Search in sources :

Example 1 with SamlArtifactTicket

use of org.apereo.cas.ticket.artifact.SamlArtifactTicket in project cas by apereo.

the class CasSamlArtifactMap method put.

@Override
public void put(final String artifact, final String relyingPartyId, final String issuerId, final SAMLObject samlMessage) throws IOException {
    super.put(artifact, relyingPartyId, issuerId, samlMessage);
    final HttpServletRequest request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
    final TicketGrantingTicket ticketGrantingTicket = CookieUtils.getTicketGrantingTicketFromRequest(ticketGrantingTicketCookieGenerator, this.ticketRegistry, request);
    final SamlArtifactTicket ticket = samlArtifactTicketFactory.create(artifact, ticketGrantingTicket.getAuthentication(), ticketGrantingTicket, issuerId, relyingPartyId, samlMessage);
    this.ticketRegistry.addTicket(ticket);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket)

Example 2 with SamlArtifactTicket

use of org.apereo.cas.ticket.artifact.SamlArtifactTicket in project cas by apereo.

the class Saml1ArtifactResolutionProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
    final MessageContext ctx = decodeSoapRequest(request);
    final ArtifactResolve artifactMsg = (ArtifactResolve) ctx.getMessage();
    try {
        final String issuer = artifactMsg.getIssuer().getValue();
        final SamlRegisteredService service = verifySamlRegisteredService(issuer);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, artifactMsg);
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade);
        final String artifactId = artifactMsg.getArtifact().getArtifact();
        final String ticketId = artifactTicketFactory.createTicketIdFor(artifactId);
        final SamlArtifactTicket ticket = this.ticketRegistry.getTicket(ticketId, SamlArtifactTicket.class);
        final Service issuerService = webApplicationServiceFactory.createService(issuer);
        final Assertion casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, service, CollectionUtils.wrap("artifact", ticket));
        this.responseBuilder.build(artifactMsg, request, response, casAssertion, service, facade, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
        samlFaultResponseBuilder.build(artifactMsg, request, response, null, null, null, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    }
}
Also used : ArtifactResolve(org.opensaml.saml.saml2.core.ArtifactResolve) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Assertion(org.jasig.cas.client.validation.Assertion) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Service(org.apereo.cas.authentication.principal.Service) MessageContext(org.opensaml.messaging.context.MessageContext) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 3 with SamlArtifactTicket

use of org.apereo.cas.ticket.artifact.SamlArtifactTicket in project cas by apereo.

the class SamlProfileArtifactResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final org.jasig.cas.client.validation.Assertion castedAssertion = org.jasig.cas.client.validation.Assertion.class.cast(casAssertion);
    final SamlArtifactTicket ticket = (SamlArtifactTicket) castedAssertion.getAttributes().get("artifact");
    final ArtifactResponse artifactResponse = new ArtifactResponseBuilder().buildObject();
    artifactResponse.setIssueInstant(DateTime.now());
    artifactResponse.setIssuer(newIssuer(ticket.getIssuer()));
    artifactResponse.setInResponseTo(ticket.getRelyingPartyId());
    artifactResponse.setID(ticket.getId());
    artifactResponse.setStatus(newStatus(StatusCode.SUCCESS, "Success"));
    final SAMLObject samlResponse = SamlUtils.transformSamlObject(configBean, ticket.getObject(), SAMLObject.class);
    artifactResponse.setMessage(samlResponse);
    final Header header = newSoapObject(Header.class);
    final Body body = newSoapObject(Body.class);
    body.getUnknownXMLObjects().add(artifactResponse);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.configBean, envelope);
    return envelope;
}
Also used : Header(org.opensaml.soap.soap11.Header) SAMLObject(org.opensaml.saml.common.SAMLObject) ArtifactResponse(org.opensaml.saml.saml2.core.ArtifactResponse) ArtifactResponseBuilder(org.opensaml.saml.saml2.core.impl.ArtifactResponseBuilder) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Aggregations

SamlArtifactTicket (org.apereo.cas.ticket.artifact.SamlArtifactTicket)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Service (org.apereo.cas.authentication.principal.Service)1 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)1 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)1 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)1 Assertion (org.jasig.cas.client.validation.Assertion)1 MessageContext (org.opensaml.messaging.context.MessageContext)1 SAMLObject (org.opensaml.saml.common.SAMLObject)1 ArtifactResolve (org.opensaml.saml.saml2.core.ArtifactResolve)1 ArtifactResponse (org.opensaml.saml.saml2.core.ArtifactResponse)1 ArtifactResponseBuilder (org.opensaml.saml.saml2.core.impl.ArtifactResponseBuilder)1 Body (org.opensaml.soap.soap11.Body)1 Envelope (org.opensaml.soap.soap11.Envelope)1 Header (org.opensaml.soap.soap11.Header)1 PostMapping (org.springframework.web.bind.annotation.PostMapping)1