Search in sources :

Example 1 with SAMLProtocolResponseValidator

use of org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator in project syncope by apache.

the class SAML2ReaderWriter method validate.

public SSOValidatorResponse validate(final Response samlResponse, final SAML2IdPEntity idp, final String assertionConsumerURL, final String requestId, final String spEntityID) throws WSSecurityException {
    // validate the SAML response and, if needed, decrypt the provided assertion(s)
    Merlin crypto = new Merlin();
    crypto.setKeyStore(loader.getKeyStore());
    crypto.setTrustStore(idp.getTrustStore());
    SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
    protocolValidator.setKeyInfoMustBeAvailable(true);
    protocolValidator.validateSamlResponse(samlResponse, crypto, callbackHandler);
    SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
    ssoResponseValidator.setAssertionConsumerURL(assertionConsumerURL);
    ssoResponseValidator.setIssuerIDP(idp.getId());
    ssoResponseValidator.setRequestId(requestId);
    ssoResponseValidator.setSpIdentifier(spEntityID);
    SSOValidatorResponse validatorResponse = ssoResponseValidator.validateSamlResponse(samlResponse, idp.getBindingType() == SAML2BindingType.POST);
    if (LOG.isDebugEnabled()) {
        try {
            StringWriter writer = new StringWriter();
            write(writer, samlResponse, false);
            writer.close();
            LOG.debug("SAML response with decrypted assertions: {}", writer.toString());
        } catch (Exception e) {
            LOG.error("Could not log the SAML response with decrypted assertions", e);
        }
    }
    return validatorResponse;
}
Also used : SAMLProtocolResponseValidator(org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator) SAMLSSOResponseValidator(org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator) StringWriter(java.io.StringWriter) Merlin(org.apache.wss4j.common.crypto.Merlin) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) SecurityException(org.opensaml.security.SecurityException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) TransformerException(javax.xml.transform.TransformerException) DataFormatException(java.util.zip.DataFormatException) TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException) IOException(java.io.IOException) SSOValidatorResponse(org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse)

Aggregations

IOException (java.io.IOException)1 StringWriter (java.io.StringWriter)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SignatureException (java.security.SignatureException)1 DataFormatException (java.util.zip.DataFormatException)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 TransformerConfigurationException (javax.xml.transform.TransformerConfigurationException)1 TransformerException (javax.xml.transform.TransformerException)1 SAMLProtocolResponseValidator (org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator)1 SAMLSSOResponseValidator (org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator)1 SSOValidatorResponse (org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse)1 Merlin (org.apache.wss4j.common.crypto.Merlin)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 SecurityException (org.opensaml.security.SecurityException)1