Examples with Binding - org.codice.ddf.security.idp.binding.api.Binding

Example 1 with Binding

use of org.codice.ddf.security.idp.binding.api.Binding in project ddf by codice.

the class IdpEndpoint method processLogin.

@GET
@Path("/login/sso")
public Response processLogin(@QueryParam(SAML_REQ) String samlRequest, @QueryParam(RELAY_STATE) String relayState, @QueryParam(AUTH_METHOD) String authMethod, @QueryParam(SSOConstants.SIG_ALG) String signatureAlgorithm, @QueryParam(SSOConstants.SIGNATURE) String signature, @QueryParam(ORIGINAL_BINDING) String originalBinding, @Context HttpServletRequest request) {
    LOGGER.debug("Processing login request: [ authMethod {} ], [ sigAlg {} ], [ relayState {} ]", authMethod, signatureAlgorithm, relayState);
    try {
        Binding binding;
        String template;
        if (!request.isSecure()) {
            throw new IllegalArgumentException("Authn Request must use TLS.");
        }
        //the authn request is always encoded as if it came in via redirect when coming from the web app
        Binding redirectBinding = new RedirectBinding(systemCrypto, serviceProviders);
        AuthnRequest authnRequest = redirectBinding.decoder().decodeRequest(samlRequest);
        String assertionConsumerServiceBinding = ResponseCreator.getAssertionConsumerServiceBinding(authnRequest, serviceProviders);
        if (HTTP_POST_BINDING.equals(originalBinding)) {
            binding = new PostBinding(systemCrypto, serviceProviders);
            template = submitForm;
        } else if (HTTP_REDIRECT_BINDING.equals(originalBinding)) {
            binding = redirectBinding;
            template = redirectPage;
        } else {
            throw new IdpException(new UnsupportedOperationException("Must use HTTP POST or Redirect bindings."));
        }
        binding.validator().validateAuthnRequest(authnRequest, samlRequest, relayState, signatureAlgorithm, signature, strictSignature);
        if (HTTP_POST_BINDING.equals(assertionConsumerServiceBinding)) {
            if (!(binding instanceof PostBinding)) {
                binding = new PostBinding(systemCrypto, serviceProviders);
            }
        } else if (HTTP_REDIRECT_BINDING.equals(assertionConsumerServiceBinding)) {
            if (!(binding instanceof RedirectBinding)) {
                binding = new RedirectBinding(systemCrypto, serviceProviders);
            }
        }
        org.opensaml.saml.saml2.core.Response encodedSaml = handleLogin(authnRequest, authMethod, request, null, false, false);
        LOGGER.debug("Returning SAML Response for relayState: {}" + relayState);
        NewCookie newCookie = createCookie(request, encodedSaml);
        Response response = binding.creator().getSamlpResponse(relayState, authnRequest, encodedSaml, newCookie, template);
        if (newCookie != null) {
            cookieCache.addActiveSp(newCookie.getValue(), authnRequest.getIssuer().getValue());
            logAddedSp(authnRequest);
        }
        return response;
    } catch (SecurityServiceException e) {
        LOGGER.info("Unable to retrieve subject for user.", e);
        return Response.status(Response.Status.UNAUTHORIZED).build();
    } catch (WSSecurityException e) {
        LOGGER.info("Unable to encode SAMLP response.", e);
    } catch (SimpleSign.SignatureException e) {
        LOGGER.info("Unable to sign SAML response.", e);
    } catch (IllegalArgumentException e) {
        LOGGER.info(e.getMessage(), e);
        return Response.status(Response.Status.BAD_REQUEST).build();
    } catch (ValidationException e) {
        LOGGER.info("AuthnRequest schema validation failed.", e);
        return Response.status(Response.Status.BAD_REQUEST).build();
    } catch (IOException e) {
        LOGGER.info("Unable to create SAML Response.", e);
    } catch (IdpException e) {
        LOGGER.info(e.getMessage(), e);
        return Response.status(Response.Status.BAD_REQUEST).build();
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
}

Also used : RedirectBinding(org.codice.ddf.security.idp.binding.redirect.RedirectBinding) SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding) Binding(org.codice.ddf.security.idp.binding.api.Binding) PostBinding(org.codice.ddf.security.idp.binding.post.PostBinding) RedirectBinding(org.codice.ddf.security.idp.binding.redirect.RedirectBinding) SecurityServiceException(ddf.security.service.SecurityServiceException) ValidationException(ddf.security.samlp.ValidationException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(javax.ws.rs.core.Response) SimpleSign(ddf.security.samlp.SimpleSign) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) PostBinding(org.codice.ddf.security.idp.binding.post.PostBinding) NewCookie(javax.ws.rs.core.NewCookie) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

SimpleSign (ddf.security.samlp.SimpleSign)1 ValidationException (ddf.security.samlp.ValidationException)1 SecurityServiceException (ddf.security.service.SecurityServiceException)1 IOException (java.io.IOException)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 NewCookie (javax.ws.rs.core.NewCookie)1 Response (javax.ws.rs.core.Response)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 Binding (org.codice.ddf.security.idp.binding.api.Binding)1 PostBinding (org.codice.ddf.security.idp.binding.post.PostBinding)1 RedirectBinding (org.codice.ddf.security.idp.binding.redirect.RedirectBinding)1 SoapBinding (org.codice.ddf.security.idp.binding.soap.SoapBinding)1 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)1 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)1