Module org.elasticsearch.security
Class SamlRealm
java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.saml.SamlRealm
- All Implemented Interfaces:
Closeable,AutoCloseable,Comparable<Realm>,Releasable
This class is
Releasable because it uses a library that thinks timers and timer tasks
are still cool and no chance to opt out-
Nested Class Summary
Nested classes/interfaces inherited from class org.elasticsearch.xpack.core.security.authc.Realm
Realm.Factory -
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener) org.opensaml.saml.saml2.core.AuthnRequeststatic List<org.opensaml.security.x509.X509Credential> buildEncryptionCredential(RealmConfig config) org.opensaml.saml.saml2.core.LogoutRequestbuildLogoutRequest(org.opensaml.saml.saml2.core.NameID nameId, String session) Creates a SAMLSingle LogOut requestfor the provided session, if the realm and IdP configuration support SLO.org.opensaml.saml.saml2.core.LogoutResponsebuildLogoutResponse(String inResponseTo) Creates a SAMLLogoutResponseto the provided requestIDstatic SigningConfigurationbuildSigningConfiguration(RealmConfig config) voidclose()static SamlRealmcreate(RealmConfig config, ThreadPool threadPool, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper roleMapper, SpConfiguration serviceProvider) Factory for SAML realm.createTokenMetadata(SamlNameId nameId, String session, String inResponseTo) findSamlRealms(Realms realms, String realmName, String acsUrl) voidinitialize(Iterable<Realm> realms, XPackLicenseState licenseState) voidlookupUser(String username, ActionListener<User> listener) booleansupports(AuthenticationToken token) token(ThreadContext threadContext) Always returnsnullas there is no support for reading a SAML token out of a requestMethods inherited from class org.elasticsearch.xpack.core.security.authc.Realm
compareTo, getAuthenticationFailureHeaders, name, order, realmRef, setRealmRef, toString, type, usageStats
-
Field Details
-
USER_METADATA_NAMEID_VALUE
- See Also:
-
USER_METADATA_NAMEID_FORMAT
- See Also:
-
CONTEXT_TOKEN_DATA
- See Also:
-
TOKEN_METADATA_NAMEID_VALUE
- See Also:
-
TOKEN_METADATA_NAMEID_FORMAT
- See Also:
-
TOKEN_METADATA_NAMEID_QUALIFIER
- See Also:
-
TOKEN_METADATA_NAMEID_SP_QUALIFIER
- See Also:
-
TOKEN_METADATA_NAMEID_SP_PROVIDED_ID
- See Also:
-
TOKEN_METADATA_SESSION
- See Also:
-
TOKEN_METADATA_IN_RESPONSE_TO
- See Also:
-
TOKEN_METADATA_REALM
- See Also:
-
PRIVATE_ATTRIBUTES_METADATA
- See Also:
-
-
Method Details
-
create
public static SamlRealm create(RealmConfig config, ThreadPool threadPool, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper roleMapper, SpConfiguration serviceProvider) throws Exception Factory for SAML realm. This is not a constructor as it needs to initialise a number of components before delegating toSamlRealm(org.elasticsearch.xpack.core.security.authc.RealmConfig, org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper, org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator, org.elasticsearch.xpack.security.authc.saml.SamlLogoutRequestHandler, org.elasticsearch.xpack.security.authc.saml.SamlLogoutResponseHandler, java.util.function.Supplier<org.opensaml.saml.saml2.metadata.EntityDescriptor>, org.elasticsearch.xpack.security.authc.saml.SpConfiguration, org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings.UserAttributeNameConfiguration)- Throws:
Exception
-
getServiceProvider
-
initialize
- Overrides:
initializein classRealm
-
buildEncryptionCredential
public static List<org.opensaml.security.x509.X509Credential> buildEncryptionCredential(RealmConfig config) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
buildSigningConfiguration
public static SigningConfiguration buildSigningConfiguration(RealmConfig config) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
findSamlRealms
-
supports
-
token
Always returnsnullas there is no support for reading a SAML token out of a request -
authenticate
public void authenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener) - Specified by:
authenticatein classRealm
-
createTokenMetadata
-
lookupUser
- Specified by:
lookupUserin classRealm
-
close
public void close()- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Specified by:
closein interfaceReleasable
-
serviceProviderEntityId
-
assertionConsumerServiceURL
-
buildAuthenticationRequest
public org.opensaml.saml.saml2.core.AuthnRequest buildAuthenticationRequest() -
buildLogoutRequest
public org.opensaml.saml.saml2.core.LogoutRequest buildLogoutRequest(org.opensaml.saml.saml2.core.NameID nameId, String session) Creates a SAMLSingle LogOut requestfor the provided session, if the realm and IdP configuration support SLO. Otherwise returnsnull- See Also:
-
buildLogoutResponse
Creates a SAMLLogoutResponseto the provided requestID -
getSigningConfiguration
-
getLogoutHandler
-
getLogoutResponseHandler
-