Search in sources :

Example 1 with ArtifactResolve

use of org.opensaml.saml.saml2.core.ArtifactResolve in project cas by apereo.

the class SamlIdPSaml1ArtifactResolutionProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 * @throws Exception the exception
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    val ctx = decodeSoapRequest(request);
    val artifactMsg = (ArtifactResolve) ctx.getMessage();
    try {
        val issuer = Objects.requireNonNull(artifactMsg).getIssuer().getValue();
        val registeredService = verifySamlRegisteredService(issuer);
        val adaptor = getSamlMetadataFacadeFor(registeredService, artifactMsg);
        if (adaptor.isEmpty()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        val facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade, registeredService);
        val artifactId = artifactMsg.getArtifact().getValue();
        val factory = (SamlArtifactTicketFactory) getConfigurationContext().getTicketFactory().get(SamlArtifactTicket.class);
        val ticketId = factory.createTicketIdFor(artifactId);
        val ticket = getConfigurationContext().getTicketRegistry().getTicket(ticketId, SamlArtifactTicket.class);
        if (ticket == null) {
            throw new InvalidTicketException(ticketId);
        }
        val issuerService = getConfigurationContext().getWebApplicationServiceFactory().createService(issuer);
        val casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, registeredService, CollectionUtils.wrap("artifact", ticket));
        val buildContext = SamlProfileBuilderContext.builder().samlRequest(artifactMsg).httpRequest(request).httpResponse(response).authenticatedAssertion(casAssertion).registeredService(registeredService).adaptor(facade).binding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI).messageContext(ctx).build();
        getConfigurationContext().getResponseBuilder().build(buildContext);
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, "Unable to build SOAP response: " + StringUtils.defaultString(e.getMessage()));
        val buildContext = SamlProfileBuilderContext.builder().samlRequest(artifactMsg).httpRequest(request).httpResponse(response).binding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI).messageContext(ctx).build();
        getConfigurationContext().getSamlFaultResponseBuilder().build(buildContext);
    }
}
Also used : lombok.val(lombok.val) ArtifactResolve(org.opensaml.saml.saml2.core.ArtifactResolve) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket) SamlArtifactTicketFactory(org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 2 with ArtifactResolve

use of org.opensaml.saml.saml2.core.ArtifactResolve in project cas by apereo.

the class Saml1ArtifactResolutionProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
    final MessageContext ctx = decodeSoapRequest(request);
    final ArtifactResolve artifactMsg = (ArtifactResolve) ctx.getMessage();
    try {
        final String issuer = artifactMsg.getIssuer().getValue();
        final SamlRegisteredService service = verifySamlRegisteredService(issuer);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, artifactMsg);
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade);
        final String artifactId = artifactMsg.getArtifact().getArtifact();
        final String ticketId = artifactTicketFactory.createTicketIdFor(artifactId);
        final SamlArtifactTicket ticket = this.ticketRegistry.getTicket(ticketId, SamlArtifactTicket.class);
        final Service issuerService = webApplicationServiceFactory.createService(issuer);
        final Assertion casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, service, CollectionUtils.wrap("artifact", ticket));
        this.responseBuilder.build(artifactMsg, request, response, casAssertion, service, facade, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
        samlFaultResponseBuilder.build(artifactMsg, request, response, null, null, null, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    }
}
Also used : ArtifactResolve(org.opensaml.saml.saml2.core.ArtifactResolve) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Assertion(org.jasig.cas.client.validation.Assertion) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Service(org.apereo.cas.authentication.principal.Service) MessageContext(org.opensaml.messaging.context.MessageContext) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 3 with ArtifactResolve

use of org.opensaml.saml.saml2.core.ArtifactResolve in project cas by apereo.

the class SamlIdPSaml1ArtifactResolutionProfileHandlerControllerTests method getArtifactResolve.

private ArtifactResolve getArtifactResolve() {
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(ArtifactResolve.DEFAULT_ELEMENT_NAME);
    val request = (ArtifactResolve) builder.buildObject();
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    val issuer = (Issuer) builder.buildObject();
    issuer.setValue(samlRegisteredService.getServiceId());
    request.setIssuer(issuer);
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Artifact.DEFAULT_ELEMENT_NAME);
    val artifact = (Artifact) builder.buildObject();
    artifact.setValue("https://cassp.example.org");
    request.setArtifact(artifact);
    return request;
}
Also used : lombok.val(lombok.val) ArtifactResolve(org.opensaml.saml.saml2.core.ArtifactResolve) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) Issuer(org.opensaml.saml.saml2.core.Issuer) Artifact(org.opensaml.saml.saml2.core.Artifact)

Aggregations

ArtifactResolve (org.opensaml.saml.saml2.core.ArtifactResolve)3 lombok.val (lombok.val)2 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)2 SamlArtifactTicket (org.apereo.cas.ticket.artifact.SamlArtifactTicket)2 PostMapping (org.springframework.web.bind.annotation.PostMapping)2 Service (org.apereo.cas.authentication.principal.Service)1 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)1 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)1 InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)1 SamlArtifactTicketFactory (org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory)1 Assertion (org.jasig.cas.client.validation.Assertion)1 MessageContext (org.opensaml.messaging.context.MessageContext)1 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)1 Artifact (org.opensaml.saml.saml2.core.Artifact)1 Issuer (org.opensaml.saml.saml2.core.Issuer)1