use of org.opensaml.saml.saml2.core.ArtifactResolve in project cas by apereo.
the class SamlIdPSaml1ArtifactResolutionProfileHandlerController method handlePostRequest.
/**
* Handle post request.
*
* @param response the response
* @param request the request
* @throws Exception the exception
*/
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
val ctx = decodeSoapRequest(request);
val artifactMsg = (ArtifactResolve) ctx.getMessage();
try {
val issuer = Objects.requireNonNull(artifactMsg).getIssuer().getValue();
val registeredService = verifySamlRegisteredService(issuer);
val adaptor = getSamlMetadataFacadeFor(registeredService, artifactMsg);
if (adaptor.isEmpty()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
val facade = adaptor.get();
verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade, registeredService);
val artifactId = artifactMsg.getArtifact().getValue();
val factory = (SamlArtifactTicketFactory) getConfigurationContext().getTicketFactory().get(SamlArtifactTicket.class);
val ticketId = factory.createTicketIdFor(artifactId);
val ticket = getConfigurationContext().getTicketRegistry().getTicket(ticketId, SamlArtifactTicket.class);
if (ticket == null) {
throw new InvalidTicketException(ticketId);
}
val issuerService = getConfigurationContext().getWebApplicationServiceFactory().createService(issuer);
val casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, registeredService, CollectionUtils.wrap("artifact", ticket));
val buildContext = SamlProfileBuilderContext.builder().samlRequest(artifactMsg).httpRequest(request).httpResponse(response).authenticatedAssertion(casAssertion).registeredService(registeredService).adaptor(facade).binding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI).messageContext(ctx).build();
getConfigurationContext().getResponseBuilder().build(buildContext);
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, "Unable to build SOAP response: " + StringUtils.defaultString(e.getMessage()));
val buildContext = SamlProfileBuilderContext.builder().samlRequest(artifactMsg).httpRequest(request).httpResponse(response).binding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI).messageContext(ctx).build();
getConfigurationContext().getSamlFaultResponseBuilder().build(buildContext);
}
}
use of org.opensaml.saml.saml2.core.ArtifactResolve in project cas by apereo.
the class Saml1ArtifactResolutionProfileHandlerController method handlePostRequest.
/**
* Handle post request.
*
* @param response the response
* @param request the request
*/
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
final MessageContext ctx = decodeSoapRequest(request);
final ArtifactResolve artifactMsg = (ArtifactResolve) ctx.getMessage();
try {
final String issuer = artifactMsg.getIssuer().getValue();
final SamlRegisteredService service = verifySamlRegisteredService(issuer);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, artifactMsg);
if (!adaptor.isPresent()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade);
final String artifactId = artifactMsg.getArtifact().getArtifact();
final String ticketId = artifactTicketFactory.createTicketIdFor(artifactId);
final SamlArtifactTicket ticket = this.ticketRegistry.getTicket(ticketId, SamlArtifactTicket.class);
final Service issuerService = webApplicationServiceFactory.createService(issuer);
final Assertion casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, service, CollectionUtils.wrap("artifact", ticket));
this.responseBuilder.build(artifactMsg, request, response, casAssertion, service, facade, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
samlFaultResponseBuilder.build(artifactMsg, request, response, null, null, null, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
}
}
use of org.opensaml.saml.saml2.core.ArtifactResolve in project cas by apereo.
the class SamlIdPSaml1ArtifactResolutionProfileHandlerControllerTests method getArtifactResolve.
private ArtifactResolve getArtifactResolve() {
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(ArtifactResolve.DEFAULT_ELEMENT_NAME);
val request = (ArtifactResolve) builder.buildObject();
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
val issuer = (Issuer) builder.buildObject();
issuer.setValue(samlRegisteredService.getServiceId());
request.setIssuer(issuer);
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Artifact.DEFAULT_ELEMENT_NAME);
val artifact = (Artifact) builder.buildObject();
artifact.setValue("https://cassp.example.org");
request.setArtifact(artifact);
return request;
}
Aggregations