Examples with AuthnRequest org.opensaml.saml.saml2.core.AuthnRequest used on opensource projects

Search in sources :

Example 96 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class DefaultAuthnContextClassRefBuilder method build.

@Override
public String build(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) {
    if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) {
        LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", service.getRequiredAuthenticationContextClass(), service.getName());
        return service.getRequiredAuthenticationContextClass();
    }
    final String defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
    final RequestedAuthnContext requestedAuthnContext = (authnRequest instanceof AuthnRequest) ? AuthnRequest.class.cast(authnRequest).getRequestedAuthnContext() : null;
    if (requestedAuthnContext == null) {
        LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
        return defClass;
    }
    final List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
    if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
        LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
        return defClass;
    }
    final String finalCtx = StringUtils.defaultIfBlank(getAuthenticationContextByAssertion(assertion, requestedAuthnContext, authnContextClassRefs), defClass);
    LOGGER.debug("Returning authN context [{}]", finalCtx);
    return finalCtx;
}
Also used : RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)

Example 97 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildSubjectLocality.

/**
 * Build subject locality subject locality.
 *
 * @param assertion    the assertion
 * @param authnRequest the authn request
 * @param adaptor      the adaptor
 * @param binding      the binding
 * @return the subject locality
 * @throws SamlException the saml exception
 */
protected SubjectLocality buildSubjectLocality(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final SubjectLocality subjectLocality = newSamlObject(SubjectLocality.class);
    final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    if (acs != null && StringUtils.isNotBlank(acs.getLocation())) {
        final InetAddress ip = InetAddressUtils.getByName(acs.getLocation());
        if (ip != null) {
            subjectLocality.setAddress(ip.getHostName());
        }
    }
    return subjectLocality;
}
Also used : AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) InetAddress(java.net.InetAddress) SubjectLocality(org.opensaml.saml.saml2.core.SubjectLocality)

Example 98 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method encodeNameIdBasedOnNameFormat.

/**
 * Encode name id based on name format name id.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param nameFormat   the name format
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 */
protected NameID encodeNameIdBasedOnNameFormat(final RequestAbstractType authnRequest, final Object assertion, final String nameFormat, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    try {
        if (authnRequest instanceof AttributeQuery) {
            final AttributeQuery query = AttributeQuery.class.cast(authnRequest);
            final NameID nameID = query.getSubject().getNameID();
            nameID.detach();
            return nameID;
        }
        final IdPAttribute attribute = prepareNameIdAttribute(assertion, nameFormat, adaptor);
        final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
        LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
        final NameID nameid = encoder.encode(attribute);
        LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
        return nameid;
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}
Also used : AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery) NameID(org.opensaml.saml.saml2.core.NameID) IdPAttribute(net.shibboleth.idp.attribute.IdPAttribute) SAML2StringNameIDEncoder(net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder) SamlException(org.apereo.cas.support.saml.SamlException)

Example 99 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method buildNameId.

/**
 * Build name id.
 * If there are no explicitly defined NameIDFormats, include the default format.
 * see: http://saml2int.org/profile/current/#section92
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 * @throws SamlException the saml exception
 */
private NameID buildNameId(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final List<String> supportedNameFormats = getSupportedNameIdFormats(service, adaptor);
    final String requiredNameFormat = getRequiredNameIdFormatIfAny(authnRequest);
    validateRequiredNameIdFormatIfAny(authnRequest, adaptor, supportedNameFormats, requiredNameFormat);
    final NameID nameid = determineNameId(authnRequest, assertion, supportedNameFormats, service, adaptor);
    return finalizeNameId(nameid, authnRequest, assertion, supportedNameFormats, service, adaptor);
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID)

Example 100 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method determineNameId.

/**
 * Determine name id name id.
 *
 * @param authnRequest         the authn request
 * @param assertion            the assertion
 * @param supportedNameFormats the supported name formats
 * @param service              the service
 * @param adaptor              the adaptor
 * @return the name id
 */
protected NameID determineNameId(final RequestAbstractType authnRequest, final Object assertion, final List<String> supportedNameFormats, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    for (final String nameFormat : supportedNameFormats) {
        LOGGER.debug("Evaluating NameID format [{}]", nameFormat);
        final NameID nameid = encodeNameIdBasedOnNameFormat(authnRequest, assertion, nameFormat, service, adaptor);
        if (nameid != null) {
            return nameid;
        }
    }
    return null;
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)113 Test (org.junit.jupiter.api.Test)42 lombok.val (lombok.val)40 Issuer (org.opensaml.saml.saml2.core.Issuer)28 AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)15 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)14 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)14 MessageContext (org.opensaml.messaging.context.MessageContext)13 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)12 IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)12 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)11 DateTime (org.joda.time.DateTime)11 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)11 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)11 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)10 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)10 IOException (java.io.IOException)9 XMLObject (org.opensaml.core.xml.XMLObject)9 NameID (org.opensaml.saml.saml2.core.NameID)8 JEEContext (org.pac4j.core.context.JEEContext)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial