Examples with SamlException org.apereo.cas.support.saml.SamlException used on opensource projects

Search in sources :

Example 1 with SamlException

use of org.apereo.cas.support.saml.SamlException in project cas by apereo.

the class AbstractSamlProfileHandlerController method decodeSamlContextFromHttpRequest.

/**
     * Decode authentication request saml object.
     *
     * @param request the request
     * @param decoder the decoder
     * @param clazz   the clazz
     * @return the saml object
     */
protected Pair<? extends SignableSAMLObject, MessageContext> decodeSamlContextFromHttpRequest(final HttpServletRequest request, final BaseHttpServletRequestXMLMessageDecoder decoder, final Class<? extends SignableSAMLObject> clazz) {
    LOGGER.info("Received SAML profile request [{}]", request.getRequestURI());
    try {
        decoder.setHttpServletRequest(request);
        decoder.setParserPool(this.parserPool);
        decoder.initialize();
        decoder.decode();
        final MessageContext messageContext = decoder.getMessageContext();
        final SignableSAMLObject object = (SignableSAMLObject) messageContext.getMessage();
        if (object == null) {
            throw new SAMLException("No " + clazz.getName() + " could be found in this request context. Decoder has failed.");
        }
        if (!clazz.isAssignableFrom(object.getClass())) {
            throw new ClassCastException("SAML object [" + object.getClass().getName() + " type does not match " + clazz);
        }
        LOGGER.debug("Decoded SAML object [{}] from http request", object.getElementQName());
        return Pair.of(object, messageContext);
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) MessageContext(org.opensaml.messaging.context.MessageContext) SAMLException(org.opensaml.saml.common.SAMLException) SamlException(org.apereo.cas.support.saml.SamlException) SAMLException(org.opensaml.saml.common.SAMLException) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)

Example 2 with SamlException

use of org.apereo.cas.support.saml.SamlException in project cas by apereo.

the class SamlProfileSamlSoap11ResponseBuilder method encode.

@Override
protected Envelope encode(final SamlRegisteredService service, final Envelope envelope, final HttpServletResponse httpResponse, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState) throws SamlException {
    try {
        final MessageContext result = new MessageContext();
        final SOAP11Context ctx = result.getSubcontext(SOAP11Context.class, true);
        ctx.setEnvelope(envelope);
        final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
        encoder.setHttpServletResponse(httpResponse);
        encoder.setMessageContext(result);
        encoder.initialize();
        encoder.encode();
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
    return envelope;
}
Also used : SOAP11Context(org.opensaml.soap.messaging.context.SOAP11Context) HTTPSOAP11Encoder(org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder) MessageContext(org.opensaml.messaging.context.MessageContext) SamlException(org.apereo.cas.support.saml.SamlException)

Example 3 with SamlException

use of org.apereo.cas.support.saml.SamlException in project cas by apereo.

the class BaseSamlObjectSigner method encode.

/**
     * Encode a given saml object by invoking a number of outbound security handlers on the context.
     *
     * @param <T>        the type parameter
     * @param samlObject the saml object
     * @param service    the service
     * @param adaptor    the adaptor
     * @param response   the response
     * @param request    the request
     * @return the t
     * @throws SamlException the saml exception
     */
public <T extends SAMLObject> T encode(final T samlObject, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletResponse response, final HttpServletRequest request) throws SamlException {
    try {
        LOGGER.debug("Attempting to encode [{}] for [{}]", samlObject.getClass().getName(), adaptor.getEntityId());
        final MessageContext<T> outboundContext = new MessageContext<>();
        prepareOutboundContext(samlObject, adaptor, outboundContext);
        prepareSecurityParametersContext(adaptor, outboundContext);
        prepareEndpointURLSchemeSecurityHandler(outboundContext);
        prepareSamlOutboundDestinationHandler(outboundContext);
        prepareSamlOutboundProtocolMessageSigningHandler(outboundContext);
        return samlObject;
    } catch (final Exception e) {
        throw new SamlException(e.getMessage(), e);
    }
}
Also used : SamlException(org.apereo.cas.support.saml.SamlException) MessageContext(org.opensaml.messaging.context.MessageContext) SamlException(org.apereo.cas.support.saml.SamlException) SAMLException(org.opensaml.saml.common.SAMLException)

Example 4 with SamlException

use of org.apereo.cas.support.saml.SamlException in project cas by apereo.

the class SamlIdPObjectEncrypter method handleEncryptionFailure.

private static void handleEncryptionFailure(final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    val entityId = adaptor.getEntityId();
    if (!service.isEncryptionOptional()) {
        throw new SamlException("Unable to encrypt assertion for " + entityId);
    }
    LOGGER.debug("Skipping to encrypt; No encrypter can be determined and encryption is optional for [{}]", entityId);
}
Also used : lombok.val(lombok.val) SamlException(org.apereo.cas.support.saml.SamlException)

Example 5 with SamlException

use of org.apereo.cas.support.saml.SamlException in project cas by apereo.

the class SamlIdPObjectEncrypter method configureKeyEncryptionCredential.

/**
 * Gets key encryption credential.
 *
 * @param peerEntityId            the peer entity id
 * @param adaptor                 the adaptor
 * @param service                 the service
 * @param encryptionConfiguration the encryption configuration
 * @return the key encryption credential
 * @throws Exception the exception
 */
protected Credential configureKeyEncryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicEncryptionConfiguration encryptionConfiguration) throws Exception {
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val providers = new ArrayList<KeyInfoProvider>(5);
    providers.add(new RSAKeyValueProvider());
    providers.add(new DSAKeyValueProvider());
    providers.add(new InlineX509DataProvider());
    providers.add(new DEREncodedKeyValueProvider());
    providers.add(new KeyInfoReferenceProvider());
    val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
    mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new EncryptionConfigurationCriterion(encryptionConfiguration));
    criteriaSet.add(new EntityIdCriterion(peerEntityId));
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.debug("Attempting to resolve the encryption key for entity id [{}]", peerEntityId);
    val credential = mdCredentialResolver.resolveSingle(criteriaSet);
    if (credential == null || credential.getPublicKey() == null) {
        if (service.isEncryptionOptional()) {
            LOGGER.warn("Unable to resolve the encryption [public] key for entity id [{}]", peerEntityId);
            return null;
        }
        throw new SamlException("Unable to resolve the encryption [public] key for entity id " + peerEntityId);
    }
    val encodedKey = EncodingUtils.encodeBase64(credential.getPublicKey().getEncoded());
    LOGGER.debug("Found encryption public key: [{}]", encodedKey);
    encryptionConfiguration.setKeyTransportEncryptionCredentials(CollectionUtils.wrapList(credential));
    return credential;
}
Also used : lombok.val(lombok.val) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) RSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) EncryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.EncryptionConfigurationCriterion) ArrayList(java.util.ArrayList) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SamlException(org.apereo.cas.support.saml.SamlException) InlineX509DataProvider(org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider) KeyInfoReferenceProvider(org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) BasicProviderKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) DSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider) DEREncodedKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)

Aggregations

SamlException (org.apereo.cas.support.saml.SamlException)21 lombok.val (lombok.val)10 ArrayList (java.util.ArrayList)5 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)5 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)4 MessageContext (org.opensaml.messaging.context.MessageContext)4 Synchronized (lombok.Synchronized)3 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)3 SAMLException (org.opensaml.saml.common.SAMLException)3 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)3 ChainingMetadataResolver (org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)3 SneakyThrows (lombok.SneakyThrows)2 Slf4j (lombok.extern.slf4j.Slf4j)2 HttpResponse (org.apache.http.HttpResponse)2 OpenSamlConfigBean (org.apereo.cas.support.saml.OpenSamlConfigBean)2 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)2 MetadataResolver (org.opensaml.saml.metadata.resolver.MetadataResolver)2 SAML2HTTPRedirectDeflateSignatureSecurityHandler (org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler)2 SAMLSignatureProfileValidator (org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)2 Credential (org.opensaml.security.credential.Credential)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial