java.lang.Object
org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler
Direct Known Subclasses:
SamlLogoutRequestHandler, SamlResponseHandler

public class SamlObjectHandler extends Object
  • Field Details

    • SAML_NAMESPACE

      protected static final String SAML_NAMESPACE
      See Also:
    • logger

      protected final org.apache.logging.log4j.Logger logger
    • decrypter

      @Nullable protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter
  • Constructor Details

    • SamlObjectHandler

      public SamlObjectHandler(Clock clock, org.elasticsearch.xpack.security.authc.saml.IdpConfiguration idp, SpConfiguration sp, org.elasticsearch.core.TimeValue maxSkew)
  • Method Details

    • getSpConfiguration

      protected SpConfiguration getSpConfiguration()
    • describe

      protected static String describe(X509Certificate certificate)
    • describe

      protected static String describe(Collection<org.opensaml.security.x509.X509Credential> credentials)
    • checkIdpSignature

      protected void checkIdpSignature(org.elasticsearch.core.CheckedFunction<org.opensaml.security.credential.Credential,Boolean,Exception> check, String signatureText, @Nullable org.opensaml.saml.saml2.core.Issuer issuer)
      Tests whether the provided function returns true for any of the IdP's signing credentials.
      Throws:
      ElasticsearchSecurityException - - A SAML exception if no matching credential is found.
    • checkIssuer

      protected void checkIssuer(org.opensaml.saml.saml2.core.Issuer issuer, org.opensaml.core.xml.XMLObject parent)
    • maxSkewInMillis

      protected long maxSkewInMillis()
    • now

      protected Instant now()
    • text

      protected static String text(org.opensaml.core.xml.XMLObject xml, int length)
    • text

      protected static String text(org.opensaml.core.xml.XMLObject xml, int prefixLength, int suffixLength)
    • parseSamlMessage

      protected Element parseSamlMessage(byte[] content)
    • validateNotOnOrAfter

      protected void validateNotOnOrAfter(Instant notOnOrAfter)
    • parseQueryStringAndValidateSignature

      protected org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler.ParsedQueryString parseQueryStringAndValidateSignature(String queryString, String samlMessageParameterName)
    • decodeBase64

      protected byte[] decodeBase64(String content)
    • inflate

      protected static byte[] inflate(byte[] bytes)