Liking cljdoc? Tell your friends :D

saml20-clj.sp.response

Code for parsing the XML response (as a String)from the IdP to an OpenSAML Response, and for basic operations like validating the signature and reading assertions.

Code for parsing the XML response (as a String)from the IdP to an OpenSAML `Response`, and for basic operations like
validating the signature and reading assertions.
raw docstring

Assertion->mapclj

(Assertion->map assertion)

Returns the attributes and the 'audiences' for the given SAML assertion

Returns the attributes and the 'audiences' for the given SAML assertion
raw docstring

assertion->subject-confirmation-datasclj

(assertion->subject-confirmation-datas assertion)

assertionsclj

(assertions decrypted-response)
(assertions possibly-encrypted-response sp-private-key)

Returns the assertions (encrypted or not) of a SAML Response object

Returns the assertions (encrypted or not) of a SAML Response object
raw docstring

clone-responseclj

(clone-response response)

Clone an OpenSAML response object.

Clone an OpenSAML `response` object.
raw docstring

decrypt-responseclj

(decrypt-response response sp-private-key)

Decrypt response using sp-private-key if it has encrypted Assertions. If it does not have encrypted assertions, return response as-is.

Decrypt `response` using `sp-private-key` if it has encrypted Assertions. If it does not have encrypted assertions,
return `response` as-is.
raw docstring

default-validation-optionsclj


ensure-encrypted-assertionsclj

(ensure-encrypted-assertions response)

opensaml-assertionsclj

(opensaml-assertions response)

response-statusclj

(response-status response)

Parses and returns information about the status (i.e. successful or not), the version, addressing info etc. of the SAML response

Check the javadoc of OpenSAML at:

https://build.shibboleth.net/nexus/service/local/repositories/releases/archive/org/opensaml/opensaml/2.5.3/opensaml-2.5.3-javadoc.jar/!/index.html

Parses and returns information about the status (i.e. successful or not), the version, addressing info etc. of the
SAML response

Check the javadoc of OpenSAML at:

https://build.shibboleth.net/nexus/service/local/repositories/releases/archive/org/opensaml/opensaml/2.5.3/opensaml-2.5.3-javadoc.jar/!/index.html
raw docstring

saml2-attr->nameclj


subjectclj

(subject assertion)

subject-confirmationsclj

(subject-confirmations subject)

subject-dataclj

(subject-data subject-confirmation)

validateclj

(validate response idp-cert sp-private-key)
(validate response
          idp-cert
          sp-private-key
          {:keys [response-validators assertion-validators acs-url request-id
                  state-manager user-agent-address issuer solicited?
                  allowable-clock-skew-seconds]})

Validate response. Returns decrypted response if valid. Options:

  • :response-validators - optional. The validators to run against the <Response> itself. Validators are implemented as methods of validate-response. If this is not passed, uses validators defined in default-validation-options.

  • :assertion-validators - optional. the validators to run against each <Assertion> in the response. Validators are implemented as methods of validate-assertion. If this is not passed, uses validators defined in default-validation-options.

  • :acs-url - REQUIRED. Assertion consumer service URL. The :recipient assertion validates this.

  • :request-id - optional. Validated by the :in-response-to validator if passed.

  • :state-manager - optional. An instance of StateManager (such as in-memory-state-manager) that can check whether a Response with the given ID was already processed.

  • :user-agent-address - optional. Address of the client. If present, the :address validator will check that any Address information in the <SubjectConfimrationData> passes.

  • :issuer - optional. Unique identifier for the IdP. If passed, the :issuer validators will validate any Issuer information present on the <Response>, and the Issuer of each <Assertion> (Issuer is required for Assertions).

  • :solicited? - optional. Whether this request is the result of an SSO login flow initiated by the SP (us). If this is false, the :in-response-tovalidator checks that therequest-idinnil`.

  • :allowable-clock-skew-seconds - optional. By default, 3 minutes. The amount of leeway to use when validating NotOnOrAfter and NotBefore attributes.

Validate response. Returns decrypted response if valid. Options:

* `:response-validators` - optional. The validators to run against the `<Response>` itself. Validators are
   implemented as methods of `validate-response`. If this is not passed, uses validators defined in
   `default-validation-options`.

* `:assertion-validators` - optional. the validators to run against each `<Assertion>` in the response. Validators are
  implemented as methods of `validate-assertion`. If this is not passed, uses validators defined in
  `default-validation-options`.

* `:acs-url` - REQUIRED. Assertion consumer service URL. The `:recipient` assertion validates this.

* `:request-id` - optional. Validated by the `:in-response-to` validator if passed.

* `:state-manager` - optional. An instance of `StateManager` (such as `in-memory-state-manager`) that can check
  whether a Response with the given ID was already processed.

* `:user-agent-address` - optional. Address of the client. If present, the `:address` validator will check that any
  `Address` information in the `<SubjectConfimrationData>` passes.

* `:issuer` - optional. Unique identifier for the IdP. If passed, the `:issuer` validators will validate any
  `Issuer` information present on the `<Response>`, and the `Issuer` of each `<Assertion>` (`Issuer` is required for
  Assertions).

* `:solicited?` - optional. Whether this request is the result of an SSO login flow initiated by the SP (us). If
  this is `false`, the :in-response-to` validator checks that the `request-id` in `nil`.

* `:allowable-clock-skew-seconds` - optional. By default, 3 minutes. The amount of leeway to use when validating
  `NotOnOrAfter` and `NotBefore` attributes.
raw docstring

validate-assertioncljmultimethod

(validate-assertion validation response options)

Perform a validation operation on an Assertion.

Perform a validation operation on an Assertion.
raw docstring

validate-confirmation-datascljmacro

(validate-confirmation-datas [data-binding assertion] & body)

Extracts an instance of SubjectConfirmationData from assertion and binds it to data-binding, then executes body.

Extracts an instance of `SubjectConfirmationData` from `assertion` and binds it to `data-binding`, then executes
body.
raw docstring

validate-responsecljmultimethod

(validate-response validation
                   possibly-encrypted-response
                   unencryped-response
                   options)

Perform a validation operation on a Response.

Perform a validation operation on a Response.
raw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close