Search in sources :

Example 1 with SAMLRuntimeException

use of org.opensaml.common.SAMLRuntimeException in project uaa by cloudfoundry.

the class IdpMetadataGenerator method generateKeyInfoForCredential.

protected KeyInfo generateKeyInfoForCredential(Credential credential) {
    try {
        String keyInfoGeneratorName = org.springframework.security.saml.SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR;
        if (extendedMetadata != null && extendedMetadata.getKeyInfoGeneratorName() != null) {
            keyInfoGeneratorName = extendedMetadata.getKeyInfoGeneratorName();
        }
        KeyInfoGenerator keyInfoGenerator = SecurityHelper.getKeyInfoGenerator(credential, null, keyInfoGeneratorName);
        return keyInfoGenerator.generate(credential);
    } catch (org.opensaml.xml.security.SecurityException e) {
        log.error("Can't obtain key from the keystore or generate key info for credential: " + credential, e);
        throw new SAMLRuntimeException("Can't obtain key from keystore or generate key info", e);
    }
}
Also used : KeyInfoGenerator(org.opensaml.xml.security.keyinfo.KeyInfoGenerator) SAMLRuntimeException(org.opensaml.common.SAMLRuntimeException)

Example 2 with SAMLRuntimeException

use of org.opensaml.common.SAMLRuntimeException in project Insights by CognizantOneDevOps.

the class InsightsSAMLAuthenticationProviderImpl method authenticate.

/**
 * Used to authenticate initial SAML login request, It will redirect user to
 * service provider login URL and then fetch necessary user detail.
 * It also create ExpiringUsernameAuthenticationToken and set it in spring
 * security context
 */
@Override
public Authentication authenticate(Authentication authentication) {
    log.debug(" Inside InsightsSAMLAuthenticationProviderImpl === ");
    if (!supports(authentication.getClass())) {
        throw new IllegalArgumentException("Only SAMLAuthenticationToken is supported, " + authentication.getClass() + " was attempted");
    }
    SAMLAuthenticationToken token = (SAMLAuthenticationToken) authentication;
    SAMLMessageContext context = token.getCredentials();
    if (context == null) {
        throw new AuthenticationServiceException("SAML message context is not available in the authentication token");
    }
    SAMLCredential credential;
    try {
        if (SAMLConstants.SAML2_WEBSSO_PROFILE_URI.equals(context.getCommunicationProfileId())) {
            credential = consumer.processAuthenticationResponse(context);
        } else if (SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI.equals(context.getCommunicationProfileId())) {
            credential = hokConsumer.processAuthenticationResponse(context);
        } else {
            throw new SAMLException("Unsupported profile encountered in the context " + context.getCommunicationProfileId());
        }
    } catch (SAMLRuntimeException e) {
        log.debug("Error validating SAML message ", e);
        samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
        throw new AuthenticationServiceException("Error validating SAML message.", e);
    } catch (SAMLException e) {
        log.debug("Error validating SAML message ", e);
        samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
        throw new AuthenticationServiceException("Error validating SAML message..", e);
    } catch (ValidationException e) {
        log.debug("Error validating signature ", e);
        samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
        throw new AuthenticationServiceException("Error validating SAML message signature", e);
    } catch (org.opensaml.xml.security.SecurityException e) {
        log.debug("Error validating signature", e);
        samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
        throw new AuthenticationServiceException("Error validating SAML message signature", e);
    } catch (DecryptionException e) {
        log.debug("Error decrypting SAML message", e);
        samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.FAILURE, context, e);
        throw new AuthenticationServiceException("Error decrypting SAML message", e);
    }
    SamlUserDetails userDetails = (SamlUserDetails) getUserDetails(credential);
    Object principal = getPrincipal(credential, userDetails);
    List<GrantedAuthority> updatedAuthorities = new ArrayList<>();
    updatedAuthorities.add(SpringAuthority.valueOf("Viewer"));
    Date expiration = getExpirationDate(credential);
    SAMLCredential authenticationCredential = excludeCredential ? null : credential;
    ExpiringUsernameAuthenticationToken result = new ExpiringUsernameAuthenticationToken(expiration, principal, authenticationCredential, updatedAuthorities);
    result.setDetails(userDetails);
    samlLogger.log(SAMLConstants.AUTH_N_RESPONSE, SAMLConstants.SUCCESS, context, result, null);
    return result;
}
Also used : ValidationException(org.opensaml.xml.validation.ValidationException) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken) ArrayList(java.util.ArrayList) SAMLRuntimeException(org.opensaml.common.SAMLRuntimeException) SAMLAuthenticationToken(org.springframework.security.saml.SAMLAuthenticationToken) SAMLException(org.opensaml.common.SAMLException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) Date(java.util.Date) SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext) SAMLCredential(org.springframework.security.saml.SAMLCredential) DecryptionException(org.opensaml.xml.encryption.DecryptionException)

Aggregations

SAMLRuntimeException (org.opensaml.common.SAMLRuntimeException)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 SAMLException (org.opensaml.common.SAMLException)1 DecryptionException (org.opensaml.xml.encryption.DecryptionException)1 KeyInfoGenerator (org.opensaml.xml.security.keyinfo.KeyInfoGenerator)1 ValidationException (org.opensaml.xml.validation.ValidationException)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 ExpiringUsernameAuthenticationToken (org.springframework.security.providers.ExpiringUsernameAuthenticationToken)1 SAMLAuthenticationToken (org.springframework.security.saml.SAMLAuthenticationToken)1 SAMLCredential (org.springframework.security.saml.SAMLCredential)1 SAMLMessageContext (org.springframework.security.saml.context.SAMLMessageContext)1