Example 11 with SamlException
use of org.apereo.cas.support.saml.SamlException in project cas by apereo.
the class SamlObjectSignatureValidator method validateSignatureOnProfileRequest.
private void validateSignatureOnProfileRequest(final RequestAbstractType profileRequest, final Signature signature, final RoleDescriptorResolver roleDescriptorResolver) throws Exception {
final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
LOGGER.debug("Validating profile signature for [{}] via [{}]...", profileRequest.getIssuer(), validator.getClass().getSimpleName());
validator.validate(signature);
LOGGER.debug("Successfully validated profile signature for [{}].", profileRequest.getIssuer());
final Credential credential = getSigningCredential(roleDescriptorResolver, profileRequest);
if (credential == null) {
throw new SamlException("Signing credential for validation could not be resolved");
}
LOGGER.debug("Validating signature using credentials for [{}]", credential.getEntityId());
SignatureValidator.validate(signature, credential);
LOGGER.info("Successfully validated the request signature.");
}
Also used :
Credential(org.opensaml.security.credential.Credential)
SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 12 with SamlException
use of org.apereo.cas.support.saml.SamlException in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method encode.
@Override
protected Response encode(final SamlRegisteredService service, final Response samlResponse, final HttpServletResponse httpResponse, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState) throws SamlException {
try {
final HTTPPostEncoder encoder = new HTTPPostEncoder();
encoder.setHttpServletResponse(httpResponse);
encoder.setVelocityEngine(this.velocityEngineFactory.createVelocityEngine());
final MessageContext outboundMessageContext = new MessageContext<>();
SamlIdPUtils.preparePeerEntitySamlEndpointContext(outboundMessageContext, adaptor);
outboundMessageContext.setMessage(samlResponse);
SAMLBindingSupport.setRelayState(outboundMessageContext, relayState);
encoder.setMessageContext(outboundMessageContext);
encoder.initialize();
encoder.encode();
return samlResponse;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
HTTPPostEncoder(org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 13 with SamlException
use of org.apereo.cas.support.saml.SamlException in project cas by apereo.
the class ChainingMetadataResolverCacheLoader method load.
@Override
public ChainingMetadataResolver load(final SamlRegisteredService service) throws Exception {
try {
final ChainingMetadataResolver metadataResolver = new ChainingMetadataResolver();
final List<MetadataResolver> metadataResolvers = new ArrayList<>();
if (isDynamicMetadataQueryConfigured(service)) {
resolveMetadataDynamically(service, metadataResolvers);
} else {
resolveMetadataFromResource(service, metadataResolvers);
}
if (metadataResolvers.isEmpty()) {
throw new SamlException("No metadata resolvers could be configured for service " + service.getName() + " with metadata location " + service.getMetadataLocation());
}
synchronized (this.lock) {
metadataResolver.setId(ChainingMetadataResolver.class.getCanonicalName());
metadataResolver.setResolvers(metadataResolvers);
metadataResolver.initialize();
}
return metadataResolver;
} catch (final Exception e) {
throw new SamlException(e.getMessage(), e);
}
}
Also used :
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
ArrayList(java.util.ArrayList)
SamlException(org.apereo.cas.support.saml.SamlException)
FunctionDrivenDynamicHTTPMetadataResolver(org.opensaml.saml.metadata.resolver.impl.FunctionDrivenDynamicHTTPMetadataResolver)
LocalDynamicMetadataResolver(org.opensaml.saml.metadata.resolver.impl.LocalDynamicMetadataResolver)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
ResourceBackedMetadataResolver(org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver)
AbstractMetadataResolver(org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver)
FileBackedHTTPMetadataResolver(org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver)
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
DOMMetadataResolver(org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 14 with SamlException
use of org.apereo.cas.support.saml.SamlException in project cas by apereo.
the class BaseWSFederationRequestController method constructServiceUrl.
/**
* Construct service url string.
*
* @param request the request
* @param response the response
* @param wsfedRequest the ws federation request
* @return the service url
*/
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response, final WSFederationRequest wsfedRequest) {
try {
final URIBuilder builder = new URIBuilder(this.callbackService.getId());
builder.addParameter(WSFederationConstants.WA, wsfedRequest.getWa());
builder.addParameter(WSFederationConstants.WREPLY, wsfedRequest.getWreply());
builder.addParameter(WSFederationConstants.WTREALM, wsfedRequest.getWtrealm());
if (StringUtils.isNotBlank(wsfedRequest.getWctx())) {
builder.addParameter(WSFederationConstants.WCTX, wsfedRequest.getWctx());
}
if (StringUtils.isNotBlank(wsfedRequest.getWfresh())) {
builder.addParameter(WSFederationConstants.WREFRESH, wsfedRequest.getWfresh());
}
if (StringUtils.isNotBlank(wsfedRequest.getWhr())) {
builder.addParameter(WSFederationConstants.WHR, wsfedRequest.getWhr());
}
if (StringUtils.isNotBlank(wsfedRequest.getWreq())) {
builder.addParameter(WSFederationConstants.WREQ, wsfedRequest.getWreq());
}
final URI url = builder.build();
LOGGER.debug("Built service callback url [{}]", url);
return org.jasig.cas.client.util.CommonUtils.constructServiceUrl(request, response, url.toString(), casProperties.getServer().getName(), CasProtocolConstants.PARAMETER_SERVICE, CasProtocolConstants.PARAMETER_TICKET, false);
} catch (final Exception e) {
throw new SamlException(e.getMessage(), e);
}
}
Also used :
SamlException(org.apereo.cas.support.saml.SamlException)
URI(java.net.URI)
SamlException(org.apereo.cas.support.saml.SamlException)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
URIBuilder(org.apache.http.client.utils.URIBuilder)
Aggregations
SamlException (org.apereo.cas.support.saml.SamlException)14
MessageContext (org.opensaml.messaging.context.MessageContext)5
SAMLException (org.opensaml.saml.common.SAMLException)4
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)3
Credential (org.opensaml.security.credential.Credential)3
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2
StringWriter (java.io.StringWriter)1
URI (java.net.URI)1
ArrayList (java.util.ArrayList)1
IdPAttribute (net.shibboleth.idp.attribute.IdPAttribute)1
StringAttributeValue (net.shibboleth.idp.attribute.StringAttributeValue)1
SAML2StringNameIDEncoder (net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder)1
URLBuilder (net.shibboleth.utilities.java.support.net.URLBuilder)1
URIBuilder (org.apache.http.client.utils.URIBuilder)1
AttributePrincipal (org.jasig.cas.client.authentication.AttributePrincipal)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
SignableSAMLObject (org.opensaml.saml.common.SignableSAMLObject)1
SAMLPeerEntityContext (org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)1
SAMLProtocolContext (org.opensaml.saml.common.messaging.context.SAMLProtocolContext)1
EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1
