The compojure based routes for the SAML Service Provider (SP)
The compojure based routes for the SAML Service Provider (SP)
(create-hmac-relay-state secret-key-spec relay-state)
(helmsman-routes saml20-config)
(meta-response req)
(new-request-handler req)
(process-response-handler {:keys [saml20 params session] :as req})
(redirect-to-saml continue-to-url)
(saml-routes {:keys [app-name base-uri idp-uri idp-cert keystore-file
keystore-password key-alias]})
The SP routes. They can be combined with application specific routes. Also it is assumed that they are wrapped with compojure.handler/site or wrap-params and wrap-session.
The single argument is a map containing the following fields:
:app-name - The application's name :base-uri - The Base URI for the application i.e. its remotely accessible hostname and (if needed) port, e.g. https://example.org:8443 This is used for building the 'AssertionConsumerService' URI for the HTTP-POST Binding, by prepending the base-uri to the '/saml' string. :idp-uri - The URI for the IdP to use. This should be the URI for the HTTP-Redirect SAML Binding :idp-cert - The IdP certificate that contains the public key used by IdP for signing responses. This is optional: if not used no signature validation will be performed in the responses :keystore-file - The filename that is the Java keystore for the private key used by this SP for the decryption of responses coming from IdP :keystore-password - The password for opening the keystore file :key-alias - The alias for the private key in the keystore
The created routes are the following:
GET /saml/meta : This returns a SAML metadata XML file that has the needed information for registering this SP. For example, it has the public key for this SP.
GET /saml : it redirects to the IdP with the SAML request envcoded in the URI per the HTTP-Redirect binding. This route accepts a 'continue' parameter that can have the relative URI, where the browser should be redirected to after the successful login in the IdP.
POST /saml : this is the endpoint for accepting the responses from the IdP. It then redirects the browser to the 'continue-url' that is found in the RelayState paramete, or the '/' root of the app.
The SP routes. They can be combined with application specific routes. Also it is assumed that they are wrapped with compojure.handler/site or wrap-params and wrap-session. The single argument is a map containing the following fields: :app-name - The application's name :base-uri - The Base URI for the application i.e. its remotely accessible hostname and (if needed) port, e.g. https://example.org:8443 This is used for building the 'AssertionConsumerService' URI for the HTTP-POST Binding, by prepending the base-uri to the '/saml' string. :idp-uri - The URI for the IdP to use. This should be the URI for the HTTP-Redirect SAML Binding :idp-cert - The IdP certificate that contains the public key used by IdP for signing responses. This is optional: if not used no signature validation will be performed in the responses :keystore-file - The filename that is the Java keystore for the private key used by this SP for the decryption of responses coming from IdP :keystore-password - The password for opening the keystore file :key-alias - The alias for the private key in the keystore The created routes are the following: - GET /saml/meta : This returns a SAML metadata XML file that has the needed information for registering this SP. For example, it has the public key for this SP. - GET /saml : it redirects to the IdP with the SAML request envcoded in the URI per the HTTP-Redirect binding. This route accepts a 'continue' parameter that can have the relative URI, where the browser should be redirected to after the successful login in the IdP. - POST /saml : this is the endpoint for accepting the responses from the IdP. It then redirects the browser to the 'continue-url' that is found in the RelayState paramete, or the '/' root of the app.
(saml-wrapper handler
{:keys [base-uri app-name idp-uri idp-cert keystore-file
keystore-password key-alias]
:as saml20-config}
mutables)
(valid-hmac-relay-state? secret-key-spec hmac-relay-state)
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close