Example 6 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlProfileSamlConditionsBuilder method buildConditions.
private Conditions buildConditions(final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final Conditions conditions = newConditions(currentDateTime, currentDateTime.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance()), adaptor.getEntityId());
return conditions;
}
Also used :
ZonedDateTime(java.time.ZonedDateTime)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Example 7 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlProfileHandlerController method retrieveSamlAuthenticationRequestFromHttpRequest.
/**
* Retrieve authn request authn request.
*
* @param request the request
* @return the authn request
* @throws Exception the exception
*/
protected AuthnRequest retrieveSamlAuthenticationRequestFromHttpRequest(final HttpServletRequest request) throws Exception {
LOGGER.debug("Retrieving authentication request from scope");
final String requestValue = request.getParameter(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
if (StringUtils.isBlank(requestValue)) {
throw new IllegalArgumentException("SAML request could not be determined from the authentication request");
}
final byte[] encodedRequest = EncodingUtils.decodeBase64(requestValue.getBytes(StandardCharsets.UTF_8));
final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(this.configBean.getParserPool(), new ByteArrayInputStream(encodedRequest));
return authnRequest;
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 8 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlProfileHandlerController method issueAuthenticationRequestRedirect.
/**
* Redirect request for authentication.
*
* @param pair the pair
* @param request the request
* @param response the response
* @throws Exception the exception
*/
protected void issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url [{}]", serviceUrl);
final String initialUrl = CommonUtils.constructRedirectUrl(this.loginUrl, CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(), authnRequest.isPassive());
final String urlToRedirectTo = buildRedirectUrlByRequestedAuthnContext(initialUrl, authnRequest, request);
LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo);
final AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
}
Also used :
DefaultAuthenticationRedirectStrategy(org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
DefaultAuthenticationRedirectStrategy(org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy)
AuthenticationRedirectStrategy(org.jasig.cas.client.authentication.AuthenticationRedirectStrategy)
Example 9 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlProfileHandlerController method constructServiceUrl.
/**
* Construct service url string.
*
* @param request the request
* @param response the response
* @param pair the pair
* @return the string
* @throws SamlException the saml exception
*/
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response, final Pair<? extends SignableSAMLObject, MessageContext> pair) throws SamlException {
final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
final MessageContext messageContext = pair.getRight();
try (StringWriter writer = SamlUtils.transformSamlObject(this.configBean, authnRequest)) {
final URLBuilder builder = new URLBuilder(this.callbackService.getId());
builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_ENTITY_ID, SamlIdPUtils.getIssuerFromSamlRequest(authnRequest)));
final String samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest));
builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE, SAMLBindingSupport.getRelayState(messageContext)));
final String url = builder.buildURL();
LOGGER.debug("Built service callback url [{}]", url);
return CommonUtils.constructServiceUrl(request, response, url, this.serverName, CasProtocolConstants.PARAMETER_SERVICE, CasProtocolConstants.PARAMETER_TICKET, false);
} catch (final Exception e) {
throw new SamlException(e.getMessage(), e);
}
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
StringWriter(java.io.StringWriter)
SamlException(org.apereo.cas.support.saml.SamlException)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlException(org.apereo.cas.support.saml.SamlException)
SAMLException(org.opensaml.saml.common.SAMLException)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
URLBuilder(net.shibboleth.utilities.java.support.net.URLBuilder)
Example 10 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class ECPProfileHandlerController method handleEcpRequest.
/**
* Handle ecp request.
*
* @param response the response
* @param request the request
* @param soapContext the soap context
* @param credential the credential
*/
protected void handleEcpRequest(final HttpServletResponse response, final HttpServletRequest request, final MessageContext soapContext, final Credential credential) {
final Envelope envelope = soapContext.getSubcontext(SOAP11Context.class).getEnvelope();
SamlUtils.logSamlObject(configBean, envelope);
final AuthnRequest authnRequest = (AuthnRequest) soapContext.getMessage();
final Pair<AuthnRequest, MessageContext> authenticationContext = Pair.of(authnRequest, soapContext);
try {
final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> serviceRequest = verifySamlAuthenticationRequest(authenticationContext, request);
final Authentication authentication = authenticateEcpRequest(credential, authenticationContext);
buildSamlResponse(response, request, authenticationContext, buildEcpCasAssertion(authentication, serviceRequest.getKey()));
} catch (final AuthenticationException e) {
LOGGER.error(e.getMessage(), e);
final String error = e.getHandlerErrors().values().stream().map(Class::getSimpleName).collect(Collectors.joining(","));
buildEcpFaultResponse(response, request, Pair.of(authnRequest, error));
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
buildEcpFaultResponse(response, request, Pair.of(authnRequest, e.getMessage()));
}
}
Also used :
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
Envelope(org.opensaml.soap.soap11.Envelope)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
SOAP11Context(org.opensaml.soap.messaging.context.SOAP11Context)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Authentication(org.apereo.cas.authentication.Authentication)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
MessageContext(org.opensaml.messaging.context.MessageContext)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)15
IOException (java.io.IOException)9
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
SimpleSign (ddf.security.samlp.SimpleSign)4
XMLObject (org.opensaml.core.xml.XMLObject)4
Document (org.w3c.dom.Document)4
ValidationException (ddf.security.samlp.ValidationException)3
SecurityServiceException (ddf.security.service.SecurityServiceException)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
SecureRandom (java.security.SecureRandom)3
ZonedDateTime (java.time.ZonedDateTime)3
ServletException (javax.servlet.ServletException)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)3
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)3
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)3
MessageContext (org.opensaml.messaging.context.MessageContext)3
InputStreamReader (java.io.InputStreamReader)2
Path (javax.ws.rs.Path)2
NewCookie (javax.ws.rs.core.NewCookie)2
