2016-02-03 10:20:22 +00:00
|
|
|
<!--
|
|
|
|
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
|
|
|
~ and other contributors as indicated by the @author tags.
|
|
|
|
|
~
|
|
|
|
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
~ you may not use this file except in compliance with the License.
|
|
|
|
|
~ You may obtain a copy of the License at
|
|
|
|
|
~
|
|
|
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
~
|
|
|
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
~ See the License for the specific language governing permissions and
|
|
|
|
|
~ limitations under the License.
|
|
|
|
|
-->
|
|
|
|
|
|
2015-11-25 14:52:11 +00:00
|
|
|
<chapter id="assertions">
|
|
|
|
|
<title>Obtaining Assertion Attributes</title>
|
|
|
|
|
<para>
|
|
|
|
|
After a successful SAML login, your application code may want to obtain attribute values passed with the SAML assertion.
|
|
|
|
|
<literal>HttpServletRequest.getUserPrincipal</literal> returns a Principal object that you can typecast into a
|
|
|
|
|
Keycloak specific class called <literal>org.keycloak.adapters.saml.SamlPrincipal</literal>. This object allows
|
|
|
|
|
you to look at the raw assertion and also has convenience functions to look up attribute values.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
<programlisting><![CDATA[
|
|
|
|
|
package org.keycloak.adapters.saml;
|
|
|
|
|
|
|
|
|
|
public class SamlPrincipal implements Serializable, Principal {
|
|
|
|
|
/**
|
|
|
|
|
* Get full saml assertion
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public AssertionType getAssertion() {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get SAML subject sent in assertion
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public String getSamlSubject() {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Subject nameID format
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public String getNameIDFormat() {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public String getName() {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Convenience function that gets Attribute value by attribute name
|
|
|
|
|
*
|
|
|
|
|
* @param name
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public List<String> getAttributes(String name) {
|
|
|
|
|
...
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Convenience function that gets Attribute value by attribute friendly name
|
|
|
|
|
*
|
|
|
|
|
* @param friendlyName
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public List<String> getFriendlyAttributes(String friendlyName) {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Convenience function that gets first value of an attribute by attribute name
|
|
|
|
|
*
|
|
|
|
|
* @param name
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public String getAttribute(String name) {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Convenience function that gets first value of an attribute by attribute name
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param friendlyName
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public String getFriendlyAttribute(String friendlyName) {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get set of all assertion attribute names
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public Set<String> getAttributeNames() {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get set of all assertion friendly attribute names
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
public Set<String> getFriendlyNames() {
|
|
|
|
|
...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]]>
|
|
|
|
|
</programlisting>
|
|
|
|
|
</para>
|
|
|
|
|
</chapter>
|
