Search in sources :

Example 36 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class SamlProfileSamlAssertionBuilder method build.

@Override
public Assertion build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final List<Statement> statements = new ArrayList<>();
    final AuthnStatement authnStatement = this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
    statements.add(authnStatement);
    final AttributeStatement attrStatement = this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
    if (!attrStatement.getAttributes().isEmpty() || !attrStatement.getEncryptedAttributes().isEmpty()) {
        statements.add(attrStatement);
    }
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
    assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
    assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
    signAssertion(assertion, request, response, service, adaptor, binding);
    return assertion;
}
Also used : AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Statement(org.opensaml.saml.saml2.core.Statement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) ArrayList(java.util.ArrayList) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) Assertion(org.opensaml.saml.saml2.core.Assertion)

Example 37 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method build.

@Audit(action = "SAML2_RESPONSE", actionResolverName = "SAML2_RESPONSE_ACTION_RESOLVER", resourceResolverName = "SAML2_RESPONSE_RESOURCE_RESOLVER")
@Override
public T build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor, binding);
    final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response, binding);
    return encodeFinalResponse(request, response, service, adaptor, finalResponse, binding, authnRequest, casAssertion);
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Audit(org.apereo.inspektr.audit.annotation.Audit)

Example 38 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class WsFederationAction method handleWsFederationAuthenticationRequest.

private Event handleWsFederationAuthenticationRequest(final RequestContext context) {
    final Service service = wsFederationCookieManager.retrieve(context);
    LOGGER.debug("Retrieved service [{}] from the session cookie", service);
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final String wResult = request.getParameter(WRESULT);
    LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
    if (StringUtils.isBlank(wResult)) {
        LOGGER.error("No [{}] parameter is found", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to create an assertion from the token parameter");
    final RequestedSecurityToken rsToken = this.wsFederationHelper.getRequestSecurityTokenFromResult(wResult);
    final Pair<Assertion, WsFederationConfiguration> assertion = this.wsFederationHelper.buildAndVerifyAssertion(rsToken, configurations);
    if (assertion == null) {
        LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to validate the signature on the assertion");
    if (!this.wsFederationHelper.validateSignature(assertion)) {
        final String msg = "WS Requested Security Token is blank or the signature is not valid.";
        LOGGER.error(msg);
        throw new IllegalArgumentException(msg);
    }
    return buildCredentialsFromAssertion(context, assertion, service);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RequestedSecurityToken(org.opensaml.soap.wsfed.RequestedSecurityToken) Assertion(org.opensaml.saml.saml1.core.Assertion) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) Service(org.apereo.cas.authentication.principal.Service) WsFederationConfiguration(org.apereo.cas.support.wsfederation.WsFederationConfiguration)

Example 39 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class Saml10ObjectBuilder method newAssertion.

/**
 * Create a new SAML1 response object.
 *
 * @param authnStatement the authn statement
 * @param issuer         the issuer
 * @param issuedAt       the issued at
 * @param id             the id
 * @return the assertion
 */
public Assertion newAssertion(final AuthenticationStatement authnStatement, final String issuer, final ZonedDateTime issuedAt, final String id) {
    final Assertion assertion = newSamlObject(Assertion.class);
    assertion.setID(id);
    assertion.setIssueInstant(DateTimeUtils.dateTimeOf(issuedAt));
    assertion.setIssuer(issuer);
    assertion.getAuthenticationStatements().add(authnStatement);
    return assertion;
}
Also used : Assertion(org.opensaml.saml.saml1.core.Assertion)

Example 40 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class Saml10SuccessResponseView method prepareResponse.

@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
    final ZonedDateTime issuedAt = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
    final Service service = getAssertionFrom(model).getService();
    LOGGER.debug("Preparing SAML response for service [{}]", service);
    final Authentication authentication = getPrimaryAuthenticationFrom(model);
    final Collection<Object> authnMethods = CollectionUtils.toCollection(authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
    LOGGER.debug("Authentication methods found are [{}]", authnMethods);
    final Principal principal = getPrincipal(model);
    final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement(authentication.getAuthenticationDate(), authnMethods, principal.getId());
    LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, authentication.getAuthenticationDate());
    final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId());
    LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, issuedAt);
    final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.issueLength);
    assertion.setConditions(conditions);
    LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
    final Subject subject = this.samlObjectBuilder.newSubject(principal.getId());
    LOGGER.debug("Built subject for principal [{}]", principal);
    final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service);
    LOGGER.debug("Authentication statement shall include these attributes [{}]", attributesToSend);
    if (!attributesToSend.isEmpty()) {
        assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(subject, attributesToSend, this.defaultAttributeNamespace));
    }
    response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
    LOGGER.debug("Set response status code to [{}]", response.getStatus());
    response.getAssertions().add(assertion);
}
Also used : ZonedDateTime(java.time.ZonedDateTime) Authentication(org.apereo.cas.authentication.Authentication) Assertion(org.opensaml.saml.saml1.core.Assertion) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) Principal(org.apereo.cas.authentication.principal.Principal) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement) Conditions(org.opensaml.saml.saml1.core.Conditions) Subject(org.opensaml.saml.saml1.core.Subject)

Aggregations

Assertion (org.opensaml.saml.saml2.core.Assertion)33 Test (org.junit.Test)16 Assertion (org.opensaml.saml.saml1.core.Assertion)13 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)9 Response (org.opensaml.saml.saml2.core.Response)8 DateTime (org.joda.time.DateTime)6 Assertion (org.opensaml.saml2.core.Assertion)6 Element (org.w3c.dom.Element)6 PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)6 Subject (org.opensaml.saml.saml2.core.Subject)5 MetricRegistry (com.codahale.metrics.MetricRegistry)4 ZonedDateTime (java.time.ZonedDateTime)4 ArrayList (java.util.ArrayList)4 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4 Credential (org.apache.wss4j.dom.validate.Credential)4 Service (org.apereo.cas.authentication.principal.Service)4 RegisteredService (org.apereo.cas.services.RegisteredService)4 WsFederationCredential (org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential)4 XMLObject (org.opensaml.core.xml.XMLObject)4