Example 6 with Assertion
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method build.
@Override
public T build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response, final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor);
final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response);
return encodeFinalResponse(request, response, service, adaptor, finalResponse);
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Example 7 with Assertion
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
}
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Status(org.opensaml.saml.saml2.core.Status)
SAMLObject(org.opensaml.saml.common.SAMLObject)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SecureRandom(java.security.SecureRandom)
Example 8 with Assertion
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class SSOPostProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.
private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
final AuthnRequest authnRequest = pair.getKey();
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(this.serverPrefix);
validator.setRenew(authnRequest.isForceAuthn());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url for validation: [{}]", serviceUrl);
final Assertion assertion = validator.validate(ticket, serviceUrl);
logCasValidationAssertion(assertion);
return assertion;
}
Also used :
Cas30ServiceTicketValidator(org.jasig.cas.client.validation.Cas30ServiceTicketValidator)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Assertion(org.jasig.cas.client.validation.Assertion)
Example 9 with Assertion
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method build.
@Override
public String build(final Assertion assertion, final AuthnRequest authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) {
final RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
if (requestedAuthnContext == null) {
LOGGER.debug("No specific authN context is requested. Returning [{}]", AuthnContext.UNSPECIFIED_AUTHN_CTX);
return AuthnContext.UNSPECIFIED_AUTHN_CTX;
}
final List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", AuthnContext.UNSPECIFIED_AUTHN_CTX);
return AuthnContext.UNSPECIFIED_AUTHN_CTX;
}
LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
authnContextClassRefs.forEach(authnContextClassRef -> LOGGER.debug("Requested AuthN Context [{}]", authnContextClassRef.getAuthnContextClassRef()));
if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) {
LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", service.getRequiredAuthenticationContextClass(), service.getName());
return service.getRequiredAuthenticationContextClass();
}
LOGGER.debug("Returning default AuthN Context [{}]", AuthnContext.PPT_AUTHN_CTX);
return AuthnContext.PPT_AUTHN_CTX;
}
Also used :
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Example 10 with Assertion
use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.
the class SamlProfileSamlAuthNStatementBuilder method buildSubjectLocality.
/**
* Build subject locality subject locality.
*
* @param assertion the assertion
* @param authnRequest the authn request
* @param adaptor the adaptor
* @return the subject locality
* @throws SamlException the saml exception
*/
protected SubjectLocality buildSubjectLocality(final Assertion assertion, final AuthnRequest authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final SubjectLocality subjectLocality = newSamlObject(SubjectLocality.class);
subjectLocality.setAddress(SamlIdPUtils.getIssuerFromSamlRequest(authnRequest));
return subjectLocality;
}
Also used :
SubjectLocality(org.opensaml.saml.saml2.core.SubjectLocality)
Aggregations
Assertion (org.opensaml.saml.saml2.core.Assertion)33
Response (org.opensaml.saml.saml2.core.Response)31
Element (org.w3c.dom.Element)31
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26
Document (org.w3c.dom.Document)22
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)20
Status (org.opensaml.saml.saml2.core.Status)20
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)18
DateTime (org.joda.time.DateTime)16
Test (org.junit.Test)16
Assertion (org.opensaml.saml.saml1.core.Assertion)13
InputStream (java.io.InputStream)11
Crypto (org.apache.wss4j.common.crypto.Crypto)11
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)11
ZonedDateTime (java.time.ZonedDateTime)10
XMLObject (org.opensaml.core.xml.XMLObject)10
KeyStore (java.security.KeyStore)9
Merlin (org.apache.wss4j.common.crypto.Merlin)9
Assertion (org.jasig.cas.client.validation.Assertion)9
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)9
