use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.
the class SamlRegisteredServiceDefaultCachingMetadataResolverTests method getCriteriaFor.
private static CriteriaSet getCriteriaFor(final String entityId) {
val criteriaSet1 = new CriteriaSet();
criteriaSet1.add(new EntityIdCriterion(entityId));
criteriaSet1.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
return criteriaSet1;
}
use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.
the class SamlIdPUtils method determineNameIdNameQualifier.
/**
* Determine name id name qualifier string.
*
* @param samlRegisteredService the saml registered service
* @param samlIdPMetadataResolver the saml id p metadata resolver
* @return the string
*/
public static String determineNameIdNameQualifier(final SamlRegisteredService samlRegisteredService, final MetadataResolver samlIdPMetadataResolver) {
if (StringUtils.isNotBlank(samlRegisteredService.getNameIdQualifier())) {
return samlRegisteredService.getNameIdQualifier();
}
val nameQualifier = FunctionUtils.doIf(StringUtils.isNotBlank(samlRegisteredService.getIssuerEntityId()), samlRegisteredService::getIssuerEntityId, Unchecked.supplier(() -> {
val criteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(samlRegisteredService));
LOGGER.trace("Resolving entity id from SAML2 IdP metadata to determine issuer for [{}]", samlRegisteredService.getName());
val entityDescriptor = Objects.requireNonNull(samlIdPMetadataResolver.resolveSingle(criteriaSet));
return entityDescriptor.getEntityID();
})).get();
LOGGER.debug("Using name qualifier [{}] for the Name ID", nameQualifier);
return nameQualifier;
}
use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project verify-hub by alphagov.
the class IdpSingleSignOnServiceHelper method getSingleSignOn.
public URI getSingleSignOn(String entityId) {
EntityDescriptor idpEntityDescriptor;
try {
CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(entityId));
idpEntityDescriptor = metadataProvider.resolveSingle(criteria);
} catch (ResolverException e) {
LOG.log(Level.SEVERE, format("Exception when accessing metadata: {0}", e));
throw new RuntimeException(e);
}
if (idpEntityDescriptor != null) {
final IDPSSODescriptor idpssoDescriptor = idpEntityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices();
if (singleSignOnServices.isEmpty()) {
LOG.log(Level.SEVERE, format("No singleSignOnServices present for IDP entityId: {0}", entityId));
} else {
if (singleSignOnServices.size() > 1) {
LOG.log(Level.WARNING, format("More than one singleSignOnService present: {0} for {1}", singleSignOnServices.size(), entityId));
}
return URI.create(singleSignOnServices.get(0).getLocation());
}
}
throw ApplicationException.createUnauditedException(ExceptionType.NOT_FOUND, UUID.randomUUID(), new RuntimeException(format("no entity descriptor for IDP: {0}", entityId)));
}
use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project verify-hub by alphagov.
the class HubAsIdpMetadataHandler method getMetadataAsAnIdentityProvider.
public HubIdentityProviderMetadataDto getMetadataAsAnIdentityProvider() {
URI hubFrontend = samlProxyConfiguration.getFrontendExternalUri();
SamlEndpointDto binding = new SamlEndpointDto(SamlEndpointDto.Binding.POST, URI.create(hubFrontend + SAML2_SSO_REQUEST_ENDPOINT));
Iterable<EntityDescriptor> entityDescriptors;
try {
CriteriaSet criteria = new CriteriaSet(new EntitiesDescriptorNameCriterion(hubFederationId));
entityDescriptors = metadataResolver.resolve(criteria);
LOG.info("Retrieved metadata from " + samlProxyConfiguration.getMetadataConfiguration().getUri());
} catch (ResolverException e) {
throw ApplicationException.createUnauditedException(ExceptionType.METADATA_PROVIDER_EXCEPTION, e.getMessage(), e);
}
final Iterable<EntityDescriptor> idpEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) != null).collect(Collectors.toList());
final Iterable<EntityDescriptor> hubEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getEntityID().equals(hubEntityId)).collect(Collectors.toList());
final Iterable<List<Certificate>> idpSigningCertificates = StreamSupport.stream(idpEntityDescriptors.spliterator(), false).map(this::getIDPSigningCertificates).collect(Collectors.toList());
final Iterable<Certificate> hubEncryptionCertificate = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubEncryptionCertificate).collect(Collectors.toList());
final Iterable<List<Certificate>> hubSigningCertificates = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubSigningCertificates).collect(Collectors.toList());
return new HubIdentityProviderMetadataDto(singletonList(binding), hubEntityId, organisationDto, Collections.emptySet(), ImmutableList.copyOf(Iterables.concat(idpSigningCertificates)), DateTime.now().plus(samlProxyConfiguration.getMetadataValidDuration().toMilliseconds()), ImmutableList.copyOf(Iterables.concat(hubSigningCertificates)), hubEncryptionCertificate.iterator().next());
}
use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project spring-security by spring-projects.
the class OpenSamlSigningUtils method resolveSigningParameters.
private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
CriteriaSet criteria = new CriteriaSet();
BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
signingConfiguration.setSigningCredentials(credentials);
signingConfiguration.setSignatureAlgorithms(algorithms);
signingConfiguration.setSignatureReferenceDigestMethods(digests);
signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
try {
SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
Assert.notNull(parameters, "Failed to resolve any signing credential");
return parameters;
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Aggregations