Examples with SAMLException org.opensaml.saml.common.SAMLException used on opensource projects

Example 1 with SAMLException

use of org.opensaml.saml.common.SAMLException in project cas by apereo.

the class AbstractSamlProfileHandlerController method decodeSamlContextFromHttpRequest.

/**
     * Decode authentication request saml object.
     *
     * @param request the request
     * @param decoder the decoder
     * @param clazz   the clazz
     * @return the saml object
     */
protected Pair<? extends SignableSAMLObject, MessageContext> decodeSamlContextFromHttpRequest(final HttpServletRequest request, final BaseHttpServletRequestXMLMessageDecoder decoder, final Class<? extends SignableSAMLObject> clazz) {
    LOGGER.info("Received SAML profile request [{}]", request.getRequestURI());
    try {
        decoder.setHttpServletRequest(request);
        decoder.setParserPool(this.parserPool);
        decoder.initialize();
        decoder.decode();
        final MessageContext messageContext = decoder.getMessageContext();
        final SignableSAMLObject object = (SignableSAMLObject) messageContext.getMessage();
        if (object == null) {
            throw new SAMLException("No " + clazz.getName() + " could be found in this request context. Decoder has failed.");
        }
        if (!clazz.isAssignableFrom(object.getClass())) {
            throw new ClassCastException("SAML object [" + object.getClass().getName() + " type does not match " + clazz);
        }
        LOGGER.debug("Decoded SAML object [{}] from http request", object.getElementQName());
        return Pair.of(object, messageContext);
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
}

Example 2 with SAMLException

use of org.opensaml.saml.common.SAMLException in project cas by apereo.

the class BaseSamlObjectSigner method encode.

/**
     * Encode a given saml object by invoking a number of outbound security handlers on the context.
     *
     * @param <T>        the type parameter
     * @param samlObject the saml object
     * @param service    the service
     * @param adaptor    the adaptor
     * @param response   the response
     * @param request    the request
     * @return the t
     * @throws SamlException the saml exception
     */
public <T extends SAMLObject> T encode(final T samlObject, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletResponse response, final HttpServletRequest request) throws SamlException {
    try {
        LOGGER.debug("Attempting to encode [{}] for [{}]", samlObject.getClass().getName(), adaptor.getEntityId());
        final MessageContext<T> outboundContext = new MessageContext<>();
        prepareOutboundContext(samlObject, adaptor, outboundContext);
        prepareSecurityParametersContext(adaptor, outboundContext);
        prepareEndpointURLSchemeSecurityHandler(outboundContext);
        prepareSamlOutboundDestinationHandler(outboundContext);
        prepareSamlOutboundProtocolMessageSigningHandler(outboundContext);
        return samlObject;
    } catch (final Exception e) {
        throw new SamlException(e.getMessage(), e);
    }
}

Example 3 with SAMLException

use of org.opensaml.saml.common.SAMLException in project cas by apereo.

the class AbstractSamlSLOProfileHandlerController method handleLogoutRequest.

private void handleLogoutRequest(final HttpServletResponse response, final HttpServletRequest request, final Pair<? extends SignableSAMLObject, MessageContext> pair) throws Exception {
    val configContext = getConfigurationContext();
    val logout = configContext.getCasProperties().getAuthn().getSamlIdp().getLogout();
    val logoutRequest = (LogoutRequest) pair.getKey();
    val ctx = pair.getValue();
    if (logout.isForceSignedLogoutRequests() && !SAMLBindingSupport.isMessageSigned(ctx)) {
        throw new SAMLException("Logout request is not signed but should be.");
    }
    val entityId = SamlIdPUtils.getIssuerFromSamlObject(logoutRequest);
    LOGGER.trace("SAML logout request from entity id [{}] is signed", entityId);
    val service = configContext.getWebApplicationServiceFactory().createService(entityId);
    service.getAttributes().put(SamlProtocolConstants.PARAMETER_ENTITY_ID, CollectionUtils.wrapList(entityId));
    val registeredService = configContext.getServicesManager().findServiceBy(service, SamlRegisteredService.class);
    LOGGER.trace("SAML registered service tied to [{}] is [{}]", entityId, registeredService);
    val facade = SamlRegisteredServiceServiceProviderMetadataFacade.get(configContext.getSamlRegisteredServiceCachingMetadataResolver(), registeredService, entityId).get();
    if (SAMLBindingSupport.isMessageSigned(ctx)) {
        LOGGER.trace("Verifying signature on the SAML logout request for [{}]", entityId);
        configContext.getSamlObjectSignatureValidator().verifySamlProfileRequestIfNeeded(logoutRequest, facade, request, ctx);
    }
    SamlUtils.logSamlObject(configContext.getOpenSamlConfigBean(), logoutRequest);
    val logoutUrls = SingleLogoutUrl.from(registeredService);
    if (!logoutUrls.isEmpty()) {
        val destination = logoutUrls.iterator().next().getUrl();
        WebUtils.putLogoutRedirectUrl(request, destination);
    }
    WebUtils.putRegisteredService(request, registeredService);
    try (val writer = SamlUtils.transformSamlObject(configurationContext.getOpenSamlConfigBean(), logoutRequest)) {
        val encodedRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
        WebUtils.putSingleLogoutRequest(request, encodedRequest);
    }
    request.getServletContext().getRequestDispatcher(CasProtocolConstants.ENDPOINT_LOGOUT).forward(request, response);
}

Example 4 with SAMLException

use of org.opensaml.saml.common.SAMLException in project cas by apereo.

the class BaseSamlObjectSigner method buildSignatureSigningParameters.

/**
     * Build signature signing parameters signature signing parameters.
     *
     * @param descriptor the descriptor
     * @return the signature signing parameters
     * @throws SAMLException the saml exception
     */
protected SignatureSigningParameters buildSignatureSigningParameters(final RoleDescriptor descriptor) throws SAMLException {
    try {
        final CriteriaSet criteria = new CriteriaSet();
        criteria.add(new SignatureSigningConfigurationCriterion(getSignatureSigningConfiguration()));
        criteria.add(new RoleDescriptorCriterion(descriptor));
        final SAMLMetadataSignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
        LOGGER.debug("Resolving signature signing parameters for [{}]", descriptor.getElementQName().getLocalPart());
        final SignatureSigningParameters params = resolver.resolveSingle(criteria);
        if (params == null) {
            throw new SAMLException("No signature signing parameter is available");
        }
        LOGGER.debug("Created signature signing parameters." + "\nSignature algorithm: [{}]" + "\nSignature canonicalization algorithm: [{}]" + "\nSignature reference digest methods: [{}]", params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(), params.getSignatureReferenceDigestMethod());
        return params;
    } catch (final Exception e) {
        throw new SAMLException(e.getMessage(), e);
    }
}