Search in sources :

Example 1 with OpenSamlConfigBean

use of org.apereo.cas.support.saml.OpenSamlConfigBean in project cas by apereo.

the class SamlMetadataUIConfiguration method configureAdapter.

private MetadataResolverAdapter configureAdapter(final AbstractMetadataResolverAdapter adapter) {
    final Map<Resource, MetadataFilterChain> resources = new HashMap<>();
    final MetadataFilterChain chain = new MetadataFilterChain();
    casProperties.getSamlMetadataUi().getResources().forEach(Unchecked.consumer(r -> configureResource(resources, chain, r)));
    adapter.setRequireValidMetadata(casProperties.getSamlMetadataUi().isRequireValidMetadata());
    adapter.setMetadataResources(resources);
    adapter.setConfigBean(openSamlConfigBean);
    return adapter;
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) Arrays(java.util.Arrays) SignatureValidationFilter(org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter) StaticMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) FlowBuilderServices(org.springframework.webflow.engine.builder.support.FlowBuilderServices) StringUtils(org.apache.commons.lang3.StringUtils) RequiredValidUntilFilter(org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter) ArrayList(java.util.ArrayList) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) SamlUtils(org.apereo.cas.support.saml.SamlUtils) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) Qualifier(org.springframework.beans.factory.annotation.Qualifier) Splitter(com.google.common.base.Splitter) ServiceFactory(org.apereo.cas.authentication.principal.ServiceFactory) MetadataFilter(org.opensaml.saml.metadata.resolver.filter.MetadataFilter) ServicesManager(org.apereo.cas.services.ServicesManager) Resource(org.springframework.core.io.Resource) MetadataFilterChain(org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain) AbstractMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter) MetadataResolverAdapter(org.apereo.cas.support.saml.mdui.MetadataResolverAdapter) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ResourceUtils(org.apereo.cas.util.ResourceUtils) Unchecked(org.jooq.lambda.Unchecked) ResourceLoader(org.springframework.core.io.ResourceLoader) FlowDefinitionRegistry(org.springframework.webflow.definition.registry.FlowDefinitionRegistry) ChainingMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter) ApplicationContext(org.springframework.context.ApplicationContext) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Configuration(org.springframework.context.annotation.Configuration) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) DynamicMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter) Bean(org.springframework.context.annotation.Bean) HashMap(java.util.HashMap) Resource(org.springframework.core.io.Resource) MetadataFilterChain(org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain)

Example 2 with OpenSamlConfigBean

use of org.apereo.cas.support.saml.OpenSamlConfigBean in project cas by apereo.

the class SamlIdPMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
    val context = new JEEContext(request, response);
    val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
    val mappings = getAuthenticationContextMappings();
    return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
        val clazz = ref.getURI();
        return mappings.containsKey(clazz);
    }).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
        val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
        return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
    });
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider) MultifactorAuthenticationTrigger(org.apereo.cas.authentication.MultifactorAuthenticationTrigger) StringUtils(org.apache.commons.lang3.StringUtils) SessionStore(org.pac4j.core.context.session.SessionStore) ApplicationContext(org.springframework.context.ApplicationContext) RegisteredService(org.apereo.cas.services.RegisteredService) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) HttpRequestUtils(org.apereo.cas.util.HttpRequestUtils) Objects(java.util.Objects) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Service(org.apereo.cas.authentication.principal.Service) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) Optional(java.util.Optional) MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils) JEEContext(org.pac4j.core.context.JEEContext) JEEContext(org.pac4j.core.context.JEEContext) Objects(java.util.Objects)

Example 3 with OpenSamlConfigBean

use of org.apereo.cas.support.saml.OpenSamlConfigBean in project cas by apereo.

the class BaseSamlRegisteredServiceAttributeReleasePolicy method getEntityIdFromRequest.

/**
 * Gets entity id from request.
 *
 * @param selectedService the selected service
 * @return the entity id from request
 */
protected static String getEntityIdFromRequest(final Service selectedService) {
    val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
    if (request == null || selectedService == null) {
        LOGGER.debug("No http request could be identified to locate the entity id");
        return null;
    }
    LOGGER.debug("Attempting to determine entity id for service [{}]", selectedService);
    val entityIdAttribute = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_ENTITY_ID);
    if (entityIdAttribute != null && !entityIdAttribute.isEmpty()) {
        LOGGER.debug("Found entity id [{}] as a service attribute", entityIdAttribute);
        return CollectionUtils.firstElement(entityIdAttribute).map(Object::toString).orElseThrow();
    }
    val providerIdAttribute = selectedService.getAttributes().get(SamlIdPConstants.PROVIDER_ID);
    if (providerIdAttribute != null && !providerIdAttribute.isEmpty()) {
        LOGGER.debug("Found provider entity id [{}] as a service attribute", providerIdAttribute);
        return CollectionUtils.firstElement(providerIdAttribute).map(Object::toString).orElseThrow();
    }
    val samlRequest = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
    if (samlRequest != null && !samlRequest.isEmpty()) {
        val applicationContext = ApplicationContextProvider.getApplicationContext();
        val resolver = applicationContext.getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class);
        val attributeValue = CollectionUtils.firstElement(samlRequest).map(Object::toString).orElseThrow();
        val openSamlConfigBean = resolver.getOpenSamlConfigBean();
        val authnRequest = SamlIdPUtils.retrieveSamlRequest(openSamlConfigBean, RequestAbstractType.class, attributeValue);
        SamlUtils.logSamlObject(openSamlConfigBean, authnRequest);
        val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
        LOGGER.debug("Found entity id [{}] from SAML request issuer", issuer);
        return issuer;
    }
    val entityId = request.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
    if (StringUtils.isNotBlank(entityId)) {
        LOGGER.debug("Found entity id [{}] as a request parameter", entityId);
        return entityId;
    }
    val svcParam = request.getParameter(CasProtocolConstants.PARAMETER_SERVICE);
    return FunctionUtils.doIf(StringUtils.isNotBlank(svcParam), () -> FunctionUtils.doAndHandle(o -> {
        val builder = new URIBuilder(svcParam);
        return builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).map(NameValuePair::getValue).findFirst().orElse(StringUtils.EMPTY);
    }, throwable -> {
        LoggingUtils.error(LOGGER, throwable);
        return null;
    }).apply(svcParam), () -> null).get();
}
Also used : lombok.val(lombok.val) RegisteredServiceAttributeReleasePolicyContext(org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext) DistributedJEESessionStore(org.apereo.cas.pac4j.DistributedJEESessionStore) SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) SamlUtils(org.apereo.cas.support.saml.SamlUtils) LoggingUtils(org.apereo.cas.util.LoggingUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) JsonIgnore(com.fasterxml.jackson.annotation.JsonIgnore) ApplicationContextProvider(org.apereo.cas.util.spring.ApplicationContextProvider) JEEContext(org.pac4j.core.context.JEEContext) CasProtocolConstants(org.apereo.cas.CasProtocolConstants) URIBuilder(org.apache.http.client.utils.URIBuilder) lombok.val(lombok.val) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) SessionStore(org.pac4j.core.context.session.SessionStore) ApplicationContext(org.springframework.context.ApplicationContext) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) SamlProtocolConstants(org.apereo.cas.support.saml.SamlProtocolConstants) HttpRequestUtils(org.apereo.cas.util.HttpRequestUtils) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) Service(org.apereo.cas.authentication.principal.Service) SamlIdPConstants(org.apereo.cas.support.saml.SamlIdPConstants) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) Optional(java.util.Optional) ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy) NameValuePair(org.apache.http.NameValuePair) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) URIBuilder(org.apache.http.client.utils.URIBuilder)

Example 4 with OpenSamlConfigBean

use of org.apereo.cas.support.saml.OpenSamlConfigBean in project cas by apereo.

the class SamlMetadataUIConfiguration method chainingSamlMetadataUIMetadataResolverAdapter.

@ConditionalOnMissingBean(name = "chainingSamlMetadataUIMetadataResolverAdapter")
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MetadataResolverAdapter chainingSamlMetadataUIMetadataResolverAdapter(final CasConfigurationProperties casProperties, final ConfigurableApplicationContext applicationContext, @Qualifier(OpenSamlConfigBean.DEFAULT_BEAN_NAME) final OpenSamlConfigBean openSamlConfigBean) {
    val staticAdapter = new StaticMetadataResolverAdapter();
    configureAdapter(staticAdapter, applicationContext, casProperties, openSamlConfigBean);
    staticAdapter.buildMetadataResolverAggregate();
    val dynaAdapter = new DynamicMetadataResolverAdapter();
    configureAdapter(dynaAdapter, applicationContext, casProperties, openSamlConfigBean);
    return new ChainingMetadataResolverAdapter(CollectionUtils.wrapSet(staticAdapter, dynaAdapter));
}
Also used : lombok.val(lombok.val) ChainingMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter) DynamicMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter) StaticMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Bean(org.springframework.context.annotation.Bean)

Example 5 with OpenSamlConfigBean

use of org.apereo.cas.support.saml.OpenSamlConfigBean in project cas by apereo.

the class SamlIdPMetadataConfiguration method samlRegisteredServiceMetadataResolvers.

@ConditionalOnMissingBean(name = "samlRegisteredServiceMetadataResolvers")
@Bean
public SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolvers() {
    final DefaultSamlRegisteredServiceMetadataResolutionPlan plan = new DefaultSamlRegisteredServiceMetadataResolutionPlan();
    final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
    plan.registerMetadataResolver(new DynamicMetadataResolver(samlIdp, openSamlConfigBean, httpClient));
    plan.registerMetadataResolver(new FileSystemResourceMetadataResolver(samlIdp, openSamlConfigBean));
    plan.registerMetadataResolver(new UrlResourceMetadataResolver(samlIdp, openSamlConfigBean, httpClient));
    plan.registerMetadataResolver(new ClasspathResourceMetadataResolver(samlIdp, openSamlConfigBean));
    plan.registerMetadataResolver(new GroovyResourceMetadataResolver(samlIdp, openSamlConfigBean));
    final Map<String, SamlRegisteredServiceMetadataResolutionPlanConfigurator> configurers = this.applicationContext.getBeansOfType(SamlRegisteredServiceMetadataResolutionPlanConfigurator.class, false, true);
    configurers.values().forEach(c -> {
        final String name = StringUtils.removePattern(c.getClass().getSimpleName(), "\\$.+");
        LOGGER.debug("Configuring saml metadata resolution plan [{}]", name);
        c.configureMetadataResolutionPlan(plan);
    });
    return plan;
}
Also used : ClasspathResourceMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.ClasspathResourceMetadataResolver) GroovyResourceMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.GroovyResourceMetadataResolver) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) UrlResourceMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver) DefaultSamlRegisteredServiceMetadataResolutionPlan(org.apereo.cas.support.saml.services.idp.metadata.plan.DefaultSamlRegisteredServiceMetadataResolutionPlan) SamlRegisteredServiceMetadataResolutionPlanConfigurator(org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlanConfigurator) FileSystemResourceMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver) DynamicMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.DynamicMetadataResolver) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

OpenSamlConfigBean (org.apereo.cas.support.saml.OpenSamlConfigBean)7 Map (java.util.Map)5 lombok.val (lombok.val)5 StringUtils (org.apache.commons.lang3.StringUtils)5 CollectionUtils (org.apereo.cas.util.CollectionUtils)5 Slf4j (lombok.extern.slf4j.Slf4j)4 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)4 SamlUtils (org.apereo.cas.support.saml.SamlUtils)4 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)4 Bean (org.springframework.context.annotation.Bean)4 HashMap (java.util.HashMap)3 ChainingMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter)3 DynamicMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter)3 StaticMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter)3 ApplicationContext (org.springframework.context.ApplicationContext)3 Splitter (com.google.common.base.Splitter)2 ArrayList (java.util.ArrayList)2 Arrays (java.util.Arrays)2 List (java.util.List)2 Optional (java.util.Optional)2