Examples with Artifact org.opensaml.saml.saml2.core.Artifact used on opensource projects

Example 1 with Artifact

use of org.opensaml.saml.saml2.core.Artifact in project cas by apereo.

the class SamlProfileArtifactResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final SamlProfileBuilderContext context) throws Exception {
    val ticket = (SamlArtifactTicket) context.getAuthenticatedAssertion().getAttributes().get("artifact");
    val artifactResponse = new ArtifactResponseBuilder().buildObject();
    artifactResponse.setIssueInstant(ZonedDateTime.now(ZoneOffset.UTC).toInstant());
    artifactResponse.setIssuer(newIssuer(ticket.getIssuer()));
    artifactResponse.setInResponseTo(ticket.getRelyingPartyId());
    artifactResponse.setID(ticket.getId());
    artifactResponse.setStatus(newStatus(StatusCode.SUCCESS, "Success"));
    val samlResponse = SamlUtils.transformSamlObject(openSamlConfigBean, ticket.getObject(), SAMLObject.class);
    artifactResponse.setMessage(samlResponse);
    val header = SamlUtils.newSoapObject(Header.class);
    val body = SamlUtils.newSoapObject(Body.class);
    body.getUnknownXMLObjects().add(artifactResponse);
    val envelope = SamlUtils.newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.openSamlConfigBean, envelope);
    return envelope;
}

Example 2 with Artifact

use of org.opensaml.saml.saml2.core.Artifact in project cas by apereo.

the class SamlIdPSaml1ArtifactResolutionProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 * @throws Exception the exception
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    val ctx = decodeSoapRequest(request);
    val artifactMsg = (ArtifactResolve) ctx.getMessage();
    try {
        val issuer = Objects.requireNonNull(artifactMsg).getIssuer().getValue();
        val registeredService = verifySamlRegisteredService(issuer);
        val adaptor = getSamlMetadataFacadeFor(registeredService, artifactMsg);
        if (adaptor.isEmpty()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        val facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade, registeredService);
        val artifactId = artifactMsg.getArtifact().getValue();
        val factory = (SamlArtifactTicketFactory) getConfigurationContext().getTicketFactory().get(SamlArtifactTicket.class);
        val ticketId = factory.createTicketIdFor(artifactId);
        val ticket = getConfigurationContext().getTicketRegistry().getTicket(ticketId, SamlArtifactTicket.class);
        if (ticket == null) {
            throw new InvalidTicketException(ticketId);
        }
        val issuerService = getConfigurationContext().getWebApplicationServiceFactory().createService(issuer);
        val casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, registeredService, CollectionUtils.wrap("artifact", ticket));
        val buildContext = SamlProfileBuilderContext.builder().samlRequest(artifactMsg).httpRequest(request).httpResponse(response).authenticatedAssertion(casAssertion).registeredService(registeredService).adaptor(facade).binding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI).messageContext(ctx).build();
        getConfigurationContext().getResponseBuilder().build(buildContext);
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, "Unable to build SOAP response: " + StringUtils.defaultString(e.getMessage()));
        val buildContext = SamlProfileBuilderContext.builder().samlRequest(artifactMsg).httpRequest(request).httpResponse(response).binding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI).messageContext(ctx).build();
        getConfigurationContext().getSamlFaultResponseBuilder().build(buildContext);
    }
}

Example 3 with Artifact

use of org.opensaml.saml.saml2.core.Artifact in project pac4j by pac4j.

the class Pac4jHTTPArtifactDecoder method dereferenceArtifact.

/**
 * De-reference the supplied artifact into the corresponding SAML protocol message.
 *
 * @param artifact           the artifact to de-reference
 * @param peerRoleDescriptor the peer RoleDescriptor
 * @param ars                the peer's artifact resolution service endpoint
 * @return the de-referenced artifact
 * @throws MessageDecodingException if there is fatal error, or if the artifact was not successfully resolved
 */
@Nonnull
private SAMLObject dereferenceArtifact(@Nonnull final SAML2Artifact artifact, @Nonnull final RoleDescriptor peerRoleDescriptor, @Nonnull final ArtifactResolutionService ars) throws MessageDecodingException {
    try {
        final var selfEntityID = resolveSelfEntityID(peerRoleDescriptor);
        // TODO can assume/enforce response as ArtifactResponse here?
        final var opContext = new SAMLSOAPClientContextBuilder().setOutboundMessage(buildArtifactResolveRequestMessage(artifact, ars.getLocation(), selfEntityID)).setProtocol(SAMLConstants.SAML20P_NS).setPipelineName(getSOAPPipelineName()).setSecurityConfigurationProfileId(getSOAPClientSecurityConfigurationProfileId()).setPeerRoleDescriptor(peerRoleDescriptor).setSelfEntityID(selfEntityID).build();
        log.trace("Executing ArtifactResolve over SOAP 1.1 binding to endpoint: {}", ars.getLocation());
        soapClient.send(ars.getLocation(), opContext);
        final var response = (SAMLObject) opContext.getInboundMessageContext().getMessage();
        if (response instanceof ArtifactResponse) {
            return validateAndExtractResponseMessage((ArtifactResponse) response);
        } else {
            throw new MessageDecodingException("SOAP message payload was not an instance of ArtifactResponse: " + response.getClass().getName());
        }
    } catch (final MessageException | SOAPException | SecurityException e) {
        throw new MessageDecodingException("Error dereferencing artifact", e);
    }
}

Example 4 with Artifact

use of org.opensaml.saml.saml2.core.Artifact in project cas by apereo.

the class Saml1ArtifactResolutionProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
    final MessageContext ctx = decodeSoapRequest(request);
    final ArtifactResolve artifactMsg = (ArtifactResolve) ctx.getMessage();
    try {
        final String issuer = artifactMsg.getIssuer().getValue();
        final SamlRegisteredService service = verifySamlRegisteredService(issuer);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, artifactMsg);
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade);
        final String artifactId = artifactMsg.getArtifact().getArtifact();
        final String ticketId = artifactTicketFactory.createTicketIdFor(artifactId);
        final SamlArtifactTicket ticket = this.ticketRegistry.getTicket(ticketId, SamlArtifactTicket.class);
        final Service issuerService = webApplicationServiceFactory.createService(issuer);
        final Assertion casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, service, CollectionUtils.wrap("artifact", ticket));
        this.responseBuilder.build(artifactMsg, request, response, casAssertion, service, facade, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
        samlFaultResponseBuilder.build(artifactMsg, request, response, null, null, null, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    }
}

Example 5 with Artifact

use of org.opensaml.saml.saml2.core.Artifact in project cas by apereo.

the class SamlProfileArtifactResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final org.jasig.cas.client.validation.Assertion castedAssertion = org.jasig.cas.client.validation.Assertion.class.cast(casAssertion);
    final SamlArtifactTicket ticket = (SamlArtifactTicket) castedAssertion.getAttributes().get("artifact");
    final ArtifactResponse artifactResponse = new ArtifactResponseBuilder().buildObject();
    artifactResponse.setIssueInstant(DateTime.now());
    artifactResponse.setIssuer(newIssuer(ticket.getIssuer()));
    artifactResponse.setInResponseTo(ticket.getRelyingPartyId());
    artifactResponse.setID(ticket.getId());
    artifactResponse.setStatus(newStatus(StatusCode.SUCCESS, "Success"));
    final SAMLObject samlResponse = SamlUtils.transformSamlObject(configBean, ticket.getObject(), SAMLObject.class);
    artifactResponse.setMessage(samlResponse);
    final Header header = newSoapObject(Header.class);
    final Body body = newSoapObject(Body.class);
    body.getUnknownXMLObjects().add(artifactResponse);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.configBean, envelope);
    return envelope;
}