Module iu.util.auth

Package edu.iu.auth.saml

Interface IuSamlSessionVerifier

public interface IuSamlSessionVerifier

SAML session verifier interface

Method Summary

Modifier and Type	Method	Description
static IuSamlSessionVerifier	create(URI postUri)	Creates a new IuSamlSessionVerifier for managing interactions with a locally deployed Service Provider.
IuPrincipalIdentity	getPrincipalIdentity(IuSession preAuthSession, IuSession postAuthSession)	Gets the authenticated SAML principal.
URI	initRequest(IuSession session, URI returnUri)	Initiate request using session and return Location URI for the configured Identity Provider with the appropriate SAML SAMLRequest and RelayState HTTP query parameters.
URI	verifyResponse(IuSession session, String remoteAddr, String samlResponse, String relayState)	Decodes a SAML Response, performs Subject Confirmation validation logic, and validates assertions to authenticate a IuPrincipalIdentity as valid for the local Service Provider.

Method Details

create

static IuSamlSessionVerifier create(URI postUri)

Creates a new IuSamlSessionVerifier for managing interactions with a locally deployed Service Provider.

Parameters:

postUri - HTTP POST Binding URI

Returns:

IuSamlSessionVerifier

initRequest

URI initRequest(IuSession session,
 URI returnUri)

Initiate request using session and return Location URI for the configured Identity Provider with the appropriate SAML SAMLRequest and RelayState HTTP query parameters.

Parameters:

session - session

returnUri - return URI

Returns:

URI

verifyResponse

URI verifyResponse(IuSession session,
 String remoteAddr,
 String samlResponse,
 String relayState)
            throws IuAuthenticationException

Decodes a SAML Response, performs Subject Confirmation validation logic, and validates assertions to authenticate a IuPrincipalIdentity as valid for the local Service Provider.

Parameters:

session - session

remoteAddr - IP address to validate against allowed list

samlResponse - SAML response that received back from identity provider after user has been authenticate

relayState - state value that received back from identity provider after successful authentication.

Returns:

returnUri from related initRequest(IuSession, URI)

Throws:

IuAuthenticationException - when relay state is invalid or verification failed

getPrincipalIdentity

IuPrincipalIdentity getPrincipalIdentity(IuSession preAuthSession,
 IuSession postAuthSession)
                                  throws IuAuthenticationException

Gets the authenticated SAML principal.

Parameters:

preAuthSession - session used with verifyResponse(IuSession, String, String, String); null if authentication handshake is already complete

postAuthSession - session to bind principal attributes after completing authentication handshake

Returns:

IuPrincipalIdentity; will include at least one IuSamlAssertion in its subject's public credentials.

Throws:

IuAuthenticationException - If not authenticated or authentication has expired