use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class BaseSamlRegisteredServiceAttributeReleasePolicy method getSamlAuthnRequest.
/**
* Gets saml authn request.
*
* @param applicationContext the application context
* @return the saml authn request
*/
protected static Optional<AuthnRequest> getSamlAuthnRequest(final ApplicationContext applicationContext) {
val openSamlConfigBean = applicationContext.getBean(OpenSamlConfigBean.DEFAULT_BEAN_NAME, OpenSamlConfigBean.class);
val sessionStore = applicationContext.getBean(DistributedJEESessionStore.DEFAULT_BEAN_NAME, SessionStore.class);
val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, sessionStore, openSamlConfigBean, AuthnRequest.class);
val authnRequest = (AuthnRequest) result.orElseThrow(() -> new IllegalArgumentException("SAML request could not be determined from session store")).getLeft();
return Optional.of(authnRequest);
}
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class BaseSamlRegisteredServiceAttributeReleasePolicy method getEntityIdFromRequest.
/**
* Gets entity id from request.
*
* @param selectedService the selected service
* @return the entity id from request
*/
protected static String getEntityIdFromRequest(final Service selectedService) {
val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
if (request == null || selectedService == null) {
LOGGER.debug("No http request could be identified to locate the entity id");
return null;
}
LOGGER.debug("Attempting to determine entity id for service [{}]", selectedService);
val entityIdAttribute = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_ENTITY_ID);
if (entityIdAttribute != null && !entityIdAttribute.isEmpty()) {
LOGGER.debug("Found entity id [{}] as a service attribute", entityIdAttribute);
return CollectionUtils.firstElement(entityIdAttribute).map(Object::toString).orElseThrow();
}
val providerIdAttribute = selectedService.getAttributes().get(SamlIdPConstants.PROVIDER_ID);
if (providerIdAttribute != null && !providerIdAttribute.isEmpty()) {
LOGGER.debug("Found provider entity id [{}] as a service attribute", providerIdAttribute);
return CollectionUtils.firstElement(providerIdAttribute).map(Object::toString).orElseThrow();
}
val samlRequest = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
if (samlRequest != null && !samlRequest.isEmpty()) {
val applicationContext = ApplicationContextProvider.getApplicationContext();
val resolver = applicationContext.getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class);
val attributeValue = CollectionUtils.firstElement(samlRequest).map(Object::toString).orElseThrow();
val openSamlConfigBean = resolver.getOpenSamlConfigBean();
val authnRequest = SamlIdPUtils.retrieveSamlRequest(openSamlConfigBean, RequestAbstractType.class, attributeValue);
SamlUtils.logSamlObject(openSamlConfigBean, authnRequest);
val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
LOGGER.debug("Found entity id [{}] from SAML request issuer", issuer);
return issuer;
}
val entityId = request.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
if (StringUtils.isNotBlank(entityId)) {
LOGGER.debug("Found entity id [{}] as a request parameter", entityId);
return entityId;
}
val svcParam = request.getParameter(CasProtocolConstants.PARAMETER_SERVICE);
return FunctionUtils.doIf(StringUtils.isNotBlank(svcParam), () -> FunctionUtils.doAndHandle(o -> {
val builder = new URIBuilder(svcParam);
return builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).map(NameValuePair::getValue).findFirst().orElse(StringUtils.EMPTY);
}, throwable -> {
LoggingUtils.error(LOGGER, throwable);
return null;
}).apply(svcParam), () -> null).get();
}
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicy method getAttributesForSamlRegisteredService.
@Override
protected Map<String, List<Object>> getAttributesForSamlRegisteredService(final Map<String, List<Object>> attributes, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor, final RegisteredServiceAttributeReleasePolicyContext context) {
val releaseAttributes = new HashMap<String, List<Object>>();
getSamlAuthnRequest(applicationContext).ifPresent(authnRequest -> {
if (authnRequest.getExtensions() != null) {
authnRequest.getExtensions().getUnknownXMLObjects().stream().filter(object -> object instanceof RequestedAttribute).map(object -> (RequestedAttribute) object).filter(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Checking for requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
return attributes.containsKey(name);
}).forEach(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
releaseAttributes.put(name, attributes.get(name));
});
}
});
return authorizeReleaseOfAllowedAttributes(context, releaseAttributes);
}
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlIdPUtils method getAssertionConsumerServiceFromRequest.
private static AssertionConsumerService getAssertionConsumerServiceFromRequest(final RequestAbstractType request, final String binding, final SamlRegisteredServiceServiceProviderMetadataFacade adapter) {
if (request instanceof AuthnRequest) {
val authnRequest = AuthnRequest.class.cast(request);
var acsUrl = authnRequest.getAssertionConsumerServiceURL();
val acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (StringUtils.isBlank(acsUrl) && acsIndex == null) {
LOGGER.debug("No assertion consumer service url or index is supplied in the authentication request");
return null;
}
if (StringUtils.isBlank(acsUrl) && acsIndex != null) {
LOGGER.debug("Locating assertion consumer service url for binding [{}] and index [{}]", acsUrl, acsIndex);
acsUrl = adapter.getAssertionConsumerServiceFor(binding, acsIndex).orElseGet(() -> {
LOGGER.warn("Unable to locate acs url in for entity [{}] and binding [{}] with index [{}]", adapter.getEntityId(), binding, acsIndex);
return null;
});
}
if (StringUtils.isNotBlank(acsUrl)) {
LOGGER.debug("Fetched assertion consumer service url [{}] with binding [{}] from authentication request", acsUrl, binding);
val builder = new AssertionConsumerServiceBuilder();
val endpoint = builder.buildObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
endpoint.setBinding(binding);
endpoint.setResponseLocation(acsUrl);
endpoint.setLocation(acsUrl);
endpoint.setIndex(acsIndex);
return endpoint;
}
}
return null;
}
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTriggerTests method verifyContextMapping.
@Test
public void verifyContextMapping() throws Exception {
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
val service = RegisteredServiceTestUtils.getService(registeredService.getServiceId());
val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, registeredService);
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
classRef.setURI("context1");
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
reqCtx.getAuthnContextClassRefs().add(classRef);
authnRequest.setRequestedAuthnContext(reqCtx);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val context = Pair.of(authnRequest, messageContext);
SamlIdPUtils.storeSamlRequest(new JEEContext(request, response), openSamlConfigBean, samlIdPDistributedSessionStore, context);
assertTrue(samlIdPMultifactorAuthenticationTrigger.supports(request, registeredService, RegisteredServiceTestUtils.getAuthentication(), service));
val result = samlIdPMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), registeredService, request, response, service);
assertTrue(result.isPresent());
}
Aggregations