use of org.opensaml.common.SAMLRuntimeException in project uaa by cloudfoundry.
the class IdpMetadataGenerator method generateKeyInfoForCredential.
protected KeyInfo generateKeyInfoForCredential(Credential credential) {
try {
String keyInfoGeneratorName = org.springframework.security.saml.SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR;
if (extendedMetadata != null && extendedMetadata.getKeyInfoGeneratorName() != null) {
keyInfoGeneratorName = extendedMetadata.getKeyInfoGeneratorName();
}
KeyInfoGenerator keyInfoGenerator = SecurityHelper.getKeyInfoGenerator(credential, null, keyInfoGeneratorName);
return keyInfoGenerator.generate(credential);
} catch (org.opensaml.xml.security.SecurityException e) {
log.error("Can't obtain key from the keystore or generate key info for credential: " + credential, e);
throw new SAMLRuntimeException("Can't obtain key from keystore or generate key info", e);
}
}
use of org.opensaml.common.SAMLRuntimeException in project Insights by CognizantOneDevOps.
the class InsightsSAMLAuthenticationProviderImpl method authenticate.
/**
* Used to authenticate initial SAML login request, It will redirect user to
* service provider login URL and then fetch necessary user detail.
* It also create ExpiringUsernameAuthenticationToken and set it in spring
* security context
*/
@Override
public Authentication authenticate(Authentication authentication) {
log.debug(" Inside InsightsSAMLAuthenticationProviderImpl === ");
if (!supports(authentication.getClass())) {
throw new IllegalArgumentException("Only SAMLAuthenticationToken is supported, " + authentication.getClass() + " was attempted");
}
SAMLAuthenticationToken token = (SAMLAuthenticationToken) authentication;
SAMLMessageContext context = token.getCredentials();
if (context == null) {
throw new AuthenticationServiceException("SAML message context is not available in the authentication token");
}
SAMLCredential credential;
try {
if (SAMLConstants.SAML2_WEBSSO_PROFILE_URI.equals(context.getCommunicationProfileId())) {
credential = consumer.processAuthenticationResponse(context);
} else if (SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI.equals(context.getCommunicationProfileId())) {
credential = hokConsumer.processAuthenticationResponse(context);
} else {
throw new SAMLException("Unsupported profile encountered in the context " + context.getCommunicationProfileId());
}
} catch (SAMLRuntimeException e) {
log.debug("Error validating SAML message ", e);
samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
throw new AuthenticationServiceException("Error validating SAML message.", e);
} catch (SAMLException e) {
log.debug("Error validating SAML message ", e);
samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
throw new AuthenticationServiceException("Error validating SAML message..", e);
} catch (ValidationException e) {
log.debug("Error validating signature ", e);
samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
throw new AuthenticationServiceException("Error validating SAML message signature", e);
} catch (org.opensaml.xml.security.SecurityException e) {
log.debug("Error validating signature", e);
samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
throw new AuthenticationServiceException("Error validating SAML message signature", e);
} catch (DecryptionException e) {
log.debug("Error decrypting SAML message", e);
samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
throw new AuthenticationServiceException("Error decrypting SAML message", e);
}
SamlUserDetails userDetails = (SamlUserDetails) getUserDetails(credential);
Object principal = getPrincipal(credential, userDetails);
List<GrantedAuthority> updatedAuthorities = new ArrayList<>();
updatedAuthorities.add(SpringAuthority.valueOf("Viewer"));
Date expiration = getExpirationDate(credential);
SAMLCredential authenticationCredential = excludeCredential ? null : credential;
ExpiringUsernameAuthenticationToken result = new ExpiringUsernameAuthenticationToken(expiration, principal, authenticationCredential, updatedAuthorities);
result.setDetails(userDetails);
samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.SUCCESS, context, result, null);
return result;
}
Aggregations