saml20-clj.sp.response

Liking cljdoc? Tell your friends :D

Clojure only.

Assertion->map
assertion->subject-confirmation-datas
assertions
clone-response
decrypt-response
default-validation-options
ensure-encrypted-assertions
opensaml-assertions
response-status
saml2-attr->name
subject
subject-confirmations
subject-data
validate
validate-assertion
validate-confirmation-datas
validate-response

Code for parsing the XML response (as a String)from the IdP to an OpenSAML Response, and for basic operations like validating the signature and reading assertions.

Code for parsing the XML response (as a String)from the IdP to an OpenSAML `Response`, and for basic operations like
validating the signature and reading assertions.

raw docstring

Assertion->map^clj

(Assertion->map assertion)

Returns the attributes and the 'audiences' for the given SAML assertion

Returns the attributes and the 'audiences' for the given SAML assertion

raw docstring

assertion->subject-confirmation-datas^clj

(assertion->subject-confirmation-datas assertion)

assertions^clj

(assertions decrypted-response)

(assertions possibly-encrypted-response sp-private-key)

Returns the assertions (encrypted or not) of a SAML Response object

Returns the assertions (encrypted or not) of a SAML Response object

raw docstring

clone-response^clj

(clone-response response)

Clone an OpenSAML response object.

Clone an OpenSAML `response` object.

raw docstring

decrypt-response^clj

(decrypt-response response sp-private-key)

Decrypt response using sp-private-key if it has encrypted Assertions. If it does not have encrypted assertions, return response as-is.

Decrypt `response` using `sp-private-key` if it has encrypted Assertions. If it does not have encrypted assertions,
return `response` as-is.

raw docstring

default-validation-options^clj

ensure-encrypted-assertions^clj

(ensure-encrypted-assertions response)

opensaml-assertions^clj

(opensaml-assertions response)

response-status^clj

(response-status response)

Parses and returns information about the status (i.e. successful or not), the version, addressing info etc. of the SAML response

Check the javadoc of OpenSAML at:

https://build.shibboleth.net/nexus/service/local/repositories/releases/archive/org/opensaml/opensaml/2.5.3/opensaml-2.5.3-javadoc.jar/!/index.html

Parses and returns information about the status (i.e. successful or not), the version, addressing info etc. of the
SAML response

Check the javadoc of OpenSAML at:

https://build.shibboleth.net/nexus/service/local/repositories/releases/archive/org/opensaml/opensaml/2.5.3/opensaml-2.5.3-javadoc.jar/!/index.html

raw docstring

saml2-attr->name^clj

subject^clj

(subject assertion)

subject-confirmations^clj

(subject-confirmations subject)

subject-data^clj

(subject-data subject-confirmation)

validate^clj

(validate response idp-cert sp-private-key)

(validate response
          idp-cert
          sp-private-key
          {:keys [response-validators assertion-validators acs-url request-id
                  state-manager user-agent-address issuer solicited?
                  allowable-clock-skew-seconds]})

Validate response. Returns decrypted response if valid. Options:

:response-validators - optional. The validators to run against the <Response> itself. Validators are implemented as methods of validate-response. If this is not passed, uses validators defined in default-validation-options.
:assertion-validators - optional. the validators to run against each <Assertion> in the response. Validators are implemented as methods of validate-assertion. If this is not passed, uses validators defined in default-validation-options.
:acs-url - REQUIRED. Assertion consumer service URL. The :recipient assertion validates this.
:request-id - optional. Validated by the :in-response-to validator if passed.
:state-manager - optional. An instance of StateManager (such as in-memory-state-manager) that can check whether a Response with the given ID was already processed.
:user-agent-address - optional. Address of the client. If present, the :address validator will check that any Address information in the <SubjectConfimrationData> passes.
:issuer - optional. Unique identifier for the IdP. If passed, the :issuer validators will validate any Issuer information present on the <Response>, and the Issuer of each <Assertion> (Issuer is required for Assertions).
:solicited? - optional. Whether this request is the result of an SSO login flow initiated by the SP (us). If this is false, the :in-response-tovalidator checks that therequest-idinnil`.
:allowable-clock-skew-seconds - optional. By default, 3 minutes. The amount of leeway to use when validating NotOnOrAfter and NotBefore attributes.

Validate response. Returns decrypted response if valid. Options:

* `:response-validators` - optional. The validators to run against the `<Response>` itself. Validators are
   implemented as methods of `validate-response`. If this is not passed, uses validators defined in
   `default-validation-options`.

* `:assertion-validators` - optional. the validators to run against each `<Assertion>` in the response. Validators are
  implemented as methods of `validate-assertion`. If this is not passed, uses validators defined in
  `default-validation-options`.

* `:acs-url` - REQUIRED. Assertion consumer service URL. The `:recipient` assertion validates this.

* `:request-id` - optional. Validated by the `:in-response-to` validator if passed.

* `:state-manager` - optional. An instance of `StateManager` (such as `in-memory-state-manager`) that can check
  whether a Response with the given ID was already processed.

* `:user-agent-address` - optional. Address of the client. If present, the `:address` validator will check that any
  `Address` information in the `<SubjectConfimrationData>` passes.

* `:issuer` - optional. Unique identifier for the IdP. If passed, the `:issuer` validators will validate any
  `Issuer` information present on the `<Response>`, and the `Issuer` of each `<Assertion>` (`Issuer` is required for
  Assertions).

* `:solicited?` - optional. Whether this request is the result of an SSO login flow initiated by the SP (us). If
  this is `false`, the :in-response-to` validator checks that the `request-id` in `nil`.

* `:allowable-clock-skew-seconds` - optional. By default, 3 minutes. The amount of leeway to use when validating
  `NotOnOrAfter` and `NotBefore` attributes.

raw docstring

validate-assertion^cljmultimethod

(validate-assertion validation response options)

Perform a validation operation on an Assertion.

Perform a validation operation on an Assertion.

raw docstring

validate-confirmation-datas^cljmacro

(validate-confirmation-datas [data-binding assertion] & body)

Extracts an instance of SubjectConfirmationData from assertion and binds it to data-binding, then executes body.

Extracts an instance of `SubjectConfirmationData` from `assertion` and binds it to `data-binding`, then executes
body.

raw docstring

validate-response^cljmultimethod

(validate-response validation
                   possibly-encrypted-response
                   unencryped-response
                   options)

Perform a validation operation on a Response.

Perform a validation operation on a Response.

raw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close