Search in sources :

Example 1 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class LogoutSamlEndpoint method samlRedirectLogout.

@Operation(summary = "SAML单点注销地址接口", description = "", method = "GET")
@SuppressWarnings("rawtypes")
@RequestMapping(value = "/logout/saml", method = RequestMethod.GET)
public ModelAndView samlRedirectLogout(HttpServletRequest request, HttpServletResponse response) throws Exception {
    SAMLMessageContext messageContext;
    logger.debug("extract SAML Message .");
    try {
        messageContext = extractRedirectBindingAdapter.extractSAMLMessageContext(request);
        logger.debug("validate SAML LogoutRequest .");
        LogoutRequest logoutRequest = (LogoutRequest) messageContext.getInboundSAMLMessage();
        validatorSuite.validate(logoutRequest);
        logger.debug("LogoutRequest ID " + logoutRequest.getID());
        logger.debug("LogoutRequest Issuer " + logoutRequest.getIssuer());
        logger.debug("LogoutRequest IssueInstant " + logoutRequest.getIssueInstant());
        logger.debug("LogoutRequest Destination " + logoutRequest.getDestination());
        logger.debug("LogoutRequest NameID " + logoutRequest.getNameID().getValue());
        return WebContext.redirect("/logout");
    } catch (MessageDecodingException e1) {
        logger.error("Exception decoding SAML MessageDecodingException", e1);
    } catch (SecurityException e1) {
        logger.error("Exception decoding SAML SecurityException", e1);
    } catch (ValidationException ve) {
        logger.warn("logoutRequest Message failed Validation", ve);
    }
    return WebContext.redirect("/login");
}
Also used : SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) ValidationException(org.opensaml.xml.validation.ValidationException) LogoutRequest(org.opensaml.saml2.core.LogoutRequest) SecurityException(org.opensaml.xml.security.SecurityException) Operation(io.swagger.v3.oas.annotations.Operation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class WebServicePostEncoder method encodeMsgContext.

@SuppressWarnings("rawtypes")
public VelocityContext encodeMsgContext(MessageContext messageContext) throws MessageEncodingException {
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
    SAMLObject outboundMessage = samlMsgCtx.getOutboundSAMLMessage();
    if (outboundMessage == null) {
        throw new MessageEncodingException("No outbound SAML message contained in message context");
    }
    signMessage(samlMsgCtx);
    samlMsgCtx.setOutboundMessage(outboundMessage);
    return encodeMsgContext(samlMsgCtx);
}
Also used : SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) SAMLObject(org.opensaml.common.SAMLObject) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)

Example 3 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class ConsumerEndpoint method consumer.

@RequestMapping(value = "/consumer/saml/v20/{spId}")
public ModelAndView consumer(HttpServletRequest request, HttpServletResponse response, @PathVariable("spId") String spId) throws Exception {
    logger.debug("Attempting authentication.");
    // 初始化SP 证书
    initCredential(spId);
    SAMLMessageContext messageContext = null;
    /*
		try {
			messageContext = bindingAdapter.extractSAMLMessageContext(request);
		} catch (MessageDecodingException me) {
			logger.error("Could not decode SAML Response", me);
			throw new Exception(me);
		} catch (SecurityException se) {
			logger.error("Could not decode SAML Response", se);
			throw new Exception(se);
		}*/
    logger.debug("Message received from issuer: " + messageContext.getInboundMessageIssuer());
    if (!(messageContext.getInboundSAMLMessage() instanceof Response)) {
        logger.error("SAML Message was not a Response");
        throw new Exception();
    }
    List<Assertion> assertionList = ((Response) messageContext.getInboundSAMLMessage()).getAssertions();
    String credentials = extractBindingAdapter.extractSAMLMessage(request);
    // 未认证token
    Response samlResponse = (Response) messageContext.getInboundSAMLMessage();
    AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    try {
        validatorSuite.validate(samlResponse);
    } catch (ValidationException ve) {
        logger.warn("Response Message failed Validation", ve);
        throw new ServiceProviderAuthenticationException("Invalid SAML REsponse Message", ve);
    }
    checkResponseStatus(samlResponse);
    Assertion assertion = samlResponse.getAssertions().get(0);
    logger.debug("authenticationResponseIssuingEntityName {}", samlResponse.getIssuer().getValue());
    String username = assertion.getSubject().getNameID().getValue();
    logger.debug("assertion.getID() ", assertion.getID());
    logger.debug("assertion.getSubject().getNameID().getValue() ", username);
    logger.debug("assertion.getID() ", assertion.getAuthnStatements());
    LoginCredential loginCredential = new LoginCredential(username, "", ConstsLoginType.SAMLTRUST);
    authenticationProvider.authentication(loginCredential, true);
    ModelAndView mav = new ModelAndView();
    mav.addObject("username", username);
    mav.setViewName("redirect:/appList");
    return mav;
}
Also used : ValidationException(org.opensaml.xml.validation.ValidationException) Assertion(org.opensaml.saml2.core.Assertion) ModelAndView(org.springframework.web.servlet.ModelAndView) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) IdentityProviderAuthenticationException(org.maxkey.authz.saml20.consumer.spring.IdentityProviderAuthenticationException) ValidationException(org.opensaml.xml.validation.ValidationException) SecurityException(org.opensaml.xml.security.SecurityException) ServiceProviderAuthenticationException(org.maxkey.authz.saml20.consumer.spring.ServiceProviderAuthenticationException) Response(org.opensaml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) ServiceProviderAuthenticationException(org.maxkey.authz.saml20.consumer.spring.ServiceProviderAuthenticationException) LoginCredential(org.maxkey.authn.LoginCredential) WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 4 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project uaa by cloudfoundry.

the class SamlAssertionDecoder method doDecode.

/**
 * {@inheritDoc}
 */
protected void doDecode(MessageContext messageContext) throws MessageDecodingException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.error("Invalid message context type, this decoder only support SAMLMessageContext");
        throw new MessageDecodingException("Invalid message context type, this decoder only support SAMLMessageContext");
    }
    if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) {
        log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport");
        throw new MessageDecodingException("Invalid inbound message transport type, this decoder only support HTTPInTransport");
    }
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
    HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport();
    if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) {
        throw new MessageDecodingException("This message decoder only supports the HTTP POST method");
    }
    String relayState = inTransport.getParameterValue("RelayState");
    samlMsgCtx.setRelayState(relayState);
    log.debug("Decoded SAML relay state of: {}", relayState);
    InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport);
    Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage);
    Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue());
    samlMsgCtx.setInboundMessage(response);
    samlMsgCtx.setInboundSAMLMessage(response);
    log.debug("Decoded SAML message");
    populateMessageContext(samlMsgCtx);
}
Also used : Response(org.opensaml.saml2.core.Response) SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) HTTPInTransport(org.opensaml.ws.transport.http.HTTPInTransport) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Assertion(org.opensaml.saml2.core.Assertion)

Example 5 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class SingleSignOnEndpoint method extractSAMLMessage.

@SuppressWarnings("rawtypes")
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter, HttpServletRequest request) throws Exception {
    SAMLMessageContext messageContext;
    logger.debug("extract SAML Message .");
    try {
        messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
        logger.debug("validate SAML AuthnRequest .");
        AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
        logger.debug("AuthnRequest ProtocolBinding " + authnRequest.getProtocolBinding());
        logger.debug("InboundSAMLMessage Id " + messageContext.getInboundSAMLMessageId());
        logger.debug("AuthnRequest AssertionConsumerServiceURL " + authnRequest.getAssertionConsumerServiceURL());
        logger.debug("InboundMessage Issuer " + messageContext.getInboundMessageIssuer());
        logger.debug("InboundSAMLMessage IssueInstant " + messageContext.getInboundSAMLMessageIssueInstant());
        logger.debug("InboundSAMLMessage RelayState " + messageContext.getRelayState());
        logger.debug("AuthnRequest isPassive " + authnRequest.isPassive());
        logger.debug("AuthnRequest ForceAuthn " + authnRequest.isForceAuthn());
        validatorSuite.validate(authnRequest);
        logger.debug("Select Authz  Binding.");
        String binding = extractBindingAdapter.getSaml20Detail().getBinding();
        if (binding.endsWith("PostSimpleSign")) {
            bindingAdapter = postSimpleSignBindingAdapter;
            logger.debug("Authz POST Binding is  use PostSimpleSign .");
        } else {
            bindingAdapter = postBindingAdapter;
            logger.debug("Authz POST Binding is  use Post .");
        }
        AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getID());
        logger.debug("AuthnRequest vefified.  Forwarding to AuthnResponder", authnRequestInfo);
        bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
        bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
        String relayState = request.getParameter("RelayState");
        if (relayState != null) {
            bindingAdapter.setRelayState(relayState);
            logger.debug("RelayState : ", relayState);
        }
    } catch (MessageDecodingException e1) {
        logger.error("Exception decoding SAML MessageDecodingException", e1);
        throw new Exception(e1);
    } catch (SecurityException e1) {
        logger.error("Exception decoding SAML SecurityException", e1);
        throw new Exception(e1);
    } catch (ValidationException ve) {
        logger.warn("AuthnRequest Message failed Validation", ve);
        throw new Exception(ve);
    }
}
Also used : SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) ValidationException(org.opensaml.xml.validation.ValidationException) AuthnRequest(org.opensaml.saml2.core.AuthnRequest) AuthnRequestInfo(org.maxkey.authz.saml.common.AuthnRequestInfo) SecurityException(org.opensaml.xml.security.SecurityException) MessageDecodingException(org.opensaml.ws.message.decoder.MessageDecodingException) ValidationException(org.opensaml.xml.validation.ValidationException) SecurityException(org.opensaml.xml.security.SecurityException)

Aggregations

SAMLMessageContext (org.opensaml.common.binding.SAMLMessageContext)5 MessageDecodingException (org.opensaml.ws.message.decoder.MessageDecodingException)4 SecurityException (org.opensaml.xml.security.SecurityException)3 ValidationException (org.opensaml.xml.validation.ValidationException)3 Assertion (org.opensaml.saml2.core.Assertion)2 Response (org.opensaml.saml2.core.Response)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 Operation (io.swagger.v3.oas.annotations.Operation)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 InputStream (java.io.InputStream)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 LoginCredential (org.maxkey.authn.LoginCredential)1 AuthnRequestInfo (org.maxkey.authz.saml.common.AuthnRequestInfo)1 IdentityProviderAuthenticationException (org.maxkey.authz.saml20.consumer.spring.IdentityProviderAuthenticationException)1 ServiceProviderAuthenticationException (org.maxkey.authz.saml20.consumer.spring.ServiceProviderAuthenticationException)1 SAMLObject (org.opensaml.common.SAMLObject)1 AuthnRequest (org.opensaml.saml2.core.AuthnRequest)1 LogoutRequest (org.opensaml.saml2.core.LogoutRequest)1 MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)1