How to use saml - 10 common examples
To help you get started, we’ve selected a few saml examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
keycloak / keycloak / themes / src / main / resources / theme / base / admin / resources / js / controllers / clients.js View on Github 
$scope.samlServerSignatureEnableKeyInfoExtension = false;
$scope.samlAssertionSignature = false;
$scope.samlClientSignature = false;
$scope.samlEncrypt = false;
$scope.samlForcePostBinding = false;
$scope.samlForceNameIdFormat = false;
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[1];
$scope.disableAuthorizationTab = !client.authorizationServicesEnabled;
$scope.disableServiceAccountRolesTab = !client.serviceAccountsEnabled;
$scope.disableCredentialsTab = client.publicClient;
// KEYCLOAK-6771 Certificate Bound Token
// https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-3
$scope.tlsClientCertificateBoundAccessTokens = false;
$scope.accessTokenLifespan = TimeUnit2.asUnit(client.attributes['access.token.lifespan']);
$scope.samlAssertionLifespan = TimeUnit2.asUnit(client.attributes['saml.assertion.lifespan']);
if(client.origin) {
if ($scope.access.viewRealm) {
Components.get({realm: realm.realm, componentId: client.origin}, function (link) {
$scope.originName = link.name;
//$scope.originLink = "#/realms/" + realm.realm + "/user-storage/providers/" + link.providerId + "/" + link.id;
})
}
else {
// KEYCLOAK-4328
ClientStorageOperations.simpleName.get({realm: realm.realm, componentId: client.origin}, function (link) {
$scope.originName = link.name;
//$scope.originLink = $location.absUrl();
})
}
} else {if(!audience){
return next(new Error('audience is required'));
}
audience = asResource(audience);
var user = options.getUserFromRequest(req);
if(!user) return res.send(401);
var ctx = options.wctx || req.query.wctx;
if (!options.jwt) {
var profileMap = options.profileMapper(user);
var claims = profileMap.getClaims(options);
var ni = profileMap.getNameIdentifier(options);
saml11.create({
signatureAlgorithm: options.signatureAlgorithm,
digestAlgorithm: options.digestAlgorithm,
cert: options.cert,
key: options.key,
issuer: asResource(options.issuer),
lifetimeInSeconds: options.lifetime || (60 * 60 * 8),
audiences: audience,
attributes: claims,
nameIdentifier: ni.nameIdentifier,
nameIdentifierFormat: ni.nameIdentifierFormat,
encryptionPublicKey: options.encryptionPublicKey,
encryptionCert: options.encryptionCert
}, function(err, assertion) {
if (err) return next(err);
var escapedWctx = utils.escape(utils.escape(ctx)); // we need an escaped value for RequestSecurityTokenResponse.Context
var escapedAssertion = utils.escape(assertion); // we need an escaped value for RequestSecurityTokenResponse.Contextfunction getSamlResponse(options, user, callback) {
options.profileMapper = options.profileMapper || PassportProfileMapper;
options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ;
var profileMap = options.profileMapper(user);
var claims = profileMap.getClaims(options);
var ni = profileMap.getNameIdentifier(options);
if (!ni || !ni.nameIdentifier) {
var error = new Error('No attribute was found to generate the nameIdentifier. We tried with: ' + (options.nameIdentifierProbes || []).join(', '));
error.context = { user: user };
return callback(error);
}
saml20.create({
signatureAlgorithm: options.signatureAlgorithm,
digestAlgorithm: options.digestAlgorithm,
cert: options.cert,
key: options.key,
issuer: options.issuer,
lifetimeInSeconds: options.lifetimeInSeconds || 3600,
audiences: options.audience,
attributes: claims,
nameIdentifier: ni.nameIdentifier,
nameIdentifierFormat: ni.nameIdentifierFormat || options.nameIdentifierFormat,
recipient: options.recipient,
inResponseTo: options.inResponseTo,
authnContextClassRef: options.authnContextClassRef,
encryptionPublicKey: options.encryptionPublicKey,
encryptionCert: options.encryptionCert,
sessionIndex: options.sessionIndex,$scope.updateAssertionLifespan = function() {
if ($scope.samlAssertionLifespan.time) {
$scope.clientEdit.attributes['saml.assertion.lifespan'] = $scope.samlAssertionLifespan.toSeconds();
} else {
$scope.clientEdit.attributes['saml.assertion.lifespan'] = null;
}
}}
if ($scope.samlServerSignature == true) {
$scope.clientEdit.attributes["saml.server.signature"] = "true";
} else {
$scope.clientEdit.attributes["saml.server.signature"] = "false";
}
if ($scope.samlServerSignatureEnableKeyInfoExtension == true) {
$scope.clientEdit.attributes["saml.server.signature.keyinfo.ext"] = "true";
} else {
$scope.clientEdit.attributes["saml.server.signature.keyinfo.ext"] = "false";
}
if ($scope.samlAssertionSignature == true) {
$scope.clientEdit.attributes["saml.assertion.signature"] = "true";
} else {
$scope.clientEdit.attributes["saml.assertion.signature"] = "false";
}
if ($scope.samlClientSignature == true) {
$scope.clientEdit.attributes["saml.client.signature"] = "true";
} else {
$scope.clientEdit.attributes["saml.client.signature"] = "false";
}
if ($scope.samlEncrypt == true) {
$scope.clientEdit.attributes["saml.encrypt"] = "true";
} else {
$scope.clientEdit.attributes["saml.encrypt"] = "false";
}
if ($scope.samlAuthnStatement == true) {
$scope.clientEdit.attributes["saml.authnstatement"] = "true";
} else {if ($scope.client.attributes["saml.server.signature.keyinfo.ext"]) {
if ($scope.client.attributes["saml.server.signature.keyinfo.ext"] == "true") {
$scope.samlServerSignatureEnableKeyInfoExtension = true;
} else {
$scope.samlServerSignatureEnableKeyInfoExtension = false;
}
}
if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'NONE') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[0];
} else if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'KEY_ID') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[1];
} else if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'CERT_SUBJECT') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[2];
}
if ($scope.client.attributes["saml.assertion.signature"]) {
if ($scope.client.attributes["saml.assertion.signature"] == "true") {
$scope.samlAssertionSignature = true;
} else {
$scope.samlAssertionSignature = false;
}
}
if ($scope.client.attributes["saml.client.signature"]) {
if ($scope.client.attributes["saml.client.signature"] == "true") {
$scope.samlClientSignature = true;
} else {
$scope.samlClientSignature = false;
}
}
if ($scope.client.attributes["saml.encrypt"]) {
if ($scope.client.attributes["saml.encrypt"] == "true") {
$scope.samlEncrypt = true;
} else {}
if ($scope.client.attributes["saml.client.signature"]) {
if ($scope.client.attributes["saml.client.signature"] == "true") {
$scope.samlClientSignature = true;
} else {
$scope.samlClientSignature = false;
}
}
if ($scope.client.attributes["saml.encrypt"]) {
if ($scope.client.attributes["saml.encrypt"] == "true") {
$scope.samlEncrypt = true;
} else {
$scope.samlEncrypt = false;
}
}
if ($scope.client.attributes["saml.authnstatement"]) {
if ($scope.client.attributes["saml.authnstatement"] == "true") {
$scope.samlAuthnStatement = true;
} else {
$scope.samlAuthnStatement = false;
}
}
if ($scope.client.attributes["saml.onetimeuse.condition"]) {
if ($scope.client.attributes["saml.onetimeuse.condition"] == "true") {
$scope.samlOneTimeUseCondition = true;
} else {
$scope.samlOneTimeUseCondition = false;
}
}
if ($scope.client.attributes["saml_force_name_id_format"]) {
if ($scope.client.attributes["saml_force_name_id_format"] == "true") {
$scope.samlForceNameIdFormat = true;if ($scope.client.attributes["saml.client.signature"]) {
if ($scope.client.attributes["saml.client.signature"] == "true") {
$scope.samlClientSignature = true;
} else {
$scope.samlClientSignature = false;
}
}
if ($scope.client.attributes["saml.encrypt"]) {
if ($scope.client.attributes["saml.encrypt"] == "true") {
$scope.samlEncrypt = true;
} else {
$scope.samlEncrypt = false;
}
}
if ($scope.client.attributes["saml.authnstatement"]) {
if ($scope.client.attributes["saml.authnstatement"] == "true") {
$scope.samlAuthnStatement = true;
} else {
$scope.samlAuthnStatement = false;
}
}
if ($scope.client.attributes["saml.onetimeuse.condition"]) {
if ($scope.client.attributes["saml.onetimeuse.condition"] == "true") {
$scope.samlOneTimeUseCondition = true;
} else {
$scope.samlOneTimeUseCondition = false;
}
}
if ($scope.client.attributes["saml_force_name_id_format"]) {
if ($scope.client.attributes["saml_force_name_id_format"] == "true") {
$scope.samlForceNameIdFormat = true;
} else {if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'NONE') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[0];
} else if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'KEY_ID') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[1];
} else if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'CERT_SUBJECT') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[2];
}
if ($scope.client.attributes["saml.assertion.signature"]) {
if ($scope.client.attributes["saml.assertion.signature"] == "true") {
$scope.samlAssertionSignature = true;
} else {
$scope.samlAssertionSignature = false;
}
}
if ($scope.client.attributes["saml.client.signature"]) {
if ($scope.client.attributes["saml.client.signature"] == "true") {
$scope.samlClientSignature = true;
} else {
$scope.samlClientSignature = false;
}
}
if ($scope.client.attributes["saml.encrypt"]) {
if ($scope.client.attributes["saml.encrypt"] == "true") {
$scope.samlEncrypt = true;
} else {
$scope.samlEncrypt = false;
}
}
if ($scope.client.attributes["saml.authnstatement"]) {
if ($scope.client.attributes["saml.authnstatement"] == "true") {
$scope.samlAuthnStatement = true;
} else {}
if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'NONE') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[0];
} else if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'KEY_ID') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[1];
} else if ($scope.client.attributes['saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer'] === 'CERT_SUBJECT') {
$scope.samlXmlKeyNameTranformer = $scope.xmlKeyNameTranformers[2];
}
if ($scope.client.attributes["saml.assertion.signature"]) {
if ($scope.client.attributes["saml.assertion.signature"] == "true") {
$scope.samlAssertionSignature = true;
} else {
$scope.samlAssertionSignature = false;
}
}
if ($scope.client.attributes["saml.client.signature"]) {
if ($scope.client.attributes["saml.client.signature"] == "true") {
$scope.samlClientSignature = true;
} else {
$scope.samlClientSignature = false;
}
}
if ($scope.client.attributes["saml.encrypt"]) {
if ($scope.client.attributes["saml.encrypt"] == "true") {
$scope.samlEncrypt = true;
} else {
$scope.samlEncrypt = false;
}
}
if ($scope.client.attributes["saml.authnstatement"]) {
if ($scope.client.attributes["saml.authnstatement"] == "true") {
$scope.samlAuthnStatement = true;saml
Create SAML assertions. Supports SAML 1.1 and SAML 2.0 tokens.
Package Health Score
57 / 100Popular saml functions
- saml.assertion.lifespan
- saml.assertion.signature
- saml.authnstatement
- saml.client.signature
- saml.encrypt
- saml.force.post.binding
- saml.multivalued.roles
- saml.onetimeuse.condition
- saml.Saml11
- saml.Saml11.create
- saml.Saml20
- saml.Saml20.create
- saml.server.signature
- saml.server.signature.keyinfo.ext
- saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer
- saml.signature.algorithm