use of org.maxkey.authz.saml.common.AuthnRequestInfo in project MaxKey by dromara.
the class AssertionEndpoint method assertion.
@RequestMapping(value = "/authz/saml20/assertion")
public ModelAndView assertion(HttpServletRequest request, HttpServletResponse response) throws Exception {
logger.debug("saml20 assertion start.");
bindingAdapter = (BindingAdapter) request.getSession().getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
logger.debug("saml20 assertion get session samlv20Adapter " + bindingAdapter);
AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
logger.debug("saml20Details " + saml20Details.getExtendAttr());
AuthnRequestInfo authnRequestInfo = bindingAdapter.getAuthnRequestInfo();
if (authnRequestInfo == null) {
logger.warn("Could not find AuthnRequest on the request. Responding with SC_FORBIDDEN.");
throw new Exception();
}
logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
HashMap<String, String> attributeMap = new HashMap<String, String>();
attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId());
// saml20Details
Response authResponse = authnResponseGenerator.generateAuthnResponse(saml20Details, authnRequestInfo, attributeMap, bindingAdapter);
Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());
request.getSession().removeAttribute(AuthnRequestInfo.class.getName());
// request issuer...
try {
bindingAdapter.sendSAMLMessage(authResponse, endpoint, request, response);
} catch (MessageEncodingException mee) {
logger.error("Exception encoding SAML message", mee);
throw new Exception(mee);
}
return null;
}
use of org.maxkey.authz.saml.common.AuthnRequestInfo in project MaxKey by dromara.
the class IdpInitEndpoint method authorizeIdpInit.
/**
* @param request
* @param response
* @param appId
* @return
* @throws Exception
*/
@Operation(summary = "SAML 2.0 IDP Init接口", description = "传递参数应用ID", method = "GET")
@RequestMapping(value = "/authz/saml20/idpinit/{appid}", method = RequestMethod.GET)
public ModelAndView authorizeIdpInit(HttpServletRequest request, HttpServletResponse response, @PathVariable("appid") String appId) throws Exception {
logger.debug("SAML IDP init , app id is " + appId);
AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(appId, true);
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
if (saml20Details == null) {
logger.error("samlId[" + appId + "] Error .");
throw new Exception();
}
KeyStore trustKeyStore = KeyStoreUtil.bytes2KeyStore(saml20Details.getKeyStore(), keyStoreLoader.getKeyStore().getType(), keyStoreLoader.getKeystorePassword());
extractRedirectBindingAdapter.setSaml20Detail(saml20Details);
extractRedirectBindingAdapter.buildSecurityPolicyResolver(trustKeyStore);
String binding = saml20Details.getBinding();
if (binding.endsWith("PostSimpleSign")) {
bindingAdapter = postSimpleSignBindingAdapter;
} else {
bindingAdapter = postBindingAdapter;
}
// AuthnRequestInfo init authnRequestID to null
bindingAdapter.setAuthnRequestInfo(new AuthnRequestInfo());
bindingAdapter.setExtractBindingAdapter(extractRedirectBindingAdapter);
request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
logger.debug("idp init forwarding to assertion :", "/authz/saml20/assertion");
return WebContext.forward("/authz/saml20/assertion");
}
use of org.maxkey.authz.saml.common.AuthnRequestInfo in project MaxKey by dromara.
the class SingleSignOnEndpoint method extractSAMLMessage.
@SuppressWarnings("rawtypes")
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter, HttpServletRequest request) throws Exception {
SAMLMessageContext messageContext;
logger.debug("extract SAML Message .");
try {
messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
logger.debug("validate SAML AuthnRequest .");
AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
logger.debug("AuthnRequest ProtocolBinding " + authnRequest.getProtocolBinding());
logger.debug("InboundSAMLMessage Id " + messageContext.getInboundSAMLMessageId());
logger.debug("AuthnRequest AssertionConsumerServiceURL " + authnRequest.getAssertionConsumerServiceURL());
logger.debug("InboundMessage Issuer " + messageContext.getInboundMessageIssuer());
logger.debug("InboundSAMLMessage IssueInstant " + messageContext.getInboundSAMLMessageIssueInstant());
logger.debug("InboundSAMLMessage RelayState " + messageContext.getRelayState());
logger.debug("AuthnRequest isPassive " + authnRequest.isPassive());
logger.debug("AuthnRequest ForceAuthn " + authnRequest.isForceAuthn());
validatorSuite.validate(authnRequest);
logger.debug("Select Authz Binding.");
String binding = extractBindingAdapter.getSaml20Detail().getBinding();
if (binding.endsWith("PostSimpleSign")) {
bindingAdapter = postSimpleSignBindingAdapter;
logger.debug("Authz POST Binding is use PostSimpleSign .");
} else {
bindingAdapter = postBindingAdapter;
logger.debug("Authz POST Binding is use Post .");
}
AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getID());
logger.debug("AuthnRequest vefified. Forwarding to AuthnResponder", authnRequestInfo);
bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
String relayState = request.getParameter("RelayState");
if (relayState != null) {
bindingAdapter.setRelayState(relayState);
logger.debug("RelayState : ", relayState);
}
} catch (MessageDecodingException e1) {
logger.error("Exception decoding SAML MessageDecodingException", e1);
throw new Exception(e1);
} catch (SecurityException e1) {
logger.error("Exception decoding SAML SecurityException", e1);
throw new Exception(e1);
} catch (ValidationException ve) {
logger.warn("AuthnRequest Message failed Validation", ve);
throw new Exception(ve);
}
}
Aggregations