saml20-clj.core
Main interface for saml20-clj SP functionality. The core functionality is broken out into several separate namespaces, but vars are made available here via Potemkin.
Main interface for saml20-clj SP functionality. The core functionality is broken out into several separate namespaces, but vars are made available here via Potemkin.
accept-response!clj
(accept-response! this request-id)Called whenever a new response from IdP is received. The state manager should verify that request-id was
actually issued by us (e.g., one we've seen earlier when record-request!), and (hopefully) that it is not too old;
if the response is not acceptable, it must throw an Exception. The state manager should remove the request from its
state a response with the same ID cannot be used again (e.g. to prevent replay attacks).
Called whenever a new response from IdP is received. The state manager should verify that `request-id` was actually issued by us (e.g., one we've seen earlier when `record-request!`), and (hopefully) that it is not too old; if the response is not acceptable, it must throw an Exception. The state manager should remove the request from its state a response with the same ID cannot be used again (e.g. to prevent replay attacks).
assertionsclj
(assertions decrypted-response)(assertions possibly-encrypted-response sp-private-key)Returns the assertions (encrypted or not) of a SAML Response object
Returns the assertions (encrypted or not) of a SAML Response object
decrypt-responseclj
(decrypt-response response sp-private-key)Decrypt response using sp-private-key if it has encrypted Assertions. If it does not have encrypted assertions,
return response as-is.
Decrypt `response` using `sp-private-key` if it has encrypted Assertions. If it does not have encrypted assertions, return `response` as-is.
idp-redirect-responseclj
(idp-redirect-response saml-request idp-url relay-state)Return Ring response for HTTP 302 redirect.
Return Ring response for HTTP 302 redirect.
in-memory-state-managerclj
(in-memory-state-manager)(in-memory-state-manager request-timeout-seconds)(in-memory-state-manager request-timeout-seconds initial-state)A simple in-memory state manager, suitable for a single instance. Requests IDs are considered valid for a minimum of
request-timeout-seconds.
A simple in-memory state manager, suitable for a single instance. Requests IDs are considered valid for a minimum of `request-timeout-seconds`.
metadataclj
(metadata {:keys [app-name acs-url slo-url sp-cert requests-signed
want-assertions-signed]
:or {want-assertions-signed true requests-signed true}})record-request!clj
(record-request! this request-id)Called whenever a new request to the Dip goes out. The state manager should record request-id (and probably the
current timestamp as well) so it can be used for validating responses.
Called whenever a new request to the Dip goes out. The state manager should record `request-id` (and probably the current timestamp as well) so it can be used for validating responses.
requestclj
(request {:keys [request-id sp-name acs-url idp-url issuer state-manager
credential instant]
:or {request-id (str (java.util.UUID/randomUUID))
instant (t/instant)}})Return XML elements that represent a SAML 2.0 auth request.
Return XML elements that represent a SAML 2.0 auth request.
validateclj
(validate response idp-cert sp-private-key)(validate response idp-cert sp-private-key options)Validate response. Returns decrypted response if valid.
Validate response. Returns decrypted response if valid.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close