Module org.elasticsearch.security
Class SamlRealm
java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.saml.SamlRealm
- All Implemented Interfaces:
Closeable,AutoCloseable,Comparable<Realm>,org.elasticsearch.core.Releasable
This class is
Releasable because it uses a library that thinks timers and timer tasks
are still cool and no chance to opt out-
Nested Class Summary
Nested classes/interfaces inherited from class org.elasticsearch.xpack.core.security.authc.Realm
Realm.Factory -
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener) org.opensaml.saml.saml2.core.AuthnRequeststatic List<org.opensaml.security.x509.X509Credential> buildEncryptionCredential(RealmConfig config) org.opensaml.saml.saml2.core.LogoutRequestbuildLogoutRequest(org.opensaml.saml.saml2.core.NameID nameId, String session) Creates a SAMLSingle LogOut requestfor the provided session, if the realm and IdP configuration support SLO.org.opensaml.saml.saml2.core.LogoutResponsebuildLogoutResponse(String inResponseTo) Creates a SAMLLogoutResponseto the provided requestIDstatic SigningConfigurationbuildSigningConfiguration(RealmConfig config) voidclose()static SamlRealmcreate(RealmConfig config, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper roleMapper, SpConfiguration serviceProvider) Factory for SAML realm.createTokenMetadata(SamlNameId nameId, String session) findSamlRealms(Realms realms, String realmName, String acsUrl) voidinitialize(Iterable<Realm> realms, XPackLicenseState licenseState) voidlookupUser(String username, ActionListener<User> listener) booleansupports(AuthenticationToken token) token(ThreadContext threadContext) Always returnsnullas there is no support for reading a SAML token out of a requestMethods inherited from class org.elasticsearch.xpack.core.security.authc.Realm
compareTo, getAuthenticationFailureHeaders, name, order, realmRef, setRealmRef, toString, type, usageStats
-
Field Details
-
USER_METADATA_NAMEID_VALUE
- See Also:
-
USER_METADATA_NAMEID_FORMAT
- See Also:
-
CONTEXT_TOKEN_DATA
- See Also:
-
TOKEN_METADATA_NAMEID_VALUE
- See Also:
-
TOKEN_METADATA_NAMEID_FORMAT
- See Also:
-
TOKEN_METADATA_NAMEID_QUALIFIER
- See Also:
-
TOKEN_METADATA_NAMEID_SP_QUALIFIER
- See Also:
-
TOKEN_METADATA_NAMEID_SP_PROVIDED_ID
- See Also:
-
TOKEN_METADATA_SESSION
- See Also:
-
TOKEN_METADATA_REALM
- See Also:
-
-
Method Details
-
create
public static SamlRealm create(RealmConfig config, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper roleMapper, SpConfiguration serviceProvider) throws Exception Factory for SAML realm. This is not a constructor as it needs to initialise a number of components before delegating toSamlRealm(org.elasticsearch.xpack.core.security.authc.RealmConfig, org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper, org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator, org.elasticsearch.xpack.security.authc.saml.SamlLogoutRequestHandler, org.elasticsearch.xpack.security.authc.saml.SamlLogoutResponseHandler, java.util.function.Supplier<org.opensaml.saml.saml2.metadata.EntityDescriptor>, org.elasticsearch.xpack.security.authc.saml.SpConfiguration, org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings.UserAttributeNameConfiguration)- Throws:
Exception
-
getServiceProvider
-
initialize
- Overrides:
initializein classRealm
-
buildEncryptionCredential
public static List<org.opensaml.security.x509.X509Credential> buildEncryptionCredential(RealmConfig config) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
buildSigningConfiguration
public static SigningConfiguration buildSigningConfiguration(RealmConfig config) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
findSamlRealms
-
supports
-
token
Always returnsnullas there is no support for reading a SAML token out of a request -
authenticate
public void authenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener) - Specified by:
authenticatein classRealm
-
createTokenMetadata
-
lookupUser
- Specified by:
lookupUserin classRealm
-
close
public void close()- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Specified by:
closein interfaceorg.elasticsearch.core.Releasable
-
serviceProviderEntityId
-
assertionConsumerServiceURL
-
buildAuthenticationRequest
public org.opensaml.saml.saml2.core.AuthnRequest buildAuthenticationRequest() -
buildLogoutRequest
public org.opensaml.saml.saml2.core.LogoutRequest buildLogoutRequest(org.opensaml.saml.saml2.core.NameID nameId, String session) Creates a SAMLSingle LogOut requestfor the provided session, if the realm and IdP configuration support SLO. Otherwise returnsnull- See Also:
-
buildLogoutResponse
Creates a SAMLLogoutResponseto the provided requestID -
getSigningConfiguration
-
getLogoutHandler
-
getLogoutResponseHandler
-