Examples with SigningMethod org.opensaml.saml.ext.saml2alg.SigningMethod used on opensource projects
Example 1 with SigningMethod
use of org.opensaml.saml.ext.saml2alg.SigningMethod in project spring-security by spring-projects.
the class OpenSamlMetadataAssertingPartyDetailsConverter method signingMethods.
private List<SigningMethod> signingMethods(IDPSSODescriptor idpssoDescriptor) {
Extensions extensions = idpssoDescriptor.getExtensions();
List<SigningMethod> result = signingMethods(extensions);
if (!result.isEmpty()) {
return result;
}
EntityDescriptor descriptor = (EntityDescriptor) idpssoDescriptor.getParent();
extensions = descriptor.getExtensions();
return signingMethods(extensions);
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Extensions(org.opensaml.saml.saml2.metadata.Extensions)
SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)
Example 2 with SigningMethod
use of org.opensaml.saml.ext.saml2alg.SigningMethod in project midpoint by Evolveum.
the class MidpointAssertingPartyMetadataConverter method convert.
public RelyingPartyRegistration.Builder convert(InputStream inputStream, Saml2ProviderAuthenticationModuleType providerConfig) {
EntityDescriptor descriptor = entityDescriptor(inputStream);
IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpssoDescriptor == null) {
throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
}
List<Saml2X509Credential> verification = new ArrayList<>();
List<Saml2X509Credential> encryption = new ArrayList<>();
for (KeyDescriptor keyDescriptor : idpssoDescriptor.getKeyDescriptors()) {
defineKeys(keyDescriptor, verification, encryption);
}
if (verification.isEmpty()) {
throw new Saml2Exception("Metadata response is missing verification certificates, necessary for verifying SAML assertions");
}
RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(descriptor.getEntityID()).assertingPartyDetails((party) -> party.entityId(descriptor.getEntityID()).wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned())).verificationX509Credentials((c) -> c.addAll(verification)).encryptionX509Credentials((c) -> c.addAll(encryption)));
List<SigningMethod> signingMethods = signingMethods(idpssoDescriptor);
for (SigningMethod method : signingMethods) {
builder.assertingPartyDetails((party) -> party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm())));
}
defineSingleSingOnService(idpssoDescriptor, providerConfig.getAuthenticationRequestBinding(), builder);
defineSingleLogoutService(idpssoDescriptor, builder);
return builder;
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
X509Certificate(java.security.cert.X509Certificate)
UsageType(org.opensaml.security.credential.UsageType)
OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService)
Unmarshaller(org.opensaml.core.xml.io.Unmarshaller)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
ConfigurationService(org.opensaml.core.config.ConfigurationService)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
CertificateException(java.security.cert.CertificateException)
StringUtils(org.apache.commons.lang3.StringUtils)
XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry)
KeyInfoSupport(org.opensaml.xmlsec.keyinfo.KeyInfoSupport)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
ArrayList(java.util.ArrayList)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
ParserPool(net.shibboleth.utilities.java.support.xml.ParserPool)
List(java.util.List)
org.opensaml.saml.saml2.metadata(org.opensaml.saml.saml2.metadata)
SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
XMLObject(org.opensaml.core.xml.XMLObject)
SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants)
Saml2ProviderAuthenticationModuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.Saml2ProviderAuthenticationModuleType)
InputStream(java.io.InputStream)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
ArrayList(java.util.ArrayList)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)
Example 3 with SigningMethod
use of org.opensaml.saml.ext.saml2alg.SigningMethod in project spring-security by spring-projects.
the class OpenSamlMetadataAssertingPartyDetailsConverter method convert.
RelyingPartyRegistration.AssertingPartyDetails.Builder convert(EntityDescriptor descriptor) {
IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpssoDescriptor == null) {
throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
}
List<Saml2X509Credential> verification = new ArrayList<>();
List<Saml2X509Credential> encryption = new ArrayList<>();
for (KeyDescriptor keyDescriptor : idpssoDescriptor.getKeyDescriptors()) {
if (keyDescriptor.getUse().equals(UsageType.SIGNING)) {
List<X509Certificate> certificates = certificates(keyDescriptor);
for (X509Certificate certificate : certificates) {
verification.add(Saml2X509Credential.verification(certificate));
}
}
if (keyDescriptor.getUse().equals(UsageType.ENCRYPTION)) {
List<X509Certificate> certificates = certificates(keyDescriptor);
for (X509Certificate certificate : certificates) {
encryption.add(Saml2X509Credential.encryption(certificate));
}
}
if (keyDescriptor.getUse().equals(UsageType.UNSPECIFIED)) {
List<X509Certificate> certificates = certificates(keyDescriptor);
for (X509Certificate certificate : certificates) {
verification.add(Saml2X509Credential.verification(certificate));
encryption.add(Saml2X509Credential.encryption(certificate));
}
}
}
if (verification.isEmpty()) {
throw new Saml2Exception("Metadata response is missing verification certificates, necessary for verifying SAML assertions");
}
RelyingPartyRegistration.AssertingPartyDetails.Builder party = OpenSamlAssertingPartyDetails.withEntityDescriptor(descriptor).entityId(descriptor.getEntityID()).wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned())).verificationX509Credentials((c) -> c.addAll(verification)).encryptionX509Credentials((c) -> c.addAll(encryption));
List<SigningMethod> signingMethods = signingMethods(idpssoDescriptor);
for (SigningMethod method : signingMethods) {
party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm()));
}
if (idpssoDescriptor.getSingleSignOnServices().isEmpty()) {
throw new Saml2Exception("Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
}
for (SingleSignOnService singleSignOnService : idpssoDescriptor.getSingleSignOnServices()) {
Saml2MessageBinding binding;
if (singleSignOnService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
binding = Saml2MessageBinding.POST;
} else if (singleSignOnService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
binding = Saml2MessageBinding.REDIRECT;
} else {
continue;
}
party.singleSignOnServiceLocation(singleSignOnService.getLocation()).singleSignOnServiceBinding(binding);
break;
}
for (SingleLogoutService singleLogoutService : idpssoDescriptor.getSingleLogoutServices()) {
Saml2MessageBinding binding;
if (singleLogoutService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
binding = Saml2MessageBinding.POST;
} else if (singleLogoutService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
binding = Saml2MessageBinding.REDIRECT;
} else {
continue;
}
String responseLocation = (singleLogoutService.getResponseLocation() == null) ? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation();
party.singleLogoutServiceLocation(singleLogoutService.getLocation()).singleLogoutServiceResponseLocation(responseLocation).singleLogoutServiceBinding(binding);
break;
}
return party;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
Arrays(java.util.Arrays)
OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry)
Extensions(org.opensaml.saml.saml2.metadata.Extensions)
ArrayList(java.util.ArrayList)
SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
Document(org.w3c.dom.Document)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
XMLObject(org.opensaml.core.xml.XMLObject)
SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants)
EntitiesDescriptor(org.opensaml.saml.saml2.metadata.EntitiesDescriptor)
UsageType(org.opensaml.security.credential.UsageType)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
Collection(java.util.Collection)
Unmarshaller(org.opensaml.core.xml.io.Unmarshaller)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
ConfigurationService(org.opensaml.core.config.ConfigurationService)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
CertificateException(java.security.cert.CertificateException)
KeyInfoSupport(org.opensaml.xmlsec.keyinfo.KeyInfoSupport)
ParserPool(net.shibboleth.utilities.java.support.xml.ParserPool)
List(java.util.List)
Element(org.w3c.dom.Element)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
InputStream(java.io.InputStream)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
ArrayList(java.util.ArrayList)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
X509Certificate(java.security.cert.X509Certificate)
SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)
Aggregations
SigningMethod (org.opensaml.saml.ext.saml2alg.SigningMethod)3
InputStream (java.io.InputStream)2
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
ParserPool (net.shibboleth.utilities.java.support.xml.ParserPool)2
ConfigurationService (org.opensaml.core.config.ConfigurationService)2
XMLObject (org.opensaml.core.xml.XMLObject)2
XMLObjectProviderRegistry (org.opensaml.core.xml.config.XMLObjectProviderRegistry)2
Unmarshaller (org.opensaml.core.xml.io.Unmarshaller)2
SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)2
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)2
Extensions (org.opensaml.saml.saml2.metadata.Extensions)2
UsageType (org.opensaml.security.credential.UsageType)2
KeyInfoSupport (org.opensaml.xmlsec.keyinfo.KeyInfoSupport)2
Saml2Exception (org.springframework.security.saml2.Saml2Exception)2
OpenSamlInitializationService (org.springframework.security.saml2.core.OpenSamlInitializationService)2
Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)2
Document (org.w3c.dom.Document)2
