Example 1 with BaseSAML2BindingBuilder
use of org.keycloak.saml.BaseSAML2BindingBuilder in project keycloak by keycloak.
the class AbstractInitiateLogin method challenge.
@Override
public boolean challenge(HttpFacade httpFacade) {
try {
SAML2AuthnRequestBuilder authnRequestBuilder = buildSaml2AuthnRequestBuilder(deployment);
BaseSAML2BindingBuilder binding = createSaml2Binding(deployment);
sessionStore.saveRequest();
sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
} catch (Exception e) {
throw new RuntimeException("Could not create authentication request.", e);
}
return true;
}
Also used :
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
SAML2AuthnRequestBuilder(org.keycloak.saml.SAML2AuthnRequestBuilder)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
IOException(java.io.IOException)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
Example 2 with BaseSAML2BindingBuilder
use of org.keycloak.saml.BaseSAML2BindingBuilder in project keycloak by keycloak.
the class WebBrowserSsoAuthenticationHandler method globalLogout.
private AuthOutcome globalLogout() {
SamlSession account = sessionStore.getAccount();
if (account == null) {
return AuthOutcome.NOT_ATTEMPTED;
}
SAML2LogoutRequestBuilder logoutBuilder = new SAML2LogoutRequestBuilder().assertionExpiration(30).issuer(deployment.getEntityID()).sessionIndex(account.getSessionIndex()).nameId(account.getPrincipal().getNameID()).destination(deployment.getIDP().getSingleLogoutService().getRequestBindingUrl());
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
if (deployment.getIDP().getSingleLogoutService().signRequest()) {
if (deployment.getSignatureCanonicalizationMethod() != null)
binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
binding.signatureAlgorithm(deployment.getSignatureAlgorithm());
binding.signWith(null, deployment.getSigningKeyPair()).signDocument();
// TODO: As part of KEYCLOAK-3810, add KeyID to the SAML document
// <related DocumentBuilder>.addExtension(new KeycloakKeySamlExtensionGenerator(<key ID>));
}
binding.relayState("logout");
try {
SamlUtil.sendSaml(true, facade, deployment.getIDP().getSingleLogoutService().getRequestBindingUrl(), binding, logoutBuilder.buildDocument(), deployment.getIDP().getSingleLogoutService().getRequestBinding());
sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_OUT);
} catch (Exception e) {
log.error("Could not send global logout SAML request", e);
return AuthOutcome.FAILED;
}
return AuthOutcome.NOT_ATTEMPTED;
}
Also used :
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
SAML2LogoutRequestBuilder(org.keycloak.saml.SAML2LogoutRequestBuilder)
SamlSession(org.keycloak.adapters.saml.SamlSession)
Example 3 with BaseSAML2BindingBuilder
use of org.keycloak.saml.BaseSAML2BindingBuilder in project keycloak by keycloak.
the class AbstractSamlAuthenticationHandler method createChallenge.
protected AbstractInitiateLogin createChallenge() {
return new AbstractInitiateLogin(deployment, sessionStore) {
@Override
protected void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException {
if (isAutodetectedBearerOnly(httpFacade.getRequest())) {
httpFacade.getResponse().setStatus(401);
httpFacade.getResponse().end();
} else {
Document document = authnRequestBuilder.toDocument();
SamlDeployment.Binding samlBinding = deployment.getIDP().getSingleSignOnService().getRequestBinding();
SamlUtil.sendSaml(true, httpFacade, deployment.getIDP().getSingleSignOnService().getRequestBindingUrl(), binding, document, samlBinding);
}
}
};
}
Also used :
AbstractInitiateLogin(org.keycloak.adapters.saml.AbstractInitiateLogin)
HttpFacade(org.keycloak.adapters.spi.HttpFacade)
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
Document(org.w3c.dom.Document)
SAML2AuthnRequestBuilder(org.keycloak.saml.SAML2AuthnRequestBuilder)
Example 4 with BaseSAML2BindingBuilder
use of org.keycloak.saml.BaseSAML2BindingBuilder in project keycloak by keycloak.
the class EcpAuthenticationHandler method createChallenge.
@Override
protected AbstractInitiateLogin createChallenge() {
return new AbstractInitiateLogin(deployment, sessionStore) {
@Override
protected void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) {
try {
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage message = messageFactory.createMessage();
SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
envelope.addNamespaceDeclaration(NS_PREFIX_SAML_ASSERTION, JBossSAMLURIConstants.ASSERTION_NSURI.get());
envelope.addNamespaceDeclaration(NS_PREFIX_SAML_PROTOCOL, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
envelope.addNamespaceDeclaration(NS_PREFIX_PAOS_BINDING, JBossSAMLURIConstants.PAOS_BINDING.get());
envelope.addNamespaceDeclaration(NS_PREFIX_PROFILE_ECP, JBossSAMLURIConstants.ECP_PROFILE.get());
createPaosRequestHeader(envelope);
createEcpRequestHeader(envelope);
SOAPBody body = envelope.getBody();
body.addDocument(binding.postBinding(authnRequestBuilder.toDocument()).getDocument());
message.writeTo(httpFacade.getResponse().getOutputStream());
} catch (Exception e) {
throw new RuntimeException("Could not create AuthnRequest.", e);
}
}
private void createEcpRequestHeader(SOAPEnvelope envelope) throws SOAPException {
SOAPHeader headers = envelope.getHeader();
SOAPHeaderElement ecpRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PROFILE_ECP));
ecpRequestHeader.setMustUnderstand(true);
ecpRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next");
ecpRequestHeader.addAttribute(envelope.createName("ProviderName"), deployment.getEntityID());
ecpRequestHeader.addAttribute(envelope.createName("IsPassive"), "0");
ecpRequestHeader.addChildElement(envelope.createQName("Issuer", "saml")).setValue(deployment.getEntityID());
ecpRequestHeader.addChildElement(envelope.createQName("IDPList", "samlp")).addChildElement(envelope.createQName("IDPEntry", "samlp")).addAttribute(envelope.createName("ProviderID"), deployment.getIDP().getEntityID()).addAttribute(envelope.createName("Name"), deployment.getIDP().getEntityID()).addAttribute(envelope.createName("Loc"), deployment.getIDP().getSingleSignOnService().getRequestBindingUrl());
}
private void createPaosRequestHeader(SOAPEnvelope envelope) throws SOAPException {
SOAPHeader headers = envelope.getHeader();
SOAPHeaderElement paosRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PAOS_BINDING));
paosRequestHeader.setMustUnderstand(true);
paosRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next");
paosRequestHeader.addAttribute(envelope.createName("service"), JBossSAMLURIConstants.ECP_PROFILE.get());
paosRequestHeader.addAttribute(envelope.createName("responseConsumerURL"), getResponseConsumerUrl());
}
private String getResponseConsumerUrl() {
return (deployment.getIDP() == null || deployment.getIDP().getSingleSignOnService() == null || deployment.getIDP().getSingleSignOnService().getAssertionConsumerServiceUrl() == null) ? null : deployment.getIDP().getSingleSignOnService().getAssertionConsumerServiceUrl().toString();
}
};
}
Also used :
SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement)
SOAPBody(javax.xml.soap.SOAPBody)
MessageFactory(javax.xml.soap.MessageFactory)
AbstractInitiateLogin(org.keycloak.adapters.saml.AbstractInitiateLogin)
HttpFacade(org.keycloak.adapters.spi.HttpFacade)
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
SOAPEnvelope(javax.xml.soap.SOAPEnvelope)
SAML2AuthnRequestBuilder(org.keycloak.saml.SAML2AuthnRequestBuilder)
SOAPMessage(javax.xml.soap.SOAPMessage)
SOAPException(javax.xml.soap.SOAPException)
SOAPHeader(javax.xml.soap.SOAPHeader)
Example 5 with BaseSAML2BindingBuilder
use of org.keycloak.saml.BaseSAML2BindingBuilder in project keycloak by keycloak.
the class BrokerTest method signAndAddCustomNamespaceElementToSignature.
private static void signAndAddCustomNamespaceElementToSignature(Document doc) {
doc.getDocumentElement().setAttribute("xmlns:" + XMLNS_VETINARI, NS_VETINARI);
BaseSAML2BindingBuilder<BaseSAML2BindingBuilder> sb = new BaseSAML2BindingBuilder();
try {
KeyPair keyPair = new KeyPair(SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY_PK, SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY_PK);
sb.signWith("kn", keyPair).signatureAlgorithm(RSA_SHA1).signAssertions().signAssertion(doc);
} catch (ProcessingException ex) {
throw new RuntimeException(ex);
}
// KeyInfo has lax and can contain custom elements, see https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfo
Element el = findFirstElement(doc, XmlDSigQNames.KEY_INFO);
appendNewElement(el, new QName(NS_VETINARI, "Patrician"), XMLNS_VETINARI);
}
Also used :
KeyPair(java.security.KeyPair)
HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
Aggregations
BaseSAML2BindingBuilder (org.keycloak.saml.BaseSAML2BindingBuilder)9
SAML2AuthnRequestBuilder (org.keycloak.saml.SAML2AuthnRequestBuilder)3
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)3
IOException (java.io.IOException)2
KeyPair (java.security.KeyPair)2
AbstractInitiateLogin (org.keycloak.adapters.saml.AbstractInitiateLogin)2
HttpFacade (org.keycloak.adapters.spi.HttpFacade)2
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)2
Document (org.w3c.dom.Document)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
QName (javax.xml.namespace.QName)1
MessageFactory (javax.xml.soap.MessageFactory)1
SOAPBody (javax.xml.soap.SOAPBody)1
SOAPEnvelope (javax.xml.soap.SOAPEnvelope)1
SOAPException (javax.xml.soap.SOAPException)1
SOAPHeader (javax.xml.soap.SOAPHeader)1
SOAPHeaderElement (javax.xml.soap.SOAPHeaderElement)1
