keycloak-scim/docs/guides/securing-apps/partials/saml/assertion-api.adoc

108 lines
2.2 KiB
Text
Raw Normal View History

2016-06-02 16:07:45 +00:00
== Obtaining assertion attributes
2016-06-02 16:07:45 +00:00
2016-06-02 21:33:28 +00:00
After a successful SAML login, your application code may want to obtain attribute values passed with the SAML assertion.
2017-08-28 12:50:14 +00:00
`HttpServletRequest.getUserPrincipal()` returns a `Principal` object that you can typecast into a {project_name} specific class
2016-06-02 21:33:28 +00:00
called `org.keycloak.adapters.saml.SamlPrincipal`.
2016-06-02 16:07:45 +00:00
This object allows you to look at the raw assertion and also has convenience functions to look up attribute values.
[source,java]
----
package org.keycloak.adapters.saml;
public class SamlPrincipal implements Serializable, Principal {
/**
* Get full saml assertion
*
* @return
*/
public AssertionType getAssertion() {
...
}
/**
* Get SAML subject sent in assertion
*
* @return
*/
public String getSamlSubject() {
...
}
/**
* Subject nameID format
*
* @return
*/
public String getNameIDFormat() {
...
}
@Override
public String getName() {
...
}
/**
* Convenience function that gets Attribute value by attribute name
*
* @param name
* @return
*/
public List<String> getAttributes(String name) {
...
}
/**
* Convenience function that gets Attribute value by attribute friendly name
*
* @param friendlyName
* @return
*/
public List<String> getFriendlyAttributes(String friendlyName) {
...
}
/**
* Convenience function that gets first value of an attribute by attribute name
*
* @param name
* @return
*/
public String getAttribute(String name) {
...
}
/**
* Convenience function that gets first value of an attribute by attribute name
*
*
* @param friendlyName
* @return
*/
public String getFriendlyAttribute(String friendlyName) {
...
}
/**
* Get set of all assertion attribute names
*
* @return
*/
public Set<String> getAttributeNames() {
...
}
/**
* Get set of all assertion friendly attribute names
*
* @return
*/
public Set<String> getFriendlyNames() {
...
}
}
----