Examples with Assertion org.opensaml.saml.saml2.core.Assertion used on opensource projects

Example 91 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlSubjectBuilder method buildSubject.

private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final RequestAbstractType authnRequest, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
    LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
    @NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
    if (StringUtils.isBlank(location)) {
        LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
    }
    final NameID nameId = getNameIdForService(request, response, authnRequest, service, adaptor, binding, assertion);
    final Subject subject = newSubject(nameId, service.isSkipGeneratingSubjectConfirmationRecipient() ? null : location, service.isSkipGeneratingSubjectConfirmationNotOnOrAfter() ? null : validFromDate.plusSeconds(this.skewAllowance), service.isSkipGeneratingSubjectConfirmationInResponseTo() ? null : authnRequest.getID(), service.isSkipGeneratingSubjectConfirmationNotBefore() ? null : ZonedDateTime.now());
    LOGGER.debug("Created SAML subject [{}]", subject);
    return subject;
}

Example 92 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class WsFederationAction method handleWsFederationAuthenticationRequest.

private Event handleWsFederationAuthenticationRequest(final RequestContext context) {
    final Service service = wsFederationCookieManager.retrieve(context);
    LOGGER.debug("Retrieved service [{}] from the session cookie", service);
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final String wResult = request.getParameter(WRESULT);
    LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
    if (StringUtils.isBlank(wResult)) {
        LOGGER.error("No [{}] parameter is found", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to create an assertion from the token parameter");
    final RequestedSecurityToken rsToken = this.wsFederationHelper.getRequestSecurityTokenFromResult(wResult);
    final Pair<Assertion, WsFederationConfiguration> assertion = this.wsFederationHelper.buildAndVerifyAssertion(rsToken, configurations);
    if (assertion == null) {
        LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to validate the signature on the assertion");
    if (!this.wsFederationHelper.validateSignature(assertion)) {
        final String msg = "WS Requested Security Token is blank or the signature is not valid.";
        LOGGER.error(msg);
        throw new IllegalArgumentException(msg);
    }
    return buildCredentialsFromAssertion(context, assertion, service);
}

Example 93 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SSOSamlProfileCallbackHandlerController method determineProfileBinding.

/**
 * Determine profile binding.
 *
 * @param authenticationContext the authentication context
 * @param assertion             the assertion
 * @return the string
 */
protected String determineProfileBinding(final Pair<AuthnRequest, MessageContext> authenticationContext, final Assertion assertion) {
    final AuthnRequest authnRequest = authenticationContext.getKey();
    final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> pair = getRegisteredServiceAndFacade(authnRequest);
    final SamlRegisteredServiceServiceProviderMetadataFacade facade = pair.getValue();
    final String binding = StringUtils.defaultIfBlank(authnRequest.getProtocolBinding(), SAMLConstants.SAML2_POST_BINDING_URI);
    LOGGER.debug("Determined authentication request binding is [{}], issued by [{}]", binding, authnRequest.getIssuer().getValue());
    LOGGER.debug("Checking metadata for [{}] to see if binding [{}] is supported", facade.getEntityId(), binding);
    @NonNull final AssertionConsumerService svc = facade.getAssertionConsumerService(binding);
    LOGGER.debug("Binding [{}] is supported by [{}]", svc.getBinding(), facade.getEntityId());
    return binding;
}

Example 94 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SSOSamlProfileCallbackHandlerController method handleCallbackProfileRequest.

/**
 * Handle callback profile request.
 *
 * @param response the response
 * @param request  the request
 * @throws Exception the exception
 */
@GetMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK)
protected void handleCallbackProfileRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
    final AuthnRequest authnRequest = retrieveSamlAuthenticationRequestFromHttpRequest(request);
    if (authnRequest == null) {
        LOGGER.error("Can not validate the request because the original Authn request can not be found.");
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    if (StringUtils.isBlank(ticket)) {
        LOGGER.error("Can not validate the request because no [{}] is provided via the request", CasProtocolConstants.PARAMETER_TICKET);
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    final Pair<AuthnRequest, MessageContext> authenticationContext = buildAuthenticationContextPair(request, authnRequest);
    final Assertion assertion = validateRequestAndBuildCasAssertion(response, request, authenticationContext);
    final String binding = determineProfileBinding(authenticationContext, assertion);
    buildSamlResponse(response, request, authenticationContext, assertion, binding);
}

Example 95 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class Saml10ObjectBuilder method newAssertion.

/**
 * Create a new SAML1 response object.
 *
 * @param authnStatement the authn statement
 * @param issuer         the issuer
 * @param issuedAt       the issued at
 * @param id             the id
 * @return the assertion
 */
public Assertion newAssertion(final AuthenticationStatement authnStatement, final String issuer, final ZonedDateTime issuedAt, final String id) {
    final Assertion assertion = newSamlObject(Assertion.class);
    assertion.setID(id);
    assertion.setIssueInstant(DateTimeUtils.dateTimeOf(issuedAt));
    assertion.setIssuer(issuer);
    assertion.getAuthenticationStatements().add(authnStatement);
    return assertion;
}