use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class WsFederationAction method doExecute.
/**
* Executes the webflow action.
*
* @param context the context
* @return the event
* @throws Exception all unhandled exceptions
*/
@Override
protected Event doExecute(final RequestContext context) throws Exception {
try {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpSession session = request.getSession();
final String wa = request.getParameter(WA);
// it's an authentication
if (StringUtils.isNotBlank(wa) && wa.equalsIgnoreCase(WSIGNIN)) {
final String wResult = request.getParameter(WRESULT);
LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
if (StringUtils.isBlank(wResult)) {
LOGGER.error("No [{}] parameter is found", WRESULT);
return error();
}
// create credentials
LOGGER.debug("Attempting to create an assertion from the token parameter");
final Assertion assertion = this.wsFederationHelper.parseTokenFromString(wResult, configuration);
if (assertion == null) {
LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
return error();
}
LOGGER.debug("Attempting to validate the signature on the assertion");
if (!this.wsFederationHelper.validateSignature(assertion, this.configuration)) {
LOGGER.error("WS Requested Security Token is blank or the signature is not valid.");
return error();
}
try {
final Service service = (Service) session.getAttribute(SERVICE);
LOGGER.debug("Creating credential based on the provided assertion");
final WsFederationCredential credential = this.wsFederationHelper.createCredentialFromToken(assertion);
final String rpId = getRelyingPartyIdentifier(service);
if (credential != null && credential.isValid(rpId, this.configuration.getIdentityProviderIdentifier(), this.configuration.getTolerance())) {
LOGGER.debug("Validated assertion for the created credential successfully");
if (this.configuration.getAttributeMutator() != null) {
LOGGER.debug("Modifying credential attributes based on [{}]", this.configuration.getAttributeMutator().getClass().getSimpleName());
this.configuration.getAttributeMutator().modifyAttributes(credential.getAttributes());
}
} else {
LOGGER.warn("SAML assertions are blank or no longer valid based on RP identifier [{}] and IdP identifier [{}]", rpId, this.configuration.getIdentityProviderIdentifier());
final String url = authorizationUrl + rpId;
context.getFlowScope().put(PROVIDERURL, url);
LOGGER.warn("Created authentication url [{}] and returning error", url);
return error();
}
context.getFlowScope().put(SERVICE, service);
restoreRequestAttribute(request, session, THEME);
restoreRequestAttribute(request, session, LOCALE);
restoreRequestAttribute(request, session, METHOD);
LOGGER.debug("Creating final authentication result based on the given credential");
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
LOGGER.debug("Attempting to create a ticket-granting ticket for the authentication result");
WebUtils.putTicketGrantingTicketInScopes(context, this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult));
LOGGER.info("Token validated and new [{}] created: [{}]", credential.getClass().getName(), credential);
return success();
} catch (final AbstractTicketException e) {
LOGGER.error(e.getMessage(), e);
return error();
}
} else {
// no authentication : go to login page. save parameters in web session
final Service service = (Service) context.getFlowScope().get(SERVICE);
if (service != null) {
session.setAttribute(SERVICE, service);
}
saveRequestParameter(request, session, THEME);
saveRequestParameter(request, session, LOCALE);
saveRequestParameter(request, session, METHOD);
final String url = authorizationUrl + getRelyingPartyIdentifier(service);
LOGGER.info("Preparing to redirect to the IdP [{}]", url);
context.getFlowScope().put(PROVIDERURL, url);
}
LOGGER.debug("Returning error event");
return error();
} catch (final Exception ex) {
LOGGER.error(ex.getMessage(), ex);
return error();
}
}
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class WsFederationHelperTests method verifyValidateSignatureGoodToken.
@Test
public void verifyValidateSignatureGoodToken() throws Exception {
final String wresult = testTokens.get(GOOD_TOKEN);
final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
assertTrue("testValidateSignatureGoodToken() - True", result);
}
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class WsFederationHelperTests method verifyValidateSignatureModifiedSignature.
@Test
public void verifyValidateSignatureModifiedSignature() throws Exception {
final String wresult = testTokens.get("badTokenModifiedSignature");
final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
assertFalse("testValidateSignatureModifiedSignature() - False", result);
}
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class WsFederationHelperTests method verifyParseTokenString.
@Test
public void verifyParseTokenString() throws Exception {
final String wresult = testTokens.get(GOOD_TOKEN);
final Assertion result = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
assertNotNull("testParseTokenString() - Not null", result);
}
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class SamlProfileSamlAssertionBuilder method build.
@Override
public Assertion build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response, final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final List<Statement> statements = new ArrayList<>();
statements.add(this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
statements.add(this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
signAssertion(assertion, request, response, service, adaptor);
return assertion;
}
Aggregations