Search in sources :

Example 11 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class IdpHandler method checkForAssertionInHttpHeader.

private HandlerResult checkForAssertionInHttpHeader(ServletRequest request) {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String authHeader = ((HttpServletRequest) request).getHeader(SecurityConstants.SAML_HEADER_NAME);
    HandlerResult handlerResult = new HandlerResultImpl();
    // check for full SAML assertions coming in (federated requests, etc.)
    if (authHeader != null) {
        String[] tokenizedAuthHeader = authHeader.split(" ");
        if (tokenizedAuthHeader.length == 2 && tokenizedAuthHeader[0].equals("SAML") && samlSecurity != null) {
            String encodedSamlAssertion = tokenizedAuthHeader[1];
            LOGGER.trace("Header retrieved");
            try {
                String tokenString = samlSecurity.inflateBase64(encodedSamlAssertion);
                LOGGER.trace("Header value: {}", LogSanitizer.sanitize(tokenString));
                SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
                simplePrincipalCollection.add(new SecurityAssertionSaml(SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(tokenString)), "default");
                SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, request.getRemoteAddr());
                handlerResult.setToken(samlToken);
                handlerResult.setStatus(HandlerResult.Status.COMPLETED);
            } catch (IOException e) {
                LOGGER.info("Unexpected error converting header value to string", e);
            }
            return handlerResult;
        }
    }
    // Check for legacy SAML cookie
    Map<String, Cookie> cookies = HttpUtils.getCookieMap(httpRequest);
    Cookie samlCookie = cookies.get(SecurityConstants.SAML_COOKIE_NAME);
    if (samlCookie != null && samlSecurity != null) {
        String cookieValue = samlCookie.getValue();
        LOGGER.trace("Cookie retrieved");
        try {
            String tokenString = samlSecurity.inflateBase64(cookieValue);
            LOGGER.trace("Cookie value: {}", LogSanitizer.sanitize(tokenString));
            Element thisToken = StaxUtils.read(new StringReader(tokenString)).getDocumentElement();
            SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
            simplePrincipalCollection.add(new SecurityAssertionSaml(thisToken), "default");
            SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, simplePrincipalCollection, request.getRemoteAddr());
            handlerResult.setToken(samlToken);
            handlerResult.setStatus(HandlerResult.Status.COMPLETED);
        } catch (IOException e) {
            LOGGER.info("Unexpected error converting cookie value to string - proceeding without SAML token.", e);
        } catch (XMLStreamException e) {
            LOGGER.info("Unexpected error converting XML string to element - proceeding without SAML token.", e);
        }
        return handlerResult;
    }
    return null;
}
Also used : Cookie(javax.servlet.http.Cookie) HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl) Element(org.w3c.dom.Element) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) IOException(java.io.IOException) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) XMLStreamException(javax.xml.stream.XMLStreamException) StringReader(java.io.StringReader) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml)

Aggregations

SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)11 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)10 SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)9 Element (org.w3c.dom.Element)9 Test (org.junit.Test)8 Assertion (org.opensaml.saml.saml2.core.Assertion)6 DateTime (org.joda.time.DateTime)5 IOException (java.io.IOException)2 X509Certificate (java.security.cert.X509Certificate)2 Cookie (javax.servlet.http.Cookie)2 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2 StringReader (java.io.StringReader)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)1 AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)1 AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)1 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)1