Search in sources :

Example 6 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlIdPUtils method getAssertionConsumerServiceFor.

/**
     * Gets assertion consumer service for.
     *
     * @param authnRequest    the authn request
     * @param servicesManager the services manager
     * @param resolver        the resolver
     * @return the assertion consumer service for
     */
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
    try {
        final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
        if (authnRequest.getAssertionConsumerServiceIndex() != null) {
            final String issuer = getIssuerFromSamlRequest(authnRequest);
            final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
            final CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(issuer));
            criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
            criteriaSet.add(new BindingCriterion(Arrays.asList(SAMLConstants.SAML2_POST_BINDING_URI)));
            final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
            it.forEach(entityDescriptor -> {
                final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
                final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
                if (acsEndpoints.isEmpty()) {
                    throw new RuntimeException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
                }
                final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
                if (acsIndex + 1 > acsEndpoints.size()) {
                    throw new RuntimeException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
                }
                final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
                acs.setBinding(foundAcs.getBinding());
                acs.setLocation(foundAcs.getLocation());
                acs.setResponseLocation(foundAcs.getResponseLocation());
                acs.setIndex(acsIndex);
            });
        } else {
            acs.setBinding(authnRequest.getProtocolBinding());
            acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
            acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
            acs.setIndex(0);
            acs.setIsDefault(Boolean.TRUE);
        }
        LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
        if (StringUtils.isBlank(acs.getBinding())) {
            throw new SamlException("AssertionConsumerService has no protocol binding defined");
        }
        if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
            throw new SamlException("AssertionConsumerService has no location or response location defined");
        }
        return acs;
    } catch (final Exception e) {
        throw new RuntimeException(new SamlException(e.getMessage(), e));
    }
}
Also used : AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) BindingCriterion(org.opensaml.saml.criterion.BindingCriterion) SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver) Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)

Aggregations

CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)6 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)4 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)4 SamlException (org.apereo.cas.support.saml.SamlException)3 MetadataCredentialResolver (org.opensaml.saml.security.impl.MetadataCredentialResolver)3 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)3 SignatureTrustEngine (org.opensaml.xmlsec.signature.support.SignatureTrustEngine)2 ExplicitKeySignatureTrustEngine (org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine)2 ArrayList (java.util.ArrayList)1 SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)1 SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)1 SAMLException (org.opensaml.saml.common.SAMLException)1 SAMLPeerEntityContext (org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)1 SAMLProtocolContext (org.opensaml.saml.common.messaging.context.SAMLProtocolContext)1 BindingCriterion (org.opensaml.saml.criterion.BindingCriterion)1 ProtocolCriterion (org.opensaml.saml.criterion.ProtocolCriterion)1 RoleDescriptorCriterion (org.opensaml.saml.criterion.RoleDescriptorCriterion)1 ChainingMetadataResolver (org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)1 MetadataResolver (org.opensaml.saml.metadata.resolver.MetadataResolver)1 PredicateRoleDescriptorResolver (org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver)1