Examples with SamlAttributeQueryTicket org.apereo.cas.ticket.query.SamlAttributeQueryTicket used on opensource projects

Example 1 with SamlAttributeQueryTicket

use of org.apereo.cas.ticket.query.SamlAttributeQueryTicket in project cas by apereo.

the class Saml2AttributeQueryProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SOAP_ATTRIBUTE_QUERY)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
    final MessageContext ctx = decodeSoapRequest(request);
    final AttributeQuery query = (AttributeQuery) ctx.getMessage();
    try {
        final String issuer = query.getIssuer().getValue();
        final SamlRegisteredService service = verifySamlRegisteredService(issuer);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, query);
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, query, facade);
        final Map<String, Object> attrs = new LinkedHashMap<>();
        if (query.getAttributes().isEmpty()) {
            final String id = this.samlAttributeQueryTicketFactory.createTicketIdFor(query.getSubject().getNameID().getValue());
            final SamlAttributeQueryTicket ticket = this.ticketRegistry.getTicket(id, SamlAttributeQueryTicket.class);
            final Authentication authentication = ticket.getTicketGrantingTicket().getAuthentication();
            final Principal principal = authentication.getPrincipal();
            final Map<String, Object> authnAttrs = authentication.getAttributes();
            final Map<String, Object> principalAttrs = principal.getAttributes();
            query.getAttributes().forEach(a -> {
                if (authnAttrs.containsKey(a.getName())) {
                    attrs.put(a.getName(), authnAttrs.get(a.getName()));
                } else if (principalAttrs.containsKey(a.getName())) {
                    attrs.put(a.getName(), principalAttrs.get(a.getName()));
                }
            });
        }
        final Assertion casAssertion = buildCasAssertion(issuer, service, attrs);
        this.responseBuilder.build(query, request, response, casAssertion, service, facade, SAMLConstants.SAML2_SOAP11_BINDING_URI);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
        samlFaultResponseBuilder.build(query, request, response, null, null, null, SAMLConstants.SAML2_SOAP11_BINDING_URI);
    }
}

Example 2 with SamlAttributeQueryTicket

use of org.apereo.cas.ticket.query.SamlAttributeQueryTicket in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method storeAttributeQueryTicketInRegistry.

private void storeAttributeQueryTicketInRegistry(final Assertion assertion, final HttpServletRequest request, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    final String value = assertion.getSubject().getNameID().getValue();
    final TicketGrantingTicket ticketGrantingTicket = CookieUtils.getTicketGrantingTicketFromRequest(ticketGrantingTicketCookieGenerator, this.ticketRegistry, request);
    final SamlAttributeQueryTicket ticket = samlAttributeQueryTicketFactory.create(value, assertion, adaptor.getEntityId(), ticketGrantingTicket);
    this.ticketRegistry.addTicket(ticket);
}