Examples with SamlAttributeQueryTicketFactory org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory used on opensource projects

Example 1 with SamlAttributeQueryTicketFactory

use of org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method storeAttributeQueryTicketInRegistry.

private void storeAttributeQueryTicketInRegistry(final Assertion assertion, final SamlProfileBuilderContext context) throws Exception {
    val existingQuery = context.getHttpRequest().getAttribute(AttributeQuery.class.getSimpleName());
    if (existingQuery == null) {
        val nameId = (String) context.getHttpRequest().getAttribute(NameID.class.getName());
        val ticketGrantingTicket = CookieUtils.getTicketGrantingTicketFromRequest(getConfigurationContext().getTicketGrantingTicketCookieGenerator(), getConfigurationContext().getTicketRegistry(), context.getHttpRequest());
        val samlAttributeQueryTicketFactory = (SamlAttributeQueryTicketFactory) getConfigurationContext().getTicketFactory().get(SamlAttributeQueryTicket.class);
        val ticket = samlAttributeQueryTicketFactory.create(nameId, assertion, context.getAdaptor().getEntityId(), ticketGrantingTicket);
        getConfigurationContext().getTicketRegistry().addTicket(ticket);
        context.getHttpRequest().setAttribute(SamlAttributeQueryTicket.class.getName(), ticket);
    }
}

Example 2 with SamlAttributeQueryTicketFactory

use of org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory in project cas by apereo.

the class SamlIdPSaml2AttributeQueryProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 * @throws Exception the exception
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SOAP_ATTRIBUTE_QUERY)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    val enabled = configurationContext.getCasProperties().getAuthn().getSamlIdp().getCore().isAttributeQueryProfileEnabled();
    if (!enabled) {
        LOGGER.warn("SAML2 attribute query profile is not enabled");
        response.setStatus(HttpStatus.SC_NOT_IMPLEMENTED);
        return;
    }
    val ctx = decodeSoapRequest(request);
    val query = (AttributeQuery) ctx.getMessage();
    try {
        val issuer = Objects.requireNonNull(query).getIssuer().getValue();
        val registeredService = verifySamlRegisteredService(issuer);
        val adaptor = getSamlMetadataFacadeFor(registeredService, query);
        val facade = adaptor.orElseThrow(() -> new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer));
        verifyAuthenticationContextSignature(ctx, request, query, facade, registeredService);
        val nameIdValue = determineNameIdForQuery(query, registeredService, facade);
        val factory = (SamlAttributeQueryTicketFactory) getConfigurationContext().getTicketFactory().get(SamlAttributeQueryTicket.class);
        val id = factory.createTicketIdFor(nameIdValue, facade.getEntityId());
        LOGGER.debug("Created ticket id for attribute query [{}]", id);
        val ticket = getConfigurationContext().getTicketRegistry().getTicket(id, SamlAttributeQueryTicket.class);
        if (ticket == null || ticket.isExpired()) {
            LOGGER.warn("Attribute query ticket [{}] has either expired, or it is linked to " + "a single sign-on session that is no longer valid and has now expired", id);
            throw new InvalidTicketException(id);
        }
        val authentication = ticket.getAuthentication();
        val principal = resolvePrincipalForAttributeQuery(authentication, registeredService);
        val releasePolicyContext = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(ticket.getService()).principal(principal).build();
        val principalAttributes = registeredService.getAttributeReleasePolicy().getConsentableAttributes(releasePolicyContext);
        LOGGER.debug("Initial consentable principal attributes are [{}]", principalAttributes);
        val authenticationAttributes = getConfigurationContext().getAuthenticationAttributeReleasePolicy().getAuthenticationAttributesForRelease(authentication, null, Map.of(), registeredService);
        val finalAttributes = CollectionUtils.merge(principalAttributes, authenticationAttributes);
        val principalId = registeredService.getUsernameAttributeProvider().resolveUsername(authentication.getPrincipal(), ticket.getService(), registeredService);
        LOGGER.debug("Principal id used for attribute query response should be [{}]", principalId);
        LOGGER.debug("Final attributes to be processed for the SAML2 response are [{}]", finalAttributes);
        val casAssertion = buildCasAssertion(principalId, registeredService, finalAttributes);
        request.setAttribute(AttributeQuery.class.getSimpleName(), query);
        val buildContext = SamlProfileBuilderContext.builder().samlRequest(query).httpRequest(request).httpResponse(response).authenticatedAssertion(casAssertion).registeredService(registeredService).adaptor(facade).binding(SAMLConstants.SAML2_SOAP11_BINDING_URI).messageContext(ctx).build();
        getConfigurationContext().getResponseBuilder().build(buildContext);
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, "Unable to build SOAP response: " + StringUtils.defaultString(e.getMessage()));
        val buildContext = SamlProfileBuilderContext.builder().samlRequest(query).httpRequest(request).httpResponse(response).binding(SAMLConstants.SAML2_SOAP11_BINDING_URI).messageContext(ctx).build();
        getConfigurationContext().getSamlFaultResponseBuilder().build(buildContext);
    }
}