Examples with CriteriaSet net.shibboleth.utilities.java.support.resolver.CriteriaSet used on opensource projects

Search in sources :

Example 16 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class CasSamlServiceProvidersConfiguration method coreSamlServiceProvidersInitializingBean.

@Bean
public InitializingBean coreSamlServiceProvidersInitializingBean(@Qualifier(ServicesManager.BEAN_NAME) final ServicesManager servicesManager, final CasConfigurationProperties casProperties, @Qualifier(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME) final SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
    return () -> {
        val preloadMetadata = (Function<SamlRegisteredService, Void>) service -> {
            LOGGER.info("Launching background thread to load the metadata. This might take a while...");
            new Thread(() -> {
                LOGGER.debug("Loading metadata at [{}]...", service.getMetadataLocation());
                samlRegisteredServiceCachingMetadataResolver.resolve(service, new CriteriaSet());
            }, getClass().getSimpleName()).start();
            return null;
        };
        val samlSp = casProperties.getSamlSp();
        processSamlServiceProvider(samlSp.getAcademicHealthPlans(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getAcademicWorks(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getAdobeCloud(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getAmazon(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getAppDynamics(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getArcGIS(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getArmsSoftware(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getAsana(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getBenefitFocus(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getBlackBaud(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getBox(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getBynder(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getCccco(), servicesManager, samlRegisteredServiceCachingMetadataResolver, preloadMetadata);
        processSamlServiceProvider(samlSp.getCherWell(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getConcurSolutions(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getConfluence(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getCraniumCafe(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getCrashPlan(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getDocuSign(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getDropbox(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getEasyIep(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getEgnyte(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getEmma(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getEverBridge(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getEvernote(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getFamis(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getGartner(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getGitlab(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getGiveCampus(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getInCommon(), servicesManager, samlRegisteredServiceCachingMetadataResolver, preloadMetadata);
        processSamlServiceProvider(samlSp.getInfiniteCampus(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getJira(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getNeoGov(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getNetPartner(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getNewRelic(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getOffice365(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getOpenAthens(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getPagerDuty(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getPollEverywhere(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getQualtrics(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getRocketChat(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSafariOnline(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSalesforce(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSaManage(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSansSth(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getServiceNow(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSlack(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getTopHat(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSserca(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getSymplicity(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getTableau(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getWarpWire(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getWebAdvisor(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getWebex(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getWorkday(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getYuja(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getZendesk(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getZimbra(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
        processSamlServiceProvider(samlSp.getZoom(), servicesManager, samlRegisteredServiceCachingMetadataResolver);
    };
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver) lombok.val(lombok.val) SamlSPUtils(org.apereo.cas.util.SamlSPUtils) Function(java.util.function.Function) InitializingBean(org.springframework.beans.factory.InitializingBean) Configuration(org.springframework.context.annotation.Configuration) Slf4j(lombok.extern.slf4j.Slf4j) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) AbstractSamlSPProperties(org.apereo.cas.configuration.model.support.saml.sps.AbstractSamlSPProperties) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) Qualifier(org.springframework.beans.factory.annotation.Qualifier) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Bean(org.springframework.context.annotation.Bean) ServicesManager(org.apereo.cas.services.ServicesManager) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) InitializingBean(org.springframework.beans.factory.InitializingBean) Bean(org.springframework.context.annotation.Bean)

Example 17 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlSPUtils method determineEntityIdList.

private static List<String> determineEntityIdList(final AbstractSamlSPProperties sp, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredService service) {
    val entityIDList = sp.getEntityIds();
    if (entityIDList.isEmpty()) {
        val criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
        criteriaSet.add(new SatisfyAnyCriterion());
        val metadataResolver = resolver.resolve(service, criteriaSet);
        val resolvers = new ArrayList<MetadataResolver>();
        if (metadataResolver instanceof ChainingMetadataResolver) {
            resolvers.addAll(((ChainingMetadataResolver) metadataResolver).getResolvers());
        } else {
            resolvers.add(metadataResolver);
        }
        resolvers.forEach(r -> {
            if (r instanceof AbstractBatchMetadataResolver) {
                val it = ((AbstractBatchMetadataResolver) r).iterator();
                val descriptor = StreamSupport.stream(Spliterators.spliteratorUnknownSize(it, Spliterator.ORDERED), false).filter(e -> e.getSPSSODescriptor(SAMLConstants.SAML20P_NS) != null).findFirst();
                if (descriptor.isPresent()) {
                    entityIDList.add(descriptor.get().getEntityID());
                } else {
                    LOGGER.warn("Skipped registration of [{}] since no entity id could be found", sp.getName());
                }
            }
        });
    }
    return entityIDList;
}
Also used : lombok.val(lombok.val) SatisfyAnyCriterion(org.opensaml.core.criterion.SatisfyAnyCriterion) AbstractBatchMetadataResolver(org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver) Ordered(org.springframework.core.Ordered) PrincipalAttributeRegisteredServiceUsernameProvider(org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider) SneakyThrows(lombok.SneakyThrows) Spliterators(java.util.Spliterators) SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver) StringUtils(org.apache.commons.lang3.StringUtils) AbstractBatchMetadataResolver(org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver) ArrayList(java.util.ArrayList) UtilityClass(lombok.experimental.UtilityClass) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) SatisfyAnyCriterion(org.opensaml.core.criterion.SatisfyAnyCriterion) StreamSupport(java.util.stream.StreamSupport) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) ServicesManager(org.apereo.cas.services.ServicesManager) lombok.val(lombok.val) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) RegisteredService(org.apereo.cas.services.RegisteredService) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) AbstractSamlSPProperties(org.apereo.cas.configuration.model.support.saml.sps.AbstractSamlSPProperties) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) CoreAuthenticationUtils(org.apereo.cas.authentication.CoreAuthenticationUtils) PredicateFilter(org.opensaml.saml.metadata.resolver.filter.impl.PredicateFilter) Spliterator(java.util.Spliterator) ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) ArrayList(java.util.ArrayList)

Example 18 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class DefaultSamlIdPObjectSigner method getSignatureSigningConfiguration.

/**
 * Gets signature signing configuration.
 * The resolved used is {@link SamlIdPMetadataCredentialResolver} that
 * allows the entire criteria set to be passed to the role descriptor resolver.
 * This behavior allows the passing of {@link SamlIdPSamlRegisteredServiceCriterion}
 * so signing configuration, etc can be fetched for a specific service as an override,
 * if on is in fact defined for the service.
 *
 * @param service the service
 * @return the signature signing configuration
 * @throws Exception the exception
 */
protected SignatureSigningConfiguration getSignatureSigningConfiguration(final SamlRegisteredService service) throws Exception {
    val config = configureSignatureSigningSecurityConfiguration(service);
    val samlIdp = casProperties.getAuthn().getSamlIdp();
    val privateKey = getSigningPrivateKey(service);
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(samlIdPMetadataResolver, samlIdp.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new SignatureSigningConfigurationCriterion(config));
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    val entityIdCriteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.trace("Resolving entity id from SAML2 IdP metadata for signature signing configuration is [{}]", service.getName());
    val entityId = Objects.requireNonNull(samlIdPMetadataResolver.resolveSingle(entityIdCriteriaSet)).getEntityID();
    LOGGER.trace("Resolved entity id from SAML2 IdP metadata is [{}]", entityId);
    criteriaSet.add(new EntityIdCriterion(entityId));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.trace("Resolved signing credentials based on criteria [{}]", criteriaSet);
    val credentials = Sets.newLinkedHashSet(mdCredentialResolver.resolve(criteriaSet));
    LOGGER.trace("Resolved [{}] signing credentials", credentials.size());
    val finalCredentials = new ArrayList<Credential>();
    credentials.stream().map(c -> getResolvedSigningCredential(c, privateKey, service)).filter(Objects::nonNull).filter(c -> doesCredentialFingerprintMatch(c, service)).forEach(finalCredentials::add);
    if (finalCredentials.isEmpty()) {
        LOGGER.error("Unable to locate any signing credentials for service [{}]", service.getName());
        throw new IllegalArgumentException("Unable to locate signing credentials");
    }
    config.setSigningCredentials(finalCredentials);
    LOGGER.trace("Signature signing credentials configured with [{}] credentials", finalCredentials.size());
    return config;
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) MessageContext(org.opensaml.messaging.context.MessageContext) SneakyThrows(lombok.SneakyThrows) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration) StringUtils(org.apache.commons.lang3.StringUtils) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) SamlUtils(org.apereo.cas.support.saml.SamlUtils) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) LoggingUtils(org.apereo.cas.util.LoggingUtils) Pair(org.apache.commons.lang3.tuple.Pair) SamlException(org.apereo.cas.support.saml.SamlException) BasicCredential(org.opensaml.security.credential.BasicCredential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) UsageType(org.opensaml.security.credential.UsageType) SAMLOutboundDestinationHandler(org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) Sets(com.google.common.collect.Sets) AbstractCredential(org.opensaml.security.credential.AbstractCredential) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) SAMLObject(org.opensaml.saml.common.SAMLObject) PrivateKey(java.security.PrivateKey) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) EndpointURLSchemeSecurityHandler(org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) MutableCredential(org.opensaml.security.credential.MutableCredential) SAMLOutboundProtocolMessageSigningHandler(org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) Getter(lombok.Getter) DigestUtils(org.apereo.cas.util.DigestUtils) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) SecurityParametersContext(org.opensaml.xmlsec.context.SecurityParametersContext) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) SamlIdPResponseProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) BasicAlgorithmPolicyConfiguration(org.opensaml.xmlsec.impl.BasicAlgorithmPolicyConfiguration) RoleDescriptorCriterion(org.opensaml.saml.criterion.RoleDescriptorCriterion) DefaultSecurityConfigurationBootstrap(org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap) Credential(org.opensaml.security.credential.Credential) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor) RegexUtils(org.apereo.cas.util.RegexUtils) CertUtils(org.apereo.cas.util.crypto.CertUtils) SamlIdPMetadataLocator(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) ArrayList(java.util.ArrayList) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) Objects(java.util.Objects) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)

Example 19 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlProfileSamlAssertionBuilder method build.

@Override
public Assertion build(final SamlProfileBuilderContext context) throws Exception {
    val statements = new ArrayList<Statement>();
    val authnStatement = this.samlProfileSamlAuthNStatementBuilder.build(context);
    statements.add(authnStatement);
    val attrStatement = this.samlProfileSamlAttributeStatementBuilder.build(context);
    if (!attrStatement.getAttributes().isEmpty() || !attrStatement.getEncryptedAttributes().isEmpty()) {
        statements.add(attrStatement);
    }
    val issuerId = FunctionUtils.doIf(StringUtils.isNotBlank(context.getRegisteredService().getIssuerEntityId()), context.getRegisteredService()::getIssuerEntityId, Unchecked.supplier(() -> {
        val criteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(context.getRegisteredService()));
        LOGGER.trace("Resolving entity id from SAML2 IdP metadata to determine issuer for [{}]", context.getRegisteredService().getName());
        val entityDescriptor = Objects.requireNonNull(samlIdPMetadataResolver.resolveSingle(criteriaSet));
        return entityDescriptor.getEntityID();
    })).get();
    val id = '_' + String.valueOf(RandomUtils.nextLong());
    val assertion = newAssertion(statements, issuerId, ZonedDateTime.now(ZoneOffset.UTC), id);
    assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(context));
    assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(context));
    signAssertion(assertion, context);
    return assertion;
}
Also used : lombok.val(lombok.val) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) ArrayList(java.util.ArrayList) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)

Example 20 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlRegisteredServiceCacheKeyTests method verifyCacheKeyNoEntityIdCriteria.

@Test
public void verifyCacheKeyNoEntityIdCriteria() {
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    val service = new SamlRegisteredService();
    service.setName("Example");
    service.setId(1000);
    service.setServiceId(".+");
    service.setMetadataLocation("https://mdq.something.net/entities/{0}");
    val results = new SamlRegisteredServiceCacheKey(service, criteriaSet);
    assertNotNull(results.getId());
    assertEquals(service.getServiceId(), results.getCacheKey());
}
Also used : lombok.val(lombok.val) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) Test(org.junit.jupiter.api.Test)

Aggregations

CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)68 lombok.val (lombok.val)44 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)40 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)28 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)18 Test (org.junit.jupiter.api.Test)16 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)11 SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)10 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)10 ArrayList (java.util.ArrayList)9 SignatureSigningConfigurationCriterion (org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)9 MetadataResolver (org.opensaml.saml.metadata.resolver.MetadataResolver)8 SAMLMetadataSignatureSigningParametersResolver (org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)8 SneakyThrows (lombok.SneakyThrows)7 StringUtils (org.apache.commons.lang3.StringUtils)7 SignatureSigningParameters (org.opensaml.xmlsec.SignatureSigningParameters)7 FileSystemResource (org.springframework.core.io.FileSystemResource)7 SamlException (org.apereo.cas.support.saml.SamlException)6 EvaluableEntityRoleEntityDescriptorCriterion (org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion)6 Credential (org.opensaml.security.credential.Credential)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial