Examples with AppsSAML20Details org.maxkey.entity.apps.AppsSAML20Details used on opensource projects

Example 1 with AppsSAML20Details

use of org.maxkey.entity.apps.AppsSAML20Details in project MaxKey by dromara.

the class SAML20DetailsController method forwardUpdate.

@RequestMapping(value = { "/forwardUpdate/{id}" })
public ModelAndView forwardUpdate(@PathVariable("id") String id) {
    ModelAndView modelAndView = new ModelAndView("apps/saml20/appUpdate");
    AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(id, false);
    decoderSecret(saml20Details);
    saml20Details.transIconBase64();
    modelAndView.addObject("model", saml20Details);
    modelAndView.addObject("authzURI", applicationConfig.getAuthzUri());
    return modelAndView;
}

Example 2 with AppsSAML20Details

use of org.maxkey.entity.apps.AppsSAML20Details in project MaxKey by dromara.

the class AssertionEndpoint method assertion.

@RequestMapping(value = "/authz/saml20/assertion")
public ModelAndView assertion(HttpServletRequest request, HttpServletResponse response) throws Exception {
    logger.debug("saml20 assertion start.");
    bindingAdapter = (BindingAdapter) request.getSession().getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
    logger.debug("saml20 assertion get session samlv20Adapter " + bindingAdapter);
    AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
    logger.debug("saml20Details " + saml20Details.getExtendAttr());
    AuthnRequestInfo authnRequestInfo = bindingAdapter.getAuthnRequestInfo();
    if (authnRequestInfo == null) {
        logger.warn("Could not find AuthnRequest on the request.  Responding with SC_FORBIDDEN.");
        throw new Exception();
    }
    logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
    HashMap<String, String> attributeMap = new HashMap<String, String>();
    attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId());
    // saml20Details
    Response authResponse = authnResponseGenerator.generateAuthnResponse(saml20Details, authnRequestInfo, attributeMap, bindingAdapter);
    Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());
    request.getSession().removeAttribute(AuthnRequestInfo.class.getName());
    // request issuer...
    try {
        bindingAdapter.sendSAMLMessage(authResponse, endpoint, request, response);
    } catch (MessageEncodingException mee) {
        logger.error("Exception encoding SAML message", mee);
        throw new Exception(mee);
    }
    return null;
}

Example 3 with AppsSAML20Details

use of org.maxkey.entity.apps.AppsSAML20Details in project MaxKey by dromara.

the class IdpInitEndpoint method authorizeIdpInit.

/**
 * @param request
 * @param response
 * @param appId
 * @return
 * @throws Exception
 */
@Operation(summary = "SAML 2.0 IDP Init接口", description = "传递参数应用ID", method = "GET")
@RequestMapping(value = "/authz/saml20/idpinit/{appid}", method = RequestMethod.GET)
public ModelAndView authorizeIdpInit(HttpServletRequest request, HttpServletResponse response, @PathVariable("appid") String appId) throws Exception {
    logger.debug("SAML IDP init , app id is " + appId);
    AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(appId, true);
    WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
    if (saml20Details == null) {
        logger.error("samlId[" + appId + "] Error .");
        throw new Exception();
    }
    KeyStore trustKeyStore = KeyStoreUtil.bytes2KeyStore(saml20Details.getKeyStore(), keyStoreLoader.getKeyStore().getType(), keyStoreLoader.getKeystorePassword());
    extractRedirectBindingAdapter.setSaml20Detail(saml20Details);
    extractRedirectBindingAdapter.buildSecurityPolicyResolver(trustKeyStore);
    String binding = saml20Details.getBinding();
    if (binding.endsWith("PostSimpleSign")) {
        bindingAdapter = postSimpleSignBindingAdapter;
    } else {
        bindingAdapter = postBindingAdapter;
    }
    // AuthnRequestInfo init authnRequestID to null
    bindingAdapter.setAuthnRequestInfo(new AuthnRequestInfo());
    bindingAdapter.setExtractBindingAdapter(extractRedirectBindingAdapter);
    request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
    logger.debug("idp init forwarding to assertion :", "/authz/saml20/assertion");
    return WebContext.forward("/authz/saml20/assertion");
}

Example 4 with AppsSAML20Details

use of org.maxkey.entity.apps.AppsSAML20Details in project MaxKey by dromara.

the class SingleSignOnEndpoint method extractSaml20Detail.

public void extractSaml20Detail(ExtractBindingAdapter extractBindingAdapter, String samlId) throws Exception {
    AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(samlId, true);
    WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
    if (saml20Details == null) {
        logger.error("Request SAML APPID [" + samlId + "] is not exist .");
        throw new Exception();
    }
    KeyStore trustKeyStore = KeyStoreUtil.bytes2KeyStore(saml20Details.getKeyStore(), extractBindingAdapter.getKeyStoreLoader().getKeyStore().getType(), extractBindingAdapter.getKeyStoreLoader().getKeystorePassword());
    extractBindingAdapter.setSaml20Detail(saml20Details);
    extractBindingAdapter.buildSecurityPolicyResolver(trustKeyStore);
}

Example 5 with AppsSAML20Details

use of org.maxkey.entity.apps.AppsSAML20Details in project MaxKey by dromara.

the class ConsumerEndpoint method initCredential.

/**
 * 初始化sp证书
 *
 * @throws Exception
 */
private void initCredential(String spId) throws Exception {
    // 1. 获取 sp keyStore
    AppsSAML20Details saml20Details = saml20DetailsService.get(spId);
    if (saml20Details == null) {
        logger.error("spid[" + spId + "] not exists");
        throw new Exception();
    }
    byte[] keyStoreBytes = saml20Details.getKeyStore();
    InputStream keyStoreStream = new ByteArrayInputStream(keyStoreBytes);
    try {
        KeyStore keyStore = KeyStore.getInstance(keyStoreLoader.getKeystoreType());
        keyStore.load(keyStoreStream, keyStoreLoader.getKeystorePassword().toCharArray());
        Map<String, String> passwords = new HashMap<String, String>();
        for (Enumeration<String> en = keyStore.aliases(); en.hasMoreElements(); ) {
            String aliase = en.nextElement();
            if (aliase.equalsIgnoreCase(keyStoreLoader.getEntityName())) {
                passwords.put(aliase, keyStoreLoader.getKeystorePassword());
            }
        }
        // TrustResolver trustResolver = new
        // TrustResolver(keyStore,keyStoreLoader.getIdpIssuingEntityName(),keyStoreLoader.getKeystorePassword());
        AuthnResponseGenerator authnResponseGenerator = new AuthnResponseGenerator(keyStoreLoader.getEntityName(), timeService, idService);
        // endpointGenerator = new EndpointGenerator();
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIDCriteria(keyStoreLoader.getEntityName()));
        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        KeyStoreCredentialResolver credentialResolver = new KeyStoreCredentialResolver(keyStore, passwords);
        signingCredential = credentialResolver.resolveSingle(criteriaSet);
        Validate.notNull(signingCredential);
        // adapter set resolver
        TrustResolver trustResolver = new TrustResolver(keyStore, keyStoreLoader.getEntityName(), keyStoreLoader.getKeystorePassword(), issueInstantRule, messageReplayRule, "POST");
        extractBindingAdapter.setSecurityPolicyResolver(trustResolver.getStaticSecurityPolicyResolver());
    } catch (Exception e) {
        logger.error("初始化sp证书出错");
        throw new Exception(e);
    }
}