use of org.opensaml.saml.metadata.resolver.filter.MetadataFilter in project cas by apereo.
the class ChainingMetadataResolverCacheLoader method buildMetadataFilters.
/**
* Build metadata filters.
*
* @param service the service
* @param metadataProvider the metadata provider
* @throws Exception the exception
*/
protected void buildMetadataFilters(final SamlRegisteredService service, final AbstractMetadataResolver metadataProvider) throws Exception {
final List<MetadataFilter> metadataFilterList = new ArrayList<>();
buildRequiredValidUntilFilterIfNeeded(service, metadataFilterList);
buildSignatureValidationFilterIfNeeded(service, metadataFilterList);
buildEntityRoleFilterIfNeeded(service, metadataFilterList);
buildPredicateFilterIfNeeded(service, metadataFilterList);
if (!metadataFilterList.isEmpty()) {
final MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
metadataFilterChain.setFilters(metadataFilterList);
LOGGER.debug("Metadata filter chain initialized with [{}] filters", metadataFilterList.size());
metadataProvider.setMetadataFilter(metadataFilterChain);
}
}
use of org.opensaml.saml.metadata.resolver.filter.MetadataFilter in project cas by apereo.
the class SamlMetadataUIConfiguration method configureResource.
private static void configureResource(final ConfigurableApplicationContext applicationContext, final Map<Resource, MetadataFilterChain> resources, final MetadataFilterChain chain, final String resourceArray, final CasConfigurationProperties casProperties) {
val splitArray = org.springframework.util.StringUtils.commaDelimitedListToStringArray(resourceArray);
Arrays.stream(splitArray).forEach(Unchecked.consumer(entry -> {
val arr = Splitter.on(DEFAULT_SEPARATOR).splitToList(entry);
val metadataFile = arr.get(0);
val signingKey = arr.size() > 1 ? arr.get(1) : null;
val filters = new ArrayList<MetadataFilter>();
if (casProperties.getSamlMetadataUi().getMaxValidity() > 0) {
val filter = new RequiredValidUntilFilter();
filter.setMaxValidityInterval(Duration.ofSeconds(casProperties.getSamlMetadataUi().getMaxValidity()));
filters.add(filter);
}
var addResource = true;
if (StringUtils.isNotBlank(signingKey)) {
val sigFilter = SamlUtils.buildSignatureValidationFilter(applicationContext, signingKey);
if (sigFilter != null) {
sigFilter.setRequireSignedRoot(casProperties.getSamlMetadataUi().isRequireSignedRoot());
filters.add(sigFilter);
} else {
LOGGER.warn("Failed to locate the signing key [{}] for [{}]", signingKey, metadataFile);
addResource = false;
}
}
chain.setFilters(filters);
val resource = applicationContext.getResource(metadataFile);
if (addResource && ResourceUtils.doesResourceExist(resource)) {
resources.put(resource, chain);
} else {
LOGGER.warn("Skipping metadata [{}]; Either the resource cannot be retrieved or its signing key is missing", metadataFile);
}
}));
}
Aggregations