Package org.jenkinsci.plugins.saml

Class SamlSecurityRealm

java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
org.jenkinsci.plugins.saml.SamlSecurityRealm
All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>
public class SamlSecurityRealm extends SecurityRealm
Authenticates the user via SAML. This class is the main entry point to the plugin. Uses Stapler (stapler.kohsuke.org) to bind methods to URLs.
See Also:

  • Field Details

  • Constructor Details

    • SamlSecurityRealm

      @DataBoundConstructor public SamlSecurityRealm(IdpMetadataConfiguration idpMetadataConfiguration, String displayNameAttributeName, String groupsAttributeName, Integer maximumAuthenticationLifetime, String usernameAttributeName, String emailAttributeName, String logoutUrl, SamlAdvancedConfiguration advancedConfiguration, SamlEncryptionData encryptionData, String usernameCaseConversion, String binding, List<AttributeEntry> samlCustomAttributes) throws IOException
      Jenkins passes these parameters in when you update the settings. It does this because of the @DataBoundConstructor.
      Parameters:
      idpMetadataConfiguration - How to obtain the IdP Metadata configuration.
      displayNameAttributeName - attribute that has the displayname
      groupsAttributeName - attribute that has the groups
      maximumAuthenticationLifetime - maximum time that an identification it is valid
      usernameAttributeName - attribute that has the username
      emailAttributeName - attribute that has the email
      logoutUrl - optional URL to redirect on logout
      advancedConfiguration - advanced configuration settings
      encryptionData - encryption configuration settings
      usernameCaseConversion - username case sensitive settings
      binding - SAML binding method.
      samlCustomAttributes - Custom Attributes to read from the SAML Responsse.
      Throws:
      IOException - if it is not possible to write the IdP metadata file.

  • Method Details

    • readResolve

      public Object readResolve()

    • allowsSignup

      public boolean allowsSignup()
      Overrides:
      allowsSignup in class SecurityRealm

    • createSecurityComponents

      public SecurityRealm.SecurityComponents createSecurityComponents()
      Specified by:
      createSecurityComponents in class SecurityRealm

    • getLoginUrl

      public String getLoginUrl()
      Overrides:
      getLoginUrl in class SecurityRealm

    • doCommenceLogin

      public org.kohsuke.stapler.HttpResponse doCommenceLogin(org.kohsuke.stapler.StaplerRequest2 request, org.kohsuke.stapler.StaplerResponse2 response, @QueryParameter String from, @Header("Referer") String referer)
      /securityRealm/commenceLogin
      Parameters:
      request - http request.
      response - http response.
      referer - referer.
      from - http request "from" parameter.
      Returns:
      the http response.

    • doFinishLogin

      public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest2 request, org.kohsuke.stapler.StaplerResponse2 response)
      /securityRealm/finishLogin
      Parameters:
      request - http request.
      response - http response.
      Returns:
      the http response.

    • doMetadata

      public org.kohsuke.stapler.HttpResponse doMetadata(org.kohsuke.stapler.StaplerRequest2 request, org.kohsuke.stapler.StaplerResponse2 response)
      /securityRealm/metadata

      URL request service method to expose the SP metadata to the user so that they can configure their IdP.

      Parameters:
      request - http request.
      response - http response.
      Returns:
      the http response.

    • getPostLogOutUrl2

      protected String getPostLogOutUrl2(org.kohsuke.stapler.StaplerRequest2 req, @NonNull org.springframework.security.core.Authentication auth)
      Overrides:
      getPostLogOutUrl2 in class SecurityRealm
      See Also:

    • doLogout

      public void doLogout(org.kohsuke.stapler.StaplerRequest2 req, org.kohsuke.stapler.StaplerResponse2 rsp) throws IOException, jakarta.servlet.ServletException
      Overrides:
      doLogout in class SecurityRealm
      Throws:
      IOException
      jakarta.servlet.ServletException

    • loadGroupByGroupname2

      public GroupDetails loadGroupByGroupname2(String groupname, boolean fetchMembers) throws org.springframework.security.core.userdetails.UsernameNotFoundException
      This method is overwritten due to SAML has no way to retrieve the members of a Group and this cause issues on some Authorization plugins. Because of that we have to implement SamlGroupDetails
      Overrides:
      loadGroupByGroupname2 in class SecurityRealm
      Throws:
      org.springframework.security.core.userdetails.UsernameNotFoundException

    • getSamlPluginConfig

      public SamlPluginConfig getSamlPluginConfig()
      Returns:
      plugin configuration parameters.

    • getUsernameAttributeName

      public String getUsernameAttributeName()

    • getDisplayNameAttributeName

      public String getDisplayNameAttributeName()

    • getGroupsAttributeName

      public String getGroupsAttributeName()

    • getMaximumAuthenticationLifetime

      public Integer getMaximumAuthenticationLifetime()

    • getAdvancedConfiguration

      public SamlAdvancedConfiguration getAdvancedConfiguration()

    • getBinding

      public String getBinding()

    • getEncryptionData

      public SamlEncryptionData getEncryptionData()

    • getUsernameCaseConversion

      public String getUsernameCaseConversion()

    • getEmailAttributeName

      public String getEmailAttributeName()

    • getLogoutUrl

      public String getLogoutUrl()

    • getIdpMetadataConfiguration

      public IdpMetadataConfiguration getIdpMetadataConfiguration()

    • getSamlCustomAttributes

      @NonNull public List<AttributeEntry> getSamlCustomAttributes()

    • setSamlCustomAttribute

      public void setSamlCustomAttribute(List<AttributeEntry> samlCustomAttributes)

    • toString

      public String toString()
      Overrides:
      toString in class Object