Example 1 with SAMLPeerEntityContext
use of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext in project cas by apereo.
the class SamlIdPUtils method preparePeerEntitySamlEndpointContext.
/**
* Prepare peer entity saml endpoint.
*
* @param outboundContext the outbound context
* @param adaptor the adaptor
* @throws SamlException the saml exception
*/
public static void preparePeerEntitySamlEndpointContext(final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final List<AssertionConsumerService> assertionConsumerServices = adaptor.getAssertionConsumerServices();
if (assertionConsumerServices.isEmpty()) {
throw new SamlException("No assertion consumer service could be found for entity " + adaptor.getEntityId());
}
final SAMLPeerEntityContext peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true);
if (peerEntityContext == null) {
throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + adaptor.getEntityId());
}
final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
if (endpointContext == null) {
throw new SamlException("SAMLEndpointContext could not be defined for entity " + adaptor.getEntityId());
}
final Endpoint endpoint = assertionConsumerServices.get(0);
if (StringUtils.isBlank(endpoint.getBinding()) || StringUtils.isBlank(endpoint.getLocation())) {
throw new SamlException("Assertion consumer service does not define a binding or location for " + adaptor.getEntityId());
}
LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding());
endpointContext.setEndpoint(endpoint);
}
Also used :
SAMLEndpointContext(org.opensaml.saml.common.messaging.context.SAMLEndpointContext)
Endpoint(org.opensaml.saml.saml2.metadata.Endpoint)
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Example 2 with SAMLPeerEntityContext
use of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method validateAssertionSignature.
/**
* Validate assertion signature. If none is found and the SAML response did not have one and the SP requires
* the assertions to be signed, the validation fails.
*
* @param signature the signature
* @param context the context
* @param engine the engine
*/
protected final void validateAssertionSignature(final Signature signature, final SAML2MessageContext context, final SignatureTrustEngine engine) {
final SAMLPeerEntityContext peerContext = context.getSAMLPeerEntityContext();
if (signature != null) {
final String entityId = peerContext.getEntityId();
validateSignature(signature, entityId, engine);
} else {
if (wantsAssertionsSigned(context) && !peerContext.isAuthenticated()) {
throw new SAMLSignatureRequiredException("Assertion or response must be signed");
}
}
}
Also used :
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
SAMLSignatureRequiredException(org.pac4j.saml.exceptions.SAMLSignatureRequiredException)
Example 3 with SAMLPeerEntityContext
use of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext in project pac4j by pac4j.
the class SAML2DefaultResponseValidatorTests method testAssertionWithoutSignatureThrowsException.
@Test(expected = SAMLException.class)
public void testAssertionWithoutSignatureThrowsException() {
SAML2DefaultResponseValidator validator = createResponseValidatorWithSigningValidationOf(true);
SAML2MessageContext context = new SAML2MessageContext();
SAMLPeerEntityContext peerEntityContext = new SAMLPeerEntityContext();
peerEntityContext.setAuthenticated(false);
context.addSubcontext(peerEntityContext);
validator.validateAssertionSignature(null, context, null);
}
Also used :
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
Test(org.junit.Test)
Example 4 with SAMLPeerEntityContext
use of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext in project pac4j by pac4j.
the class SAML2DefaultResponseValidatorTests method testAssertionWithoutSignatureDoesNotThrowException.
@Test
public void testAssertionWithoutSignatureDoesNotThrowException() {
SAML2DefaultResponseValidator validator = createResponseValidatorWithSigningValidationOf(false);
SAML2MessageContext context = new SAML2MessageContext();
SAMLPeerEntityContext peerEntityContext = new SAMLPeerEntityContext();
peerEntityContext.setAuthenticated(false);
context.addSubcontext(peerEntityContext);
validator.validateAssertionSignature(null, context, null);
// expected no exceptions
}
Also used :
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
Test(org.junit.Test)
Example 5 with SAMLPeerEntityContext
use of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext in project pac4j by pac4j.
the class SAML2ContextProvider method addIDPContext.
protected final void addIDPContext(final SAML2MessageContext context) {
final SAMLPeerEntityContext peerContext = context.getSAMLPeerEntityContext();
peerContext.setEntityId(this.idpEntityId.getEntityId());
peerContext.setRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
addContext(this.idpEntityId, peerContext, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
Also used :
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
Aggregations
SAMLPeerEntityContext (org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)9
SAML2MessageContext (org.pac4j.saml.context.SAML2MessageContext)3
Test (org.junit.Test)2
SAMLEndpointContext (org.opensaml.saml.common.messaging.context.SAMLEndpointContext)2
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2
Endpoint (org.opensaml.saml.saml2.metadata.Endpoint)2
SAMLSignatureRequiredException (org.pac4j.saml.exceptions.SAMLSignatureRequiredException)2
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
SamlException (org.apereo.cas.support.saml.SamlException)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
SAMLBindingContext (org.opensaml.saml.common.messaging.context.SAMLBindingContext)1
SAMLProtocolContext (org.opensaml.saml.common.messaging.context.SAMLProtocolContext)1
EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1
SAML2HTTPRedirectDeflateSignatureSecurityHandler (org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler)1
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)1
RoleDescriptor (org.opensaml.saml.saml2.metadata.RoleDescriptor)1
MetadataCredentialResolver (org.opensaml.saml.security.impl.MetadataCredentialResolver)1
Credential (org.opensaml.security.credential.Credential)1
CredentialResolver (org.opensaml.security.credential.CredentialResolver)1
StaticCredentialResolver (org.opensaml.security.credential.impl.StaticCredentialResolver)1
