use of com.onelogin.saml2.Auth in project platformlayer by platformlayer.
the class PlatformLayerAuthenticationClient method authenticateWithCertificate.
public PlatformlayerAuthenticationToken authenticateWithCertificate(String username, X509Certificate[] certificateChain, PrivateKey privateKey) throws PlatformlayerAuthenticationClientException {
if (username == null) {
throw new IllegalArgumentException();
}
CertificateCredentials certificateCredentials = new CertificateCredentials();
certificateCredentials.setUsername(username);
Auth auth = new Auth();
auth.setCertificateCredentials(certificateCredentials);
AuthenticateRequest request = new AuthenticateRequest();
request.setAuth(auth);
final KeyManager keyManager = new SimpleClientCertificateKeyManager(privateKey, certificateChain);
for (int i = 0; i < 2; i++) {
AuthenticateResponse response;
try {
RestfulRequest<AuthenticateResponse> httpRequest = httpClient.buildRequest(HttpMethod.POST, "api/tokens", HttpPayload.asXml(request), AuthenticateResponse.class);
httpRequest.setKeyManager(keyManager);
response = httpRequest.execute();
} catch (RestClientException e) {
throw new PlatformlayerAuthenticationClientException("Error authenticating", e);
}
if (i == 0) {
if (response == null || response.getChallenge() == null) {
return null;
}
byte[] challenge = response.getChallenge();
byte[] challengeResponse = decrypt(privateKey, challenge);
certificateCredentials.setChallengeResponse(challengeResponse);
} else {
if (response == null || response.getAccess() == null) {
return null;
}
return new PlatformlayerAuthenticationToken(response.getAccess());
}
}
return null;
}
use of com.onelogin.saml2.Auth in project sonarqube by SonarSource.
the class SamlIdentityProvider method init.
@Override
public void init(InitContext context) {
try {
Auth auth = newAuth(initSettings(context.getCallbackUrl()), context.getRequest(), context.getResponse());
auth.login(context.generateCsrfState());
} catch (IOException | SettingsException e) {
throw new IllegalStateException("Fail to intialize SAML authentication plugin", e);
}
}
use of com.onelogin.saml2.Auth in project sonarqube by SonarSource.
the class SamlIdentityProvider method callback.
@Override
public void callback(CallbackContext context) {
//
// Workaround for onelogin/java-saml validation not taking into account running a reverse proxy configuration. This change
// makes the validation take into account 'X-Forwarded-Proto' and 'Host' headers set by the reverse proxy
// More details here:
// - https://github.com/onelogin/java-saml/issues/198
// - https://github.com/onelogin/java-saml/issues/95
//
HttpServletRequest processedRequest = useProxyHeadersInRequest(context.getRequest());
Auth auth = newAuth(initSettings(null), processedRequest, context.getResponse());
processResponse(auth);
context.verifyCsrfState(STATE_REQUEST_PARAMETER);
LOGGER.trace("Name ID : {}", auth.getNameId());
checkAuthentication(auth);
samlMessageIdChecker.check(auth);
LOGGER.trace("Attributes received : {}", auth.getAttributes());
String login = getNonNullFirstAttribute(auth, samlSettings.getUserLogin());
UserIdentity.Builder userIdentityBuilder = UserIdentity.builder().setProviderLogin(login).setName(getNonNullFirstAttribute(auth, samlSettings.getUserName()));
samlSettings.getUserEmail().ifPresent(email -> userIdentityBuilder.setEmail(getFirstAttribute(auth, email)));
samlSettings.getGroupName().ifPresent(group -> userIdentityBuilder.setGroups(getGroups(auth, group)));
context.authenticate(userIdentityBuilder.build());
context.redirectToRequestedPage();
}
use of com.onelogin.saml2.Auth in project platformlayer by platformlayer.
the class PlatformLayerAuthenticationClient method authenticate.
public AuthenticateResponse authenticate(PasswordCredentials passwordCredentials) throws PlatformlayerAuthenticationClientException {
Auth auth = new Auth();
auth.setPasswordCredentials(passwordCredentials);
AuthenticateRequest request = new AuthenticateRequest();
request.setAuth(auth);
AuthenticateResponse response;
try {
response = doSimpleXmlRequest(HttpMethod.POST, "api/tokens", request, AuthenticateResponse.class);
} catch (RestClientException e) {
Integer httpResponseCode = e.getHttpResponseCode();
if (httpResponseCode != null && httpResponseCode == 401) {
throw new PlatformlayerInvalidCredentialsException("Invalid credentials");
}
throw new PlatformlayerAuthenticationClientException("Error authenticating", e);
}
return response;
}
Aggregations