Search in sources :

Example 6 with SAMLProviderMetadata

use of org.apache.cloudstack.saml.SAMLProviderMetadata in project cloudstack by apache.

the class SAML2LogoutAPIAuthenticatorCmd method authenticate.

@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
    auditTrailSb.append("=== SAML SLO Logging out ===");
    LogoutCmdResponse response = new LogoutCmdResponse();
    response.setDescription("success");
    response.setResponseName(getCommandName());
    String responseString = ApiResponseSerializer.toSerializedString(response, responseType);
    if (session == null) {
        try {
            resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
        } catch (IOException ignored) {
            s_logger.info("[ignored] sending redirected failed.", ignored);
        }
        return responseString;
    }
    try {
        DefaultBootstrap.bootstrap();
    } catch (ConfigurationException | FactoryConfigurationError e) {
        s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
        throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
    }
    if (params != null && params.containsKey("SAMLResponse")) {
        try {
            final String samlResponse = ((String[]) params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
            Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse);
            String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
            if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(), "SAML SLO LogoutResponse status is not Success", params, responseType));
            }
        } catch (ConfigurationException | FactoryConfigurationError | ParserConfigurationException | SAXException | IOException | UnmarshallingException e) {
            s_logger.error("SAMLResponse processing error: " + e.getMessage());
        }
        try {
            resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
        } catch (IOException ignored) {
            s_logger.info("[ignored] second redirected sending failed.", ignored);
        }
        return responseString;
    }
    String idpId = (String) session.getAttribute(SAMLPluginConstants.SAML_IDPID);
    SAMLProviderMetadata idpMetadata = _samlAuthManager.getIdPMetadata(idpId);
    String nameId = (String) session.getAttribute(SAMLPluginConstants.SAML_NAMEID);
    if (idpMetadata == null || nameId == null || nameId.isEmpty()) {
        try {
            resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
        } catch (IOException ignored) {
            s_logger.info("[ignored] final redirected failed.", ignored);
        }
        return responseString;
    }
    LogoutRequest logoutRequest = SAMLUtils.buildLogoutRequest(idpMetadata.getSloUrl(), _samlAuthManager.getSPMetadata().getEntityId(), nameId);
    try {
        String redirectUrl = idpMetadata.getSloUrl() + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(logoutRequest);
        resp.sendRedirect(redirectUrl);
    } catch (MarshallingException | IOException e) {
        s_logger.error("SAML SLO error: " + e.getMessage());
        throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "SAML Single Logout Error", params, responseType));
    }
    return responseString;
}
Also used : IOException(java.io.IOException) SAXException(org.xml.sax.SAXException) Response(org.opensaml.saml2.core.Response) LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServerApiException(org.apache.cloudstack.api.ServerApiException) MarshallingException(org.opensaml.xml.io.MarshallingException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) ConfigurationException(org.opensaml.xml.ConfigurationException) LogoutRequest(org.opensaml.saml2.core.LogoutRequest) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata) LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse) FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError) UnmarshallingException(org.opensaml.xml.io.UnmarshallingException)

Aggregations

SAMLProviderMetadata (org.apache.cloudstack.saml.SAMLProviderMetadata)6 ServerApiException (org.apache.cloudstack.api.ServerApiException)4 IOException (java.io.IOException)3 UserAccountVO (com.cloud.user.UserAccountVO)2 Field (java.lang.reflect.Field)2 KeyPair (java.security.KeyPair)2 X509Certificate (java.security.cert.X509Certificate)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2 FactoryConfigurationError (javax.xml.stream.FactoryConfigurationError)2 Test (org.junit.Test)2 Response (org.opensaml.saml2.core.Response)2 ConfigurationException (org.opensaml.xml.ConfigurationException)2 MarshallingException (org.opensaml.xml.io.MarshallingException)2 CloudAuthenticationException (com.cloud.exception.CloudAuthenticationException)1 UserAccount (com.cloud.user.UserAccount)1 StringWriter (java.io.StringWriter)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 DocumentBuilder (javax.xml.parsers.DocumentBuilder)1