matching credential is found.
-
checkIssuer
protected void checkIssuer(org.opensaml.saml.saml2.core.Issuer issuer, org.opensaml.core.xml.XMLObject parent) -
maxSkewInMillis
protected long maxSkewInMillis() -
now
-
text
-
text
protected static String text(org.opensaml.core.xml.XMLObject xml, int prefixLength, int suffixLength) -
parseSamlMessage
-
validateNotOnOrAfter
-
parseQueryStringAndValidateSignature
-
decodeBase64
-
inflate
protected static byte[] inflate(byte[] bytes)
-