com.pega.pegarules.pub.util

Interface SAMLUtils

public interface SAMLUtils

This interface contains utility methods for SAML WebSSO profile Can have SAML version specific implementers e.g SAML2

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	VERSION

Method Summary

Modifier and Type	Method and Description
org.opensaml.saml2.core.AuthnRequest	createAuthenticationRequest(ClipboardPage samlSSOConfigPage) Generates the SAML Authentication Request from the given input ClipboardPage of "Data-Admin-Security-SSO-SAML" The input ClipboardPage should contain values for the below properties : pyIssuer - Issuer or entity ID pyIDPSSOServiceLocation - IDP's Single Sign On Service endpoint pyProtocolBinding - IDP's Response binding protocol pyAssertionConsumerServiceURL - Assertion Consumer Service URL pyIsSigningDisabled, pyKeystore, pySignatureUser, pySignaturePassword - For signing information
org.opensaml.saml2.core.LogoutRequest	createLogoutRequest(ClipboardPage samlSSOConfigPage) Generates the SAML Logout Request from the given input ClipboardPage of "Data-Admin-Security-SSO-SAML"
org.opensaml.saml2.core.LogoutResponse	createLogoutResponse(ClipboardPage samlSSOConfigPage, java.lang.String logoutRequestString) Generates the SAML Logout Response from the given input ClipboardPage of "Data-Admin-Security-SSO-SAML"
java.lang.String	createSPmetadataServiceURL(ClipboardPage authServicePage) gets the sp meta data url
void	deleteSAMLSessionInfoRecord() Delete current SAML session info record from DB
void	deleteSSOInstances(java.lang.String className, java.util.Map<java.lang.String,java.lang.String> propMap) Delete the sso data instances for a given prop map
java.lang.String	generateArtifactId(ClipboardPage samlSSOConfigPage) Method which generates the ArtifactId for the given SAMLObject
java.lang.String	generateArtifactResolveRequest(java.lang.String artifactIdString, ClipboardPage samlSSOConfigPage) Generates the ArtifactResolveRequest based on the artifactString and the details available on clipboard page
java.lang.String	generateRedirectURL(java.lang.String endpoint, org.opensaml.common.SAMLObject samlObject, ClipboardPage samlSSOConfigPage, java.lang.String relayState) Method which generates the Single logout redirect URL for response purpose
java.util.List<java.lang.String>	getAuthPoliciesList(java.lang.String aAuthServiceType)
java.lang.String	getInResponseToFromSamlResponse(java.lang.String samlResponse, ClipboardPage samlSSOConfigPage) Gets InResponseTo id from saml response
java.lang.String	getInResponseToIDFromLogoutResponse(java.lang.String logoutResponse) To get the InResponseTo Id value from the
java.lang.String	getSAMLObjectASString(org.opensaml.common.SAMLObject samlobject) Method which generates the string equivalent of the saml object
java.lang.String	getSecureRandomID() generate secure random id
java.lang.String	getSessionIdxFromLogoutRequest(java.lang.String logoutRequest) To get the Session Id value from the
ClipboardPage	getSSODataInstance(java.lang.String className, java.util.Map<java.lang.String,java.lang.String> propMap, java.util.Set<java.lang.String> propertyNames) Get the sso data instance for a given prop map
java.lang.String	processArtifactResolveRequest(java.lang.String artifactResolveReqString) Processes the ArtifactResolveRequest and returns ArtifactResponse uses the details available on clipboard page to process
java.lang.String	processArtifactResolveResponse(java.lang.String artifactRespString, ClipboardPage samlSSOConfigPage) Processes the response which comes in the form of a Artifact id and uses the details available on clipboard page to generate the SAML response
java.util.Map<java.lang.String,java.lang.Object>	processAuthenticationResponse(java.lang.String responseMessage, ClipboardPage samlSSOConfigPage) Process the SAML Authentication Response - Performs SAML Protocol validation, SAML Web SSO profile validation and prepares map of attribute values in received assertion
java.lang.String	processLogoutRequest(java.lang.String logoutRequest, ClipboardPage samlSSOConfigPage) Method to process the logout response and finds whether the response is valid or not
java.lang.String	processLogoutResponse(java.lang.String logoutResponse, ClipboardPage samlSSOConfigPage) Method to process the logout response and finds whether the response is valid or not
void	processSSOResponse(PublicAPI tools, ClipboardPage myServicePage) Process the SAML Authentication Response - Performs SAML Protocol validation and SAML Web SSO profile validation
void	purgeSAMLartifacts(java.lang.String className) Purges orphaned records of dedicated tables of PRPC SAML classes Invoked by agent pyCleanupWebSSO
boolean	validateMapping(ClipboardPage samlPage, PublicAPI aTools, java.lang.String samlPageName)

Field Detail

VERSION

static final java.lang.String VERSION

Method Detail

processSSOResponse

void processSSOResponse(PublicAPI tools,
                        ClipboardPage myServicePage)

Process the SAML Authentication Response - Performs SAML Protocol validation and SAML Web SSO profile validation

Parameters:

tools -

myServicePage -

createAuthenticationRequest

org.opensaml.saml2.core.AuthnRequest createAuthenticationRequest(ClipboardPage samlSSOConfigPage)

Generates the SAML Authentication Request from the given input ClipboardPage of "Data-Admin-Security-SSO-SAML" The input ClipboardPage should contain values for the below properties : pyIssuer - Issuer or entity ID pyIDPSSOServiceLocation - IDP's Single Sign On Service endpoint pyProtocolBinding - IDP's Response binding protocol pyAssertionConsumerServiceURL - Assertion Consumer Service URL pyIsSigningDisabled, pyKeystore, pySignatureUser, pySignaturePassword - For signing information

Parameters:

samlSSOConfigPage - a ClipboardPage of "Data-Admin-Security-SSO-SAML" class type

Returns:

A SAMLObject of type AuthnRequest

createLogoutRequest

org.opensaml.saml2.core.LogoutRequest createLogoutRequest(ClipboardPage samlSSOConfigPage)

Generates the SAML Logout Request from the given input ClipboardPage of "Data-Admin-Security-SSO-SAML"

Parameters:

samlSSOConfigPage - a ClipboardPage of "Data-Admin-Security-SSO-SAML" class type

Returns:

A SAMLObject of type AuthnRequest

createLogoutResponse

org.opensaml.saml2.core.LogoutResponse createLogoutResponse(ClipboardPage samlSSOConfigPage,
                                                            java.lang.String logoutRequestString)

Generates the SAML Logout Response from the given input ClipboardPage of "Data-Admin-Security-SSO-SAML"

Parameters:

samlSSOConfigPage - a ClipboardPage of "Data-Admin-Security-SSO-SAML" class type

logoutRequestString -

Returns:

A SAMLObject of type AuthnRequest

generateRedirectURL

java.lang.String generateRedirectURL(java.lang.String endpoint,
                                     org.opensaml.common.SAMLObject samlObject,
                                     ClipboardPage samlSSOConfigPage,
                                     java.lang.String relayState)

Method which generates the Single logout redirect URL for response purpose

Parameters:

endpoint -

samlObject -

samlSSOConfigPage - a ClipboardPage of "Data-Admin-Security-SSO-SAML" class type

relayState -

Returns:

A URL which is single logout redirect URL

getSAMLObjectASString

java.lang.String getSAMLObjectASString(org.opensaml.common.SAMLObject samlobject)

Method which generates the string equivalent of the saml object

Parameters:

samlobject -

Returns:

A URL which is single logout redirect URL

processAuthenticationResponse

java.util.Map<java.lang.String,java.lang.Object> processAuthenticationResponse(java.lang.String responseMessage,
                                                                               ClipboardPage samlSSOConfigPage)

Process the SAML Authentication Response - Performs SAML Protocol validation, SAML Web SSO profile validation and prepares map of attribute values in received assertion

Parameters:

responseMessage - Base64 + URL Encoded SAMLResponse

samlSSOConfigPage - a ClipboardPage of "Data-Admin-Security-SSO-SAML" class type

Returns:

A Map representing attributes in Assertion of SAML response

processLogoutResponse

java.lang.String processLogoutResponse(java.lang.String logoutResponse,
                                       ClipboardPage samlSSOConfigPage)

Method to process the logout response and finds whether the response is valid or not

Parameters:

logoutResponse - Base64 Encoded SAMLResponse

samlSSOConfigPage - the SAMLConfiguration Page

Returns:

String representing the processing result. Probable values are : 1) InvalidSignature : LogoutResponse signature verification failed. 2) InvalidInResponseToID : LogoutResponse InResponseTo ID does not match with the requested logout message. 3) InvalidStatus : Received an invalid LogoutResponse with status : *status* 4) Success : Received a valid LogoutResponse

processLogoutRequest

java.lang.String processLogoutRequest(java.lang.String logoutRequest,
                                      ClipboardPage samlSSOConfigPage)

Method to process the logout response and finds whether the response is valid or not

Parameters:

logoutRequest - Base64 Encoded

samlSSOConfigPage - the SAMLConfiguration Page

Returns:

String representing the processing result. Probable values are : 1) InvalidSignature : LogoutRequest signature verification failed. 2) InvalidSessionIndexID : Session ID does not match with the requested logout message. 3) Success : Received a valid LogoutRequest

getSessionIdxFromLogoutRequest

java.lang.String getSessionIdxFromLogoutRequest(java.lang.String logoutRequest)

To get the Session Id value from the

Parameters:

logoutRequest - string value

Returns:

SessionId as string

getInResponseToIDFromLogoutResponse

java.lang.String getInResponseToIDFromLogoutResponse(java.lang.String logoutResponse)

To get the InResponseTo Id value from the

Parameters:

logoutResponse - string value

Returns:

InResponseToID as string

generateArtifactResolveRequest

java.lang.String generateArtifactResolveRequest(java.lang.String artifactIdString,
                                                ClipboardPage samlSSOConfigPage)

Generates the ArtifactResolveRequest based on the artifactString and the details available on clipboard page

Parameters:

artifactIdString -

samlSSOConfigPage -

Returns:

ArtifactResolveRequest string

processArtifactResolveResponse

java.lang.String processArtifactResolveResponse(java.lang.String artifactRespString,
                                                ClipboardPage samlSSOConfigPage)

Processes the response which comes in the form of a Artifact id and uses the details available on clipboard page to generate the SAML response

Parameters:

artifactRespString -

samlSSOConfigPage -

Returns:

samlResponseStr

generateArtifactId

java.lang.String generateArtifactId(ClipboardPage samlSSOConfigPage)

Method which generates the ArtifactId for the given SAMLObject

Parameters:

samlSSOConfigPage - a ClipboardPage of "Data-Admin-Security-SSO-SAML" class type

Returns:

A URL which is single logout redirect URL

processArtifactResolveRequest

java.lang.String processArtifactResolveRequest(java.lang.String artifactResolveReqString)

Processes the ArtifactResolveRequest and returns ArtifactResponse uses the details available on clipboard page to process

Parameters:

artifactResolveReqString -

Returns:

samlResponseStr

createSPmetadataServiceURL

java.lang.String createSPmetadataServiceURL(ClipboardPage authServicePage)

gets the sp meta data url

Parameters:

authServicePage -

Returns:

URL

getInResponseToFromSamlResponse

java.lang.String getInResponseToFromSamlResponse(java.lang.String samlResponse,
                                                 ClipboardPage samlSSOConfigPage)

Gets InResponseTo id from saml response

Parameters:

samlResponse - response

samlSSOConfigPage -

Returns:

InResponseTo ID

purgeSAMLartifacts

void purgeSAMLartifacts(java.lang.String className)

Purges orphaned records of dedicated tables of PRPC SAML classes Invoked by agent pyCleanupWebSSO

Parameters:

className -

getSecureRandomID

java.lang.String getSecureRandomID()
                            throws java.security.NoSuchAlgorithmException

generate secure random id

Returns:

secure random id string

Throws:

java.security.NoSuchAlgorithmException

getSSODataInstance

ClipboardPage getSSODataInstance(java.lang.String className,
                                 java.util.Map<java.lang.String,java.lang.String> propMap,
                                 java.util.Set<java.lang.String> propertyNames)
                          throws DatabaseException

Get the sso data instance for a given prop map

Parameters:

className - : classname for which records to be retrieved

propMap - : keys for class

propertyNames - : names of the columns/properties that are to be retrieved from DB

Returns:

instance page

Throws:

DatabaseException

deleteSSOInstances

void deleteSSOInstances(java.lang.String className,
                        java.util.Map<java.lang.String,java.lang.String> propMap)

Delete the sso data instances for a given prop map

Parameters:

className - : classname for which records to be deleted

propMap - : keys for class

deleteSAMLSessionInfoRecord

void deleteSAMLSessionInfoRecord()

Delete current SAML session info record from DB

getAuthPoliciesList

java.util.List<java.lang.String> getAuthPoliciesList(java.lang.String aAuthServiceType)

Parameters:

aAuthServiceType -

Returns:

list of supported auth policies for a given auth servcie type

validateMapping

boolean validateMapping(ClipboardPage samlPage,
                        PublicAPI aTools,
                        java.lang.String samlPageName)

Parameters:

samlPage - SAML page

aTools -

samlPageName -

Returns:

true if validation successful. Otherwise return false