Search in sources :

Example 1 with AuthnRequestInfo

use of org.maxkey.authz.saml.common.AuthnRequestInfo in project MaxKey by dromara.

the class AssertionEndpoint method assertion.

@RequestMapping(value = "/authz/saml20/assertion")
public ModelAndView assertion(HttpServletRequest request, HttpServletResponse response) throws Exception {
    logger.debug("saml20 assertion start.");
    bindingAdapter = (BindingAdapter) request.getSession().getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
    logger.debug("saml20 assertion get session samlv20Adapter " + bindingAdapter);
    AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
    logger.debug("saml20Details " + saml20Details.getExtendAttr());
    AuthnRequestInfo authnRequestInfo = bindingAdapter.getAuthnRequestInfo();
    if (authnRequestInfo == null) {
        logger.warn("Could not find AuthnRequest on the request.  Responding with SC_FORBIDDEN.");
        throw new Exception();
    }
    logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
    HashMap<String, String> attributeMap = new HashMap<String, String>();
    attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId());
    // saml20Details
    Response authResponse = authnResponseGenerator.generateAuthnResponse(saml20Details, authnRequestInfo, attributeMap, bindingAdapter);
    Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());
    request.getSession().removeAttribute(AuthnRequestInfo.class.getName());
    // request issuer...
    try {
        bindingAdapter.sendSAMLMessage(authResponse, endpoint, request, response);
    } catch (MessageEncodingException mee) {
        logger.error("Exception encoding SAML message", mee);
        throw new Exception(mee);
    }
    return null;
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(org.opensaml.saml2.core.Response) AppsSAML20Details(org.maxkey.entity.apps.AppsSAML20Details) Endpoint(org.opensaml.saml2.metadata.Endpoint) HashMap(java.util.HashMap) AuthnRequestInfo(org.maxkey.authz.saml.common.AuthnRequestInfo) SigninPrincipal(org.maxkey.authn.SigninPrincipal) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with AuthnRequestInfo

use of org.maxkey.authz.saml.common.AuthnRequestInfo in project MaxKey by dromara.

the class IdpInitEndpoint method authorizeIdpInit.

/**
 * @param request
 * @param response
 * @param appId
 * @return
 * @throws Exception
 */
@Operation(summary = "SAML 2.0 IDP Init接口", description = "传递参数应用ID", method = "GET")
@RequestMapping(value = "/authz/saml20/idpinit/{appid}", method = RequestMethod.GET)
public ModelAndView authorizeIdpInit(HttpServletRequest request, HttpServletResponse response, @PathVariable("appid") String appId) throws Exception {
    logger.debug("SAML IDP init , app id is " + appId);
    AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(appId, true);
    WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
    if (saml20Details == null) {
        logger.error("samlId[" + appId + "] Error .");
        throw new Exception();
    }
    KeyStore trustKeyStore = KeyStoreUtil.bytes2KeyStore(saml20Details.getKeyStore(), keyStoreLoader.getKeyStore().getType(), keyStoreLoader.getKeystorePassword());
    extractRedirectBindingAdapter.setSaml20Detail(saml20Details);
    extractRedirectBindingAdapter.buildSecurityPolicyResolver(trustKeyStore);
    String binding = saml20Details.getBinding();
    if (binding.endsWith("PostSimpleSign")) {
        bindingAdapter = postSimpleSignBindingAdapter;
    } else {
        bindingAdapter = postBindingAdapter;
    }
    // AuthnRequestInfo init authnRequestID to null
    bindingAdapter.setAuthnRequestInfo(new AuthnRequestInfo());
    bindingAdapter.setExtractBindingAdapter(extractRedirectBindingAdapter);
    request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
    logger.debug("idp init forwarding to assertion :", "/authz/saml20/assertion");
    return WebContext.forward("/authz/saml20/assertion");
}
Also used : AppsSAML20Details(org.maxkey.entity.apps.AppsSAML20Details) AuthnRequestInfo(org.maxkey.authz.saml.common.AuthnRequestInfo) KeyStore(java.security.KeyStore) Operation(io.swagger.v3.oas.annotations.Operation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with AuthnRequestInfo

use of org.maxkey.authz.saml.common.AuthnRequestInfo in project MaxKey by dromara.

the class SingleSignOnEndpoint method extractSAMLMessage.

@SuppressWarnings("rawtypes")
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter, HttpServletRequest request) throws Exception {
    SAMLMessageContext messageContext;
    logger.debug("extract SAML Message .");
    try {
        messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
        logger.debug("validate SAML AuthnRequest .");
        AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
        logger.debug("AuthnRequest ProtocolBinding " + authnRequest.getProtocolBinding());
        logger.debug("InboundSAMLMessage Id " + messageContext.getInboundSAMLMessageId());
        logger.debug("AuthnRequest AssertionConsumerServiceURL " + authnRequest.getAssertionConsumerServiceURL());
        logger.debug("InboundMessage Issuer " + messageContext.getInboundMessageIssuer());
        logger.debug("InboundSAMLMessage IssueInstant " + messageContext.getInboundSAMLMessageIssueInstant());
        logger.debug("InboundSAMLMessage RelayState " + messageContext.getRelayState());
        logger.debug("AuthnRequest isPassive " + authnRequest.isPassive());
        logger.debug("AuthnRequest ForceAuthn " + authnRequest.isForceAuthn());
        validatorSuite.validate(authnRequest);
        logger.debug("Select Authz  Binding.");
        String binding = extractBindingAdapter.getSaml20Detail().getBinding();
        if (binding.endsWith("PostSimpleSign")) {
            bindingAdapter = postSimpleSignBindingAdapter;
            logger.debug("Authz POST Binding is  use PostSimpleSign .");
        } else {
            bindingAdapter = postBindingAdapter;
            logger.debug("Authz POST Binding is  use Post .");
        }
        AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getID());
        logger.debug("AuthnRequest vefified.  Forwarding to AuthnResponder", authnRequestInfo);
        bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
        bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
        String relayState = request.getParameter("RelayState");
        if (relayState != null) {
            bindingAdapter.setRelayState(relayState);
            logger.debug("RelayState : ", relayState);
        }
    } catch (MessageDecodingException e1) {
        logger.error("Exception decoding SAML MessageDecodingException", e1);
        throw new Exception(e1);
    } catch (SecurityException e1) {
        logger.error("Exception decoding SAML SecurityException", e1);
        throw new Exception(e1);
    } catch (ValidationException ve) {
        logger.warn("AuthnRequest Message failed Validation", ve);
        throw new Exception(ve);
    }
}
Also used : SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) ValidationException(org.opensaml.xml.validation.ValidationException) AuthnRequest(org.opensaml.saml2.core.AuthnRequest) AuthnRequestInfo(org.maxkey.authz.saml.common.AuthnRequestInfo) SecurityException(org.opensaml.xml.security.SecurityException) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) ValidationException(org.opensaml.xml.validation.ValidationException) SecurityException(org.opensaml.xml.security.SecurityException)

Aggregations

AuthnRequestInfo (org.maxkey.authz.saml.common.AuthnRequestInfo)3 AppsSAML20Details (org.maxkey.entity.apps.AppsSAML20Details)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 Operation (io.swagger.v3.oas.annotations.Operation)1 KeyStore (java.security.KeyStore)1 HashMap (java.util.HashMap)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 SigninPrincipal (org.maxkey.authn.SigninPrincipal)1 SAMLMessageContext (org.opensaml.common.binding.SAMLMessageContext)1 AuthnRequest (org.opensaml.saml2.core.AuthnRequest)1 Response (org.opensaml.saml2.core.Response)1 Endpoint (org.opensaml.saml2.metadata.Endpoint)1 MessageDecodingException (org.opensaml.ws.message.decoder.MessageDecodingException)1 MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)1 SecurityException (org.opensaml.xml.security.SecurityException)1 ValidationException (org.opensaml.xml.validation.ValidationException)1