Example 11 with Response
use of org.opensaml.saml.saml1.core.Response in project cas by apereo.
the class AbstractSaml10ResponseView method renderMergedOutputModel.
@Override
protected void renderMergedOutputModel(final Map<String, Object> model, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
String serviceId = null;
try {
response.setCharacterEncoding(this.encoding);
final WebApplicationService service = this.samlArgumentExtractor.extractService(request);
if (service == null || StringUtils.isBlank(service.getId())) {
serviceId = "UNKNOWN";
} else {
try {
serviceId = new URL(service.getId()).getHost();
} catch (final MalformedURLException e) {
LOGGER.debug(e.getMessage(), e);
}
}
LOGGER.debug("Using [{}] as the recipient of the SAML response for [{}]", serviceId, service);
final Response samlResponse = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), ZonedDateTime.now(ZoneOffset.UTC).minusSeconds(this.skewAllowance), serviceId, service);
LOGGER.debug("Created SAML response for service [{}]", serviceId);
prepareResponse(samlResponse, model);
LOGGER.debug("Starting to encode SAML response for service [{}]", serviceId);
this.samlObjectBuilder.encodeSamlResponse(response, request, samlResponse);
} catch (final Exception e) {
LOGGER.error("Error generating SAML response for service [{}].", serviceId, e);
throw e;
}
}
Also used :
Response(org.opensaml.saml.saml1.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
MalformedURLException(java.net.MalformedURLException)
URL(java.net.URL)
MalformedURLException(java.net.MalformedURLException)
Example 12 with Response
use of org.opensaml.saml.saml1.core.Response in project cas by apereo.
the class Saml10SuccessResponseView method prepareResponse.
@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
final ZonedDateTime issuedAt = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
final Service service = getAssertionFrom(model).getService();
LOGGER.debug("Preparing SAML response for service [{}]", service);
final Authentication authentication = getPrimaryAuthenticationFrom(model);
final Collection<Object> authnMethods = CollectionUtils.toCollection(authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
LOGGER.debug("Authentication methods found are [{}]", authnMethods);
final Principal principal = getPrincipal(model);
final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement(authentication.getAuthenticationDate(), authnMethods, principal.getId());
LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, authentication.getAuthenticationDate());
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId());
LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, issuedAt);
final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.skewAllowance);
assertion.setConditions(conditions);
LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
final Subject subject = this.samlObjectBuilder.newSubject(principal.getId());
LOGGER.debug("Built subject for principal [{}]", principal);
final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service);
LOGGER.debug("Authentication statement shall include these attributes [{}]", attributesToSend);
if (!attributesToSend.isEmpty()) {
assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(subject, attributesToSend, this.defaultAttributeNamespace));
}
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
LOGGER.debug("Set response status code to [{}]", response.getStatus());
response.getAssertions().add(assertion);
}
Also used :
ZonedDateTime(java.time.ZonedDateTime)
Authentication(org.apereo.cas.authentication.Authentication)
Assertion(org.opensaml.saml.saml1.core.Assertion)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
Principal(org.apereo.cas.authentication.principal.Principal)
AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)
Conditions(org.opensaml.saml.saml1.core.Conditions)
Subject(org.opensaml.saml.saml1.core.Subject)
Example 13 with Response
use of org.opensaml.saml.saml1.core.Response in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newResponse.
/**
* Create a new SAML response object.
*
* @param id the id
* @param issueInstant the issue instant
* @param recipient the recipient
* @param service the service
* @return the response
*/
public Response newResponse(final String id, final ZonedDateTime issueInstant, final String recipient, final WebApplicationService service) {
final Response samlResponse = newSamlObject(Response.class);
samlResponse.setID(id);
samlResponse.setIssueInstant(DateTimeUtils.dateTimeOf(issueInstant));
samlResponse.setVersion(SAMLVersion.VERSION_20);
setInResponseToForSamlResponseIfNeeded(service, samlResponse);
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
Example 14 with Response
use of org.opensaml.saml.saml1.core.Response in project cloudstack by apache.
the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.
private Response buildMockResponse() throws Exception {
Response samlMessage = new ResponseBuilder().buildObject();
samlMessage.setID("foo");
samlMessage.setVersion(SAMLVersion.VERSION_20);
samlMessage.setIssueInstant(new DateTime(0));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("MockedIssuer");
samlMessage.setIssuer(issuer);
Status status = new StatusBuilder().buildObject();
StatusCode statusCode = new StatusCodeBuilder().buildObject();
statusCode.setValue(StatusCode.SUCCESS_URI);
status.setStatusCode(statusCode);
samlMessage.setStatus(status);
Assertion assertion = new AssertionBuilder().buildObject();
Subject subject = new SubjectBuilder().buildObject();
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue("SOME-UNIQUE-ID");
nameID.setFormat(NameIDType.PERSISTENT);
subject.setNameID(nameID);
assertion.setSubject(subject);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setSessionIndex("Some Session String");
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
assertion.getAttributeStatements().add(attributeStatement);
samlMessage.getAssertions().add(assertion);
return samlMessage;
}
Also used :
Status(org.opensaml.saml2.core.Status)
AttributeStatementBuilder(org.opensaml.saml2.core.impl.AttributeStatementBuilder)
StatusCodeBuilder(org.opensaml.saml2.core.impl.StatusCodeBuilder)
Issuer(org.opensaml.saml2.core.Issuer)
NameID(org.opensaml.saml2.core.NameID)
Assertion(org.opensaml.saml2.core.Assertion)
AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder)
AuthnStatementBuilder(org.opensaml.saml2.core.impl.AuthnStatementBuilder)
StatusCode(org.opensaml.saml2.core.StatusCode)
DateTime(org.joda.time.DateTime)
Subject(org.opensaml.saml2.core.Subject)
Response(org.opensaml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder)
AttributeStatement(org.opensaml.saml2.core.AttributeStatement)
AuthnStatement(org.opensaml.saml2.core.AuthnStatement)
StatusBuilder(org.opensaml.saml2.core.impl.StatusBuilder)
IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder)
ResponseBuilder(org.opensaml.saml2.core.impl.ResponseBuilder)
SubjectBuilder(org.opensaml.saml2.core.impl.SubjectBuilder)
Example 15 with Response
use of org.opensaml.saml.saml1.core.Response in project cloudstack by apache.
the class SAML2LogoutAPIAuthenticatorCmd method authenticate.
@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
auditTrailSb.append("=== SAML SLO Logging out ===");
LogoutCmdResponse response = new LogoutCmdResponse();
response.setDescription("success");
response.setResponseName(getCommandName());
String responseString = ApiResponseSerializer.toSerializedString(response, responseType);
if (session == null) {
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] sending redirected failed.", ignored);
}
return responseString;
}
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException | FactoryConfigurationError e) {
s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
}
if (params != null && params.containsKey("SAMLResponse")) {
try {
final String samlResponse = ((String[]) params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse);
String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(), "SAML SLO LogoutResponse status is not Success", params, responseType));
}
} catch (ConfigurationException | FactoryConfigurationError | ParserConfigurationException | SAXException | IOException | UnmarshallingException e) {
s_logger.error("SAMLResponse processing error: " + e.getMessage());
}
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] second redirected sending failed.", ignored);
}
return responseString;
}
String idpId = (String) session.getAttribute(SAMLPluginConstants.SAML_IDPID);
SAMLProviderMetadata idpMetadata = _samlAuthManager.getIdPMetadata(idpId);
String nameId = (String) session.getAttribute(SAMLPluginConstants.SAML_NAMEID);
if (idpMetadata == null || nameId == null || nameId.isEmpty()) {
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] final redirected failed.", ignored);
}
return responseString;
}
LogoutRequest logoutRequest = SAMLUtils.buildLogoutRequest(idpMetadata.getSloUrl(), _samlAuthManager.getSPMetadata().getEntityId(), nameId);
try {
String redirectUrl = idpMetadata.getSloUrl() + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(logoutRequest);
resp.sendRedirect(redirectUrl);
} catch (MarshallingException | IOException e) {
s_logger.error("SAML SLO error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "SAML Single Logout Error", params, responseType));
}
return responseString;
}
Also used :
IOException(java.io.IOException)
SAXException(org.xml.sax.SAXException)
Response(org.opensaml.saml2.core.Response)
LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
LogoutRequest(org.opensaml.saml2.core.LogoutRequest)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata)
LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
UnmarshallingException(org.opensaml.xml.io.UnmarshallingException)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)9
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
Response (org.opensaml.saml2.core.Response)5
Document (org.w3c.dom.Document)4
Element (org.w3c.dom.Element)4
IOException (java.io.IOException)3
LoginCmdResponse (org.apache.cloudstack.api.response.LoginCmdResponse)3
DateTime (org.joda.time.DateTime)3
Assertion (org.opensaml.saml.saml1.core.Assertion)3
Assertion (org.opensaml.saml.saml2.core.Assertion)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
X509Certificate (java.security.cert.X509Certificate)2
ServletResponse (javax.servlet.ServletResponse)2
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2
FactoryConfigurationError (javax.xml.stream.FactoryConfigurationError)2
ServerApiException (org.apache.cloudstack.api.ServerApiException)2
SAMLProviderMetadata (org.apache.cloudstack.saml.SAMLProviderMetadata)2
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)2
Response (org.opensaml.saml.saml1.core.Response)2
CloudAuthenticationException (com.cloud.exception.CloudAuthenticationException)1
