Examples with SAMLMessageContext org.opensaml.common.binding.SAMLMessageContext used on opensource projects

Example 1 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class LogoutSamlEndpoint method samlRedirectLogout.

@Operation(summary = "SAML单点注销地址接口", description = "", method = "GET")
@SuppressWarnings("rawtypes")
@RequestMapping(value = "/logout/saml", method = RequestMethod.GET)
public ModelAndView samlRedirectLogout(HttpServletRequest request, HttpServletResponse response) throws Exception {
    SAMLMessageContext messageContext;
    logger.debug("extract SAML Message .");
    try {
        messageContext = extractRedirectBindingAdapter.extractSAMLMessageContext(request);
        logger.debug("validate SAML LogoutRequest .");
        LogoutRequest logoutRequest = (LogoutRequest) messageContext.getInboundSAMLMessage();
        validatorSuite.validate(logoutRequest);
        logger.debug("LogoutRequest ID " + logoutRequest.getID());
        logger.debug("LogoutRequest Issuer " + logoutRequest.getIssuer());
        logger.debug("LogoutRequest IssueInstant " + logoutRequest.getIssueInstant());
        logger.debug("LogoutRequest Destination " + logoutRequest.getDestination());
        logger.debug("LogoutRequest NameID " + logoutRequest.getNameID().getValue());
        return WebContext.redirect("/logout");
    } catch (MessageDecodingException e1) {
        logger.error("Exception decoding SAML MessageDecodingException", e1);
    } catch (SecurityException e1) {
        logger.error("Exception decoding SAML SecurityException", e1);
    } catch (ValidationException ve) {
        logger.warn("logoutRequest Message failed Validation", ve);
    }
    return WebContext.redirect("/login");
}

Example 2 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class WebServicePostEncoder method encodeMsgContext.

@SuppressWarnings("rawtypes")
public VelocityContext encodeMsgContext(MessageContext messageContext) throws MessageEncodingException {
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
    SAMLObject outboundMessage = samlMsgCtx.getOutboundSAMLMessage();
    if (outboundMessage == null) {
        throw new MessageEncodingException("No outbound SAML message contained in message context");
    }
    signMessage(samlMsgCtx);
    samlMsgCtx.setOutboundMessage(outboundMessage);
    return encodeMsgContext(samlMsgCtx);
}

Example 3 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class ConsumerEndpoint method consumer.

@RequestMapping(value = "/consumer/saml/v20/{spId}")
public ModelAndView consumer(HttpServletRequest request, HttpServletResponse response, @PathVariable("spId") String spId) throws Exception {
    logger.debug("Attempting authentication.");
    // 初始化SP 证书
    initCredential(spId);
    SAMLMessageContext messageContext = null;
    /*
		try {
			messageContext = bindingAdapter.extractSAMLMessageContext(request);
		} catch (MessageDecodingException me) {
			logger.error("Could not decode SAML Response", me);
			throw new Exception(me);
		} catch (SecurityException se) {
			logger.error("Could not decode SAML Response", se);
			throw new Exception(se);
		}*/
    logger.debug("Message received from issuer: " + messageContext.getInboundMessageIssuer());
    if (!(messageContext.getInboundSAMLMessage() instanceof Response)) {
        logger.error("SAML Message was not a Response");
        throw new Exception();
    }
    List<Assertion> assertionList = ((Response) messageContext.getInboundSAMLMessage()).getAssertions();
    String credentials = extractBindingAdapter.extractSAMLMessage(request);
    // 未认证token
    Response samlResponse = (Response) messageContext.getInboundSAMLMessage();
    AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    try {
        validatorSuite.validate(samlResponse);
    } catch (ValidationException ve) {
        logger.warn("Response Message failed Validation", ve);
        throw new ServiceProviderAuthenticationException("Invalid SAML REsponse Message", ve);
    }
    checkResponseStatus(samlResponse);
    Assertion assertion = samlResponse.getAssertions().get(0);
    logger.debug("authenticationResponseIssuingEntityName {}", samlResponse.getIssuer().getValue());
    String username = assertion.getSubject().getNameID().getValue();
    logger.debug("assertion.getID() ", assertion.getID());
    logger.debug("assertion.getSubject().getNameID().getValue() ", username);
    logger.debug("assertion.getID() ", assertion.getAuthnStatements());
    LoginCredential loginCredential = new LoginCredential(username, "", ConstsLoginType.SAMLTRUST);
    authenticationProvider.authentication(loginCredential, true);
    ModelAndView mav = new ModelAndView();
    mav.addObject("username", username);
    mav.setViewName("redirect:/appList");
    return mav;
}

Example 4 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project uaa by cloudfoundry.

the class SamlAssertionDecoder method doDecode.

/**
 * {@inheritDoc}
 */
protected void doDecode(MessageContext messageContext) throws MessageDecodingException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.error("Invalid message context type, this decoder only support SAMLMessageContext");
        throw new MessageDecodingException("Invalid message context type, this decoder only support SAMLMessageContext");
    }
    if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) {
        log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport");
        throw new MessageDecodingException("Invalid inbound message transport type, this decoder only support HTTPInTransport");
    }
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
    HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport();
    if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) {
        throw new MessageDecodingException("This message decoder only supports the HTTP POST method");
    }
    String relayState = inTransport.getParameterValue("RelayState");
    samlMsgCtx.setRelayState(relayState);
    log.debug("Decoded SAML relay state of: {}", relayState);
    InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport);
    Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage);
    Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue());
    samlMsgCtx.setInboundMessage(response);
    samlMsgCtx.setInboundSAMLMessage(response);
    log.debug("Decoded SAML message");
    populateMessageContext(samlMsgCtx);
}

Example 5 with SAMLMessageContext

use of org.opensaml.common.binding.SAMLMessageContext in project MaxKey by dromara.

the class SingleSignOnEndpoint method extractSAMLMessage.

@SuppressWarnings("rawtypes")
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter, HttpServletRequest request) throws Exception {
    SAMLMessageContext messageContext;
    logger.debug("extract SAML Message .");
    try {
        messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
        logger.debug("validate SAML AuthnRequest .");
        AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
        logger.debug("AuthnRequest ProtocolBinding " + authnRequest.getProtocolBinding());
        logger.debug("InboundSAMLMessage Id " + messageContext.getInboundSAMLMessageId());
        logger.debug("AuthnRequest AssertionConsumerServiceURL " + authnRequest.getAssertionConsumerServiceURL());
        logger.debug("InboundMessage Issuer " + messageContext.getInboundMessageIssuer());
        logger.debug("InboundSAMLMessage IssueInstant " + messageContext.getInboundSAMLMessageIssueInstant());
        logger.debug("InboundSAMLMessage RelayState " + messageContext.getRelayState());
        logger.debug("AuthnRequest isPassive " + authnRequest.isPassive());
        logger.debug("AuthnRequest ForceAuthn " + authnRequest.isForceAuthn());
        validatorSuite.validate(authnRequest);
        logger.debug("Select Authz  Binding.");
        String binding = extractBindingAdapter.getSaml20Detail().getBinding();
        if (binding.endsWith("PostSimpleSign")) {
            bindingAdapter = postSimpleSignBindingAdapter;
            logger.debug("Authz POST Binding is  use PostSimpleSign .");
        } else {
            bindingAdapter = postBindingAdapter;
            logger.debug("Authz POST Binding is  use Post .");
        }
        AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getID());
        logger.debug("AuthnRequest vefified.  Forwarding to AuthnResponder", authnRequestInfo);
        bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
        bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
        String relayState = request.getParameter("RelayState");
        if (relayState != null) {
            bindingAdapter.setRelayState(relayState);
            logger.debug("RelayState : ", relayState);
        }
    } catch (MessageDecodingException e1) {
        logger.error("Exception decoding SAML MessageDecodingException", e1);
        throw new Exception(e1);
    } catch (SecurityException e1) {
        logger.error("Exception decoding SAML SecurityException", e1);
        throw new Exception(e1);
    } catch (ValidationException ve) {
        logger.warn("AuthnRequest Message failed Validation", ve);
        throw new Exception(ve);
    }
}