Examples with Assertion org.opensaml.saml.saml2.core.Assertion used on opensource projects

Example 31 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildAuthnStatement.

/**
 * Creates an authentication statement for the current request.
 *
 * @param assertion    the assertion
 * @param authnRequest the authn request
 * @param adaptor      the adaptor
 * @param service      the service
 * @param binding      the binding
 * @return constructed authentication statement
 * @throws SamlException the saml exception
 */
private AuthnStatement buildAuthnStatement(final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
    if (assertion.getValidUntilDate() != null) {
        final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
        statement.setSessionNotOnOrAfter(DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
    }
    statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor, binding));
    return statement;
}

Example 32 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlConditionsBuilder method buildConditions.

/**
 * Build conditions conditions.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the conditions
 * @throws SamlException the saml exception
 */
protected Conditions buildConditions(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    int skewAllowance = casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance();
    if (skewAllowance <= 0) {
        skewAllowance = casProperties.getSamlCore().getSkewAllowance();
    }
    final List<String> audienceUrls = new ArrayList<>();
    audienceUrls.add(adaptor.getEntityId());
    if (StringUtils.isNotBlank(service.getAssertionAudiences())) {
        final Set<String> audiences = org.springframework.util.StringUtils.commaDelimitedListToSet(service.getAssertionAudiences());
        audienceUrls.addAll(audiences);
    }
    final Conditions conditions = newConditions(currentDateTime, currentDateTime.plusSeconds(skewAllowance), audienceUrls.toArray(new String[] {}));
    return conditions;
}

Example 33 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method encryptAssertion.

/**
 * Encrypt assertion.
 *
 * @param assertion the assertion
 * @param request   the request
 * @param response  the response
 * @param service   the service
 * @param adaptor   the adaptor
 * @return the saml object
 * @throws SamlException the saml exception
 */
protected SAMLObject encryptAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    if (service.isEncryptAssertions()) {
        LOGGER.debug("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
        final EncryptedAssertion encryptedAssertion = this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
        return encryptedAssertion;
    }
    LOGGER.debug("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
    return assertion;
}

Example 34 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
public Response buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    if (casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
        storeAttributeQueryTicketInRegistry(assertion, request, adaptor);
    }
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, null);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request, binding);
        SamlUtils.logSamlObject(configBean, samlResponse);
    }
    return samlResponse;
}

Example 35 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class ECPProfileHandlerController method handleEcpRequest.

/**
 * Handle ecp request.
 *
 * @param response    the response
 * @param request     the request
 * @param soapContext the soap context
 * @param credential  the credential
 * @param binding     the binding
 */
protected void handleEcpRequest(final HttpServletResponse response, final HttpServletRequest request, final MessageContext soapContext, final Credential credential, final String binding) {
    LOGGER.debug("Handling ECP request for SOAP context [{}]", soapContext);
    final Envelope envelope = soapContext.getSubcontext(SOAP11Context.class).getEnvelope();
    SamlUtils.logSamlObject(configBean, envelope);
    final AuthnRequest authnRequest = (AuthnRequest) soapContext.getMessage();
    final Pair<AuthnRequest, MessageContext> authenticationContext = Pair.of(authnRequest, soapContext);
    try {
        LOGGER.debug("Verifying ECP authentication request [{}]", authnRequest);
        final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> serviceRequest = verifySamlAuthenticationRequest(authenticationContext, request);
        LOGGER.debug("Attempting to authenticate ECP request for credential id [{}]", credential.getId());
        final Authentication authentication = authenticateEcpRequest(credential, authenticationContext);
        LOGGER.debug("Authenticated [{}] successfully with authenticated principal [{}]", credential.getId(), authentication.getPrincipal());
        LOGGER.debug("Building ECP SAML response for [{}]", credential.getId());
        final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
        final Service service = webApplicationServiceFactory.createService(issuer);
        final Assertion casAssertion = buildCasAssertion(authentication, service, serviceRequest.getKey(), new LinkedHashMap<>());
        LOGGER.debug("CAS assertion to use for building ECP SAML response is [{}]", casAssertion);
        buildSamlResponse(response, request, authenticationContext, casAssertion, binding);
    } catch (final AuthenticationException e) {
        LOGGER.error(e.getMessage(), e);
        final String error = e.getHandlerErrors().values().stream().map(Throwable::getMessage).filter(Objects::nonNull).collect(Collectors.joining(","));
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, error));
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, e.getMessage()));
    }
}