Examples with AuthnRequest org.opensaml.saml.saml2.core.AuthnRequest used on opensource projects

Search in sources :

Example 16 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project ddf by codice.

the class IdpEndpoint method doSoapLogin.

@POST
@Path("/login")
@Consumes({ "text/xml", "application/soap+xml" })
public Response doSoapLogin(InputStream body, @Context HttpServletRequest request) {
    if (!request.isSecure()) {
        throw new IllegalArgumentException("Authn Request must use TLS.");
    }
    SoapBinding soapBinding = new SoapBinding(systemCrypto, serviceProviders);
    try {
        String bodyStr = IOUtils.toString(body);
        AuthnRequest authnRequest = soapBinding.decoder().decodeRequest(bodyStr);
        String relayState = ((SoapRequestDecoder) soapBinding.decoder()).decodeRelayState(bodyStr);
        soapBinding.validator().validateRelayState(relayState);
        soapBinding.validator().validateAuthnRequest(authnRequest, bodyStr, null, null, null, strictSignature);
        boolean hasCookie = hasValidCookie(request, authnRequest.isForceAuthn());
        AuthObj authObj = determineAuthMethod(bodyStr, authnRequest);
        org.opensaml.saml.saml2.core.Response response = handleLogin(authnRequest, authObj.method, request, authObj, authnRequest.isPassive(), hasCookie);
        Response samlpResponse = soapBinding.creator().getSamlpResponse(relayState, authnRequest, response, null, soapMessage);
        samlpResponse.getHeaders().put("SOAPAction", Collections.singletonList("http://www.oasis-open.org/committees/security"));
        return samlpResponse;
    } catch (IOException e) {
        LOGGER.debug("Unable to decode SOAP AuthN Request", e);
    } catch (SimpleSign.SignatureException e) {
        LOGGER.debug("Unable to validate signature.", e);
    } catch (ValidationException e) {
        LOGGER.debug("Unable to validate request.", e);
    } catch (SecurityServiceException e) {
        LOGGER.debug("Unable to authenticate user.", e);
    } catch (WSSecurityException | IllegalArgumentException e) {
        LOGGER.debug("Bad request.", e);
    }
    return null;
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) ValidationException(ddf.security.samlp.ValidationException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SoapRequestDecoder(org.codice.ddf.security.idp.binding.soap.SoapRequestDecoder) IOException(java.io.IOException) SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(javax.ws.rs.core.Response) SimpleSign(ddf.security.samlp.SimpleSign) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 17 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project ddf by codice.

the class PostRequestDecoder method decodeRequest.

@Override
public AuthnRequest decodeRequest(String samlRequest) {
    LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
    if (StringUtils.isEmpty(samlRequest)) {
        throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
    }
    String decodedRequest = new String(Base64.getMimeDecoder().decode(samlRequest), StandardCharsets.UTF_8);
    ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
    Document authnDoc;
    try {
        authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
    } catch (Exception ex) {
        throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
    }
    XMLObject authnXmlObj;
    try {
        authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
    }
    if (!(authnXmlObj instanceof AuthnRequest)) {
        throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
    }
    LOGGER.debug("Created AuthnRequest object successfully.");
    return (AuthnRequest) authnXmlObj;
}
Also used : InputStreamReader(java.io.InputStreamReader) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 18 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project ddf by codice.

the class RedirectRequestDecoder method decodeRequest.

@Override
public AuthnRequest decodeRequest(String samlRequest) {
    LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
    if (StringUtils.isEmpty(samlRequest)) {
        throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
    }
    String decodedRequest;
    try {
        decodedRequest = RestSecurity.inflateBase64(samlRequest);
    } catch (IOException e) {
        throw new IllegalArgumentException("Unable to decode SAMLRequest: base64/inflate.");
    }
    ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
    Document authnDoc;
    try {
        authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
    } catch (Exception ex) {
        throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
    }
    XMLObject authnXmlObj;
    try {
        authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
    }
    if (!(authnXmlObj instanceof AuthnRequest)) {
        throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
    }
    LOGGER.debug("Created AuthnRequest object successfully.");
    return (AuthnRequest) authnXmlObj;
}
Also used : InputStreamReader(java.io.InputStreamReader) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) Document(org.w3c.dom.Document) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 19 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project ddf by codice.

the class IdpHandler method doHttpPostBinding.

private void doHttpPostBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
    try {
        IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
        if (idpssoDescriptor == null) {
            throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
        }
        response.getWriter().printf(postBindingTemplate, idpMetadata.getSingleSignOnLocation(), encodeAuthnRequest(createAndSignAuthnRequest(true, idpssoDescriptor.getWantAuthnRequestsSigned()), true), createRelayState(request));
        response.setStatus(200);
        response.flushBuffer();
    } catch (IOException e) {
        LOGGER.info("Unable to post AuthnRequest to IdP", e);
        throw new ServletException("Unable to post to IdP");
    }
}
Also used : ServletException(javax.servlet.ServletException) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) IOException(java.io.IOException)

Example 20 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project ddf by codice.

the class IdpHandler method doHttpRedirectBinding.

private void doHttpRedirectBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
    String redirectUrl;
    String idpRequest = null;
    String relayState = createRelayState(request);
    try {
        IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
        if (idpssoDescriptor == null) {
            throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
        }
        String queryParams = String.format("SAMLRequest=%s&RelayState=%s", encodeAuthnRequest(createAndSignAuthnRequest(false, idpssoDescriptor.getWantAuthnRequestsSigned()), false), URLEncoder.encode(relayState, "UTF-8"));
        idpRequest = idpMetadata.getSingleSignOnLocation() + "?" + queryParams;
        UriBuilder idpUri = new UriBuilderImpl(new URI(idpRequest));
        simpleSign.signUriString(queryParams, idpUri);
        redirectUrl = idpUri.build().toString();
    } catch (UnsupportedEncodingException e) {
        LOGGER.info("Unable to encode relay state: {}", relayState, e);
        throw new ServletException("Unable to create return location");
    } catch (SimpleSign.SignatureException e) {
        String msg = "Unable to sign request";
        LOGGER.info(msg, e);
        throw new ServletException(msg);
    } catch (URISyntaxException e) {
        LOGGER.info("Unable to parse IDP request location: {}", idpRequest, e);
        throw new ServletException("Unable to determine IDP location.");
    }
    try {
        response.sendRedirect(redirectUrl);
        response.flushBuffer();
    } catch (IOException e) {
        LOGGER.info("Unable to redirect AuthnRequest to {}", redirectUrl, e);
        throw new ServletException("Unable to redirect to IdP");
    }
}
Also used : ServletException(javax.servlet.ServletException) SimpleSign(ddf.security.samlp.SimpleSign) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) UnsupportedEncodingException(java.io.UnsupportedEncodingException) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) UriBuilder(javax.ws.rs.core.UriBuilder) UriBuilderImpl(org.apache.cxf.jaxrs.impl.UriBuilderImpl) URI(java.net.URI)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)15 IOException (java.io.IOException)9 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 SimpleSign (ddf.security.samlp.SimpleSign)4 XMLObject (org.opensaml.core.xml.XMLObject)4 Document (org.w3c.dom.Document)4 ValidationException (ddf.security.samlp.ValidationException)3 SecurityServiceException (ddf.security.service.SecurityServiceException)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 SecureRandom (java.security.SecureRandom)3 ZonedDateTime (java.time.ZonedDateTime)3 ServletException (javax.servlet.ServletException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)3 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)3 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)3 MessageContext (org.opensaml.messaging.context.MessageContext)3 InputStreamReader (java.io.InputStreamReader)2 Path (javax.ws.rs.Path)2 NewCookie (javax.ws.rs.core.NewCookie)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial