Package org.jenkinsci.plugins.saml

Class SamlSecurityRealm

    • Constructor Detail

      • SamlSecurityRealm

        @DataBoundConstructor
public SamlSecurityRealm​(IdpMetadataConfiguration idpMetadataConfiguration,
                         String displayNameAttributeName,
                         String groupsAttributeName,
                         Integer maximumAuthenticationLifetime,
                         String usernameAttributeName,
                         String emailAttributeName,
                         String logoutUrl,
                         SamlAdvancedConfiguration advancedConfiguration,
                         SamlEncryptionData encryptionData,
                         String usernameCaseConversion,
                         String binding,
                         List<AttributeEntry> samlCustomAttributes)
                  throws IOException
        Jenkins passes these parameters in when you update the settings. It does this because of the @DataBoundConstructor.
        Parameters:
        idpMetadataConfiguration - How to obtain the IdP Metadata configuration.
        displayNameAttributeName - attribute that has the displayname
        groupsAttributeName - attribute that has the groups
        maximumAuthenticationLifetime - maximum time that an identification it is valid
        usernameAttributeName - attribute that has the username
        emailAttributeName - attribute that has the email
        logoutUrl - optional URL to redirect on logout
        advancedConfiguration - advanced configuration settings
        encryptionData - encryption configuration settings
        usernameCaseConversion - username case sensitive settings
        binding - SAML binding method.
        samlCustomAttributes - Custom Attributes to read from the SAML Responsse.
        Throws:
        IOException - if it is not possible to write the IdP metadata file.

    • Method Detail

      • readResolve

        public Object readResolve()

      • doCommenceLogin

        public org.kohsuke.stapler.HttpResponse doCommenceLogin​(org.kohsuke.stapler.StaplerRequest request,
                                                        org.kohsuke.stapler.StaplerResponse response,
                                                        @QueryParameter
                                                        String from,
                                                        @Header("Referer")
                                                        String referer)
        /securityRealm/commenceLogin
        Parameters:
        request - http request.
        response - http response.
        referer - referer.
        from - http request "from" parameter.
        Returns:
        the http response.

      • doFinishLogin

        public org.kohsuke.stapler.HttpResponse doFinishLogin​(org.kohsuke.stapler.StaplerRequest request,
                                                      org.kohsuke.stapler.StaplerResponse response)
        /securityRealm/finishLogin
        Parameters:
        request - http request.
        response - http response.
        Returns:
        the http response.

      • doMetadata

        public org.kohsuke.stapler.HttpResponse doMetadata​(org.kohsuke.stapler.StaplerRequest request,
                                                   org.kohsuke.stapler.StaplerResponse response)
        /securityRealm/metadata

        URL request service method to expose the SP metadata to the user so that they can configure their IdP.

        Parameters:
        request - http request.
        response - http response.
        Returns:
        the http response.

      • doLogout

        public void doLogout​(org.kohsuke.stapler.StaplerRequest req,
                     org.kohsuke.stapler.StaplerResponse rsp)
              throws IOException,
                     javax.servlet.ServletException
        Overrides:
        doLogout in class SecurityRealm
        Throws:
        IOException
        javax.servlet.ServletException

      • loadGroupByGroupname2

        public GroupDetails loadGroupByGroupname2​(String groupname,
                                          boolean fetchMembers)
                                   throws org.springframework.security.core.userdetails.UsernameNotFoundException
        This method is overwritten due to SAML has no way to retrieve the members of a Group and this cause issues on some Authorization plugins. Because of that we have to implement SamlGroupDetails
        Overrides:
        loadGroupByGroupname2 in class SecurityRealm
        Throws:
        org.springframework.security.core.userdetails.UsernameNotFoundException

      • getSamlPluginConfig

        public SamlPluginConfig getSamlPluginConfig()
        Returns:
        plugin configuration parameters.

      • getUsernameAttributeName

        public String getUsernameAttributeName()

      • getDisplayNameAttributeName

        public String getDisplayNameAttributeName()

      • getGroupsAttributeName

        public String getGroupsAttributeName()

      • getMaximumAuthenticationLifetime

        public Integer getMaximumAuthenticationLifetime()

      • getBinding

        public String getBinding()

      • getUsernameCaseConversion

        public String getUsernameCaseConversion()

      • getEmailAttributeName

        public String getEmailAttributeName()

      • getLogoutUrl

        public String getLogoutUrl()

      • getSamlCustomAttributes

        @NonNull
public List<AttributeEntry> getSamlCustomAttributes()

      • setSamlCustomAttribute

        public void setSamlCustomAttribute​(List<AttributeEntry> samlCustomAttributes)