Example 1 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cas by apereo.
the class WsFederationHelper method parseTokenFromString.
/**
* parseTokenFromString converts a raw wresult and extracts it into an assertion.
*
* @param wresult the raw token returned by the IdP
* @param config the config
* @return an assertion
*/
public Assertion parseTokenFromString(final String wresult, final WsFederationConfiguration config) {
LOGGER.debug("Result token received from ADFS is [{}]", wresult);
try (InputStream in = new ByteArrayInputStream(wresult.getBytes(StandardCharsets.UTF_8))) {
LOGGER.debug("Parsing token into a document");
final Document document = configBean.getParserPool().parse(in);
final Element metadataRoot = document.getDocumentElement();
final UnmarshallerFactory unmarshallerFactory = configBean.getUnmarshallerFactory();
final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
if (unmarshaller == null) {
throw new IllegalArgumentException("Unmarshaller for the metadata root element cannot be determined");
}
LOGGER.debug("Unmarshalling the document into a security token response");
final RequestSecurityTokenResponse rsToken = (RequestSecurityTokenResponse) unmarshaller.unmarshall(metadataRoot);
if (rsToken == null || rsToken.getRequestedSecurityToken() == null) {
throw new IllegalArgumentException("Request security token response is null");
}
//Get our SAML token
LOGGER.debug("Locating list of requested security tokens");
final List<RequestedSecurityToken> rst = rsToken.getRequestedSecurityToken();
if (rst.isEmpty()) {
throw new IllegalArgumentException("No requested security token response is provided in the response");
}
LOGGER.debug("Locating the first occurrence of a requested security token in the list");
final RequestedSecurityToken reqToken = rst.get(0);
if (reqToken.getSecurityTokens() == null || reqToken.getSecurityTokens().isEmpty()) {
throw new IllegalArgumentException("Requested security token response is not carrying any security tokens");
}
Assertion assertion = null;
LOGGER.debug("Locating the first occurrence of a security token from the requested security token");
XMLObject securityToken = reqToken.getSecurityTokens().get(0);
if (securityToken instanceof EncryptedData) {
try {
LOGGER.debug("Security token is encrypted. Attempting to decrypt to extract the assertion");
final EncryptedData encryptedData = EncryptedData.class.cast(securityToken);
final Decrypter decrypter = buildAssertionDecrypter(config);
LOGGER.debug("Built an instance of [{}]", decrypter.getClass().getName());
securityToken = decrypter.decryptData(encryptedData);
} catch (final Exception e) {
throw new IllegalArgumentException("Unable to decrypt security token", e);
}
}
if (securityToken instanceof Assertion) {
LOGGER.debug("Security token is an assertion.");
assertion = Assertion.class.cast(securityToken);
}
if (assertion == null) {
throw new IllegalArgumentException("Could not extract or decrypt an assertion based on the security token provided");
}
LOGGER.debug("Extracted assertion successfully: [{}]", assertion);
return assertion;
} catch (final Exception ex) {
LOGGER.warn(ex.getMessage());
return null;
}
}
Also used :
RequestedSecurityToken(org.opensaml.soap.wsfed.RequestedSecurityToken)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
Element(org.w3c.dom.Element)
Assertion(org.opensaml.saml.saml1.core.Assertion)
XMLObject(org.opensaml.core.xml.XMLObject)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
UnmarshallerFactory(org.opensaml.core.xml.io.UnmarshallerFactory)
Document(org.w3c.dom.Document)
SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)
SecurityException(org.opensaml.security.SecurityException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
EncryptedData(org.opensaml.xmlsec.encryption.EncryptedData)
Unmarshaller(org.opensaml.core.xml.io.Unmarshaller)
RequestSecurityTokenResponse(org.opensaml.soap.wsfed.RequestSecurityTokenResponse)
Example 2 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cas by apereo.
the class MetadataUIUtils method locateMetadataUserInterfaceForEntityId.
/**
* Locate mdui for entity id simple metadata ui info.
*
* @param entityDescriptor the entity descriptor
* @param entityId the entity id
* @param registeredService the registered service
* @return the simple metadata ui info
*/
public static SamlMetadataUIInfo locateMetadataUserInterfaceForEntityId(final EntityDescriptor entityDescriptor, final String entityId, final RegisteredService registeredService) {
final SamlMetadataUIInfo mdui = new SamlMetadataUIInfo(registeredService);
if (entityDescriptor == null) {
LOGGER.debug("Entity descriptor not found for [{}]", entityId);
return mdui;
}
final SPSSODescriptor spssoDescriptor = getSPSsoDescriptor(entityDescriptor);
if (spssoDescriptor == null) {
LOGGER.debug("SP SSO descriptor not found for [{}]", entityId);
return mdui;
}
final Extensions extensions = spssoDescriptor.getExtensions();
if (extensions == null) {
LOGGER.debug("No extensions in the SP SSO descriptor are found for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
return mdui;
}
final List<XMLObject> spExtensions = extensions.getUnknownXMLObjects(UIInfo.DEFAULT_ELEMENT_NAME);
if (spExtensions.isEmpty()) {
LOGGER.debug("No extensions in the SP SSO descriptor are located for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
return mdui;
}
spExtensions.stream().filter(UIInfo.class::isInstance).forEach(obj -> {
final UIInfo uiInfo = (UIInfo) obj;
LOGGER.debug("Found MDUI info for [{}]", entityId);
mdui.setUIInfo(uiInfo);
});
return mdui;
}
Also used :
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
UIInfo(org.opensaml.saml.ext.saml2mdui.UIInfo)
XMLObject(org.opensaml.core.xml.XMLObject)
Extensions(org.opensaml.saml.saml2.metadata.Extensions)
Example 3 with XMLObject
use of org.opensaml.core.xml.XMLObject in project ddf by codice.
the class PostRequestDecoder method decodeRequest.
@Override
public AuthnRequest decodeRequest(String samlRequest) {
LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
if (StringUtils.isEmpty(samlRequest)) {
throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
}
String decodedRequest = new String(Base64.getMimeDecoder().decode(samlRequest), StandardCharsets.UTF_8);
ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
Document authnDoc;
try {
authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
} catch (Exception ex) {
throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
}
XMLObject authnXmlObj;
try {
authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
} catch (WSSecurityException ex) {
throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
}
LOGGER.debug("Created AuthnRequest object successfully.");
return (AuthnRequest) authnXmlObj;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Document(org.w3c.dom.Document)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 4 with XMLObject
use of org.opensaml.core.xml.XMLObject in project ddf by codice.
the class RedirectRequestDecoder method decodeRequest.
@Override
public AuthnRequest decodeRequest(String samlRequest) {
LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
if (StringUtils.isEmpty(samlRequest)) {
throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
}
String decodedRequest;
try {
decodedRequest = RestSecurity.inflateBase64(samlRequest);
} catch (IOException e) {
throw new IllegalArgumentException("Unable to decode SAMLRequest: base64/inflate.");
}
ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
Document authnDoc;
try {
authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
} catch (Exception ex) {
throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
}
XMLObject authnXmlObj;
try {
authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
} catch (WSSecurityException ex) {
throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
}
LOGGER.debug("Created AuthnRequest object successfully.");
return (AuthnRequest) authnXmlObj;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 5 with XMLObject
use of org.opensaml.core.xml.XMLObject in project verify-hub by alphagov.
the class EidasAttributeStatementAssertionValidatorTest method shouldThrowIfAttributeValueHasInvalidSchemaType.
@Test(expected = SamlTransformationErrorException.class)
public void shouldThrowIfAttributeValueHasInvalidSchemaType() {
XMLObject xmlObject = mock(XMLObject.class);
when(firstName.getAttributeValues()).thenReturn(ImmutableList.of(xmlObject));
when(xmlObject.getSchemaType()).thenReturn(CurrentFamilyName.TYPE_NAME);
validator.validate(assertion);
}Aggregations
XMLObject (org.opensaml.core.xml.XMLObject)68
Element (org.w3c.dom.Element)27
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)21
Document (org.w3c.dom.Document)21
ByteArrayInputStream (java.io.ByteArrayInputStream)19
Attribute (org.opensaml.saml.saml2.core.Attribute)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)10
IOException (java.io.IOException)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)9
ArrayList (java.util.ArrayList)8
Test (org.junit.Test)8
XSString (org.opensaml.core.xml.schema.XSString)7
Assertion (org.opensaml.saml.saml2.core.Assertion)7
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
HashMap (java.util.HashMap)6
List (java.util.List)6
XMLStreamException (javax.xml.stream.XMLStreamException)6
InputStream (java.io.InputStream)5
InputStreamReader (java.io.InputStreamReader)5
LogoutSecurityException (ddf.security.samlp.LogoutSecurityException)4
