• Home
• org.elasticsearch.plugin
• x-pack-security
• 8.16.0
• source code
• SamlToken.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.elasticsearch.xpack.security.authc.saml.SamlToken Maven / Gradle / Ivy

/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
package org.elasticsearch.xpack.security.authc.saml;

import org.apache.commons.codec.binary.Hex;
import org.elasticsearch.common.Strings;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;

import java.util.List;

/**
 * A very lightweight {@link AuthenticationToken} to hold SAML content.
 * Due to the nature of SAML, it is impossible to know the {@link #principal() principal} for the token
 * until it is parsed and validated, so this token always returns a placeholder value.
 * @see SamlRealm#authenticate
 */
public class SamlToken implements AuthenticationToken {
    private byte[] content;
    private final List allowedSamlRequestIds;
    private final String authenticatingRealm;

    /**
     * @param content The content of the SAML message. This should be raw XML. In particular it should not be
     *                base64 encoded.
     * @param allowedSamlRequestIds The request Ids for the authentication requests this SAML response is allowed to be in response to.
     * @param authenticatingRealm The realm that should autenticate this SAML message.
     */
    public SamlToken(byte[] content, List allowedSamlRequestIds, @Nullable String authenticatingRealm) {
        this.content = content;
        this.allowedSamlRequestIds = allowedSamlRequestIds;
        this.authenticatingRealm = authenticatingRealm;
    }

    @Override
    public String principal() {
        return "";
    }

    @Override
    public Object credentials() {
        return content;
    }

    @Override
    public void clearCredentials() {
        content = null;
    }

    public byte[] getContent() {
        return content;
    }

    public List getAllowedSamlRequestIds() {
        return allowedSamlRequestIds;
    }

    public String getAuthenticatingRealm() {
        return authenticatingRealm;
    }

    @Override
    public String toString() {
        return getClass().getSimpleName() + "{" + Strings.cleanTruncate(Hex.encodeHexString(content), 128) + "...}";
    }
}