Search in sources :

Example 26 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class SSOSamlProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.

private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
    final AuthnRequest authnRequest = pair.getKey();
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    this.ticketValidator.setRenew(authnRequest.isForceAuthn());
    final String serviceUrl = constructServiceUrl(request, response, pair);
    LOGGER.trace("Created service url for validation: [{}]", serviceUrl);
    final Assertion assertion = this.ticketValidator.validate(ticket, serviceUrl);
    logCasValidationAssertion(assertion);
    return assertion;
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Assertion(org.jasig.cas.client.validation.Assertion)

Example 27 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlRequestAuditResourceResolver method getAuditResourceFromSamlAuthnRequest.

private String[] getAuditResourceFromSamlAuthnRequest(final AuthnRequest returnValue) {
    final AuthnRequest request = returnValue;
    final String result = new ToStringBuilder(this, ToStringStyle.NO_CLASS_NAME_STYLE).append("issuer", request.getIssuer().getValue()).append("binding", request.getProtocolBinding()).toString();
    return new String[] { result };
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ToStringBuilder(org.apache.commons.lang3.builder.ToStringBuilder)

Example 28 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class AbstractSamlProfileHandlerController method constructServiceUrl.

/**
 * Construct service url string.
 *
 * @param request  the request
 * @param response the response
 * @param pair     the pair
 * @return the string
 * @throws SamlException the saml exception
 */
@SneakyThrows
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response, final Pair<? extends SignableSAMLObject, MessageContext> pair) throws SamlException {
    final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
    final MessageContext messageContext = pair.getRight();
    try (StringWriter writer = SamlUtils.transformSamlObject(this.configBean, authnRequest)) {
        final URLBuilder builder = new URLBuilder(this.callbackService.getId());
        builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_ENTITY_ID, SamlIdPUtils.getIssuerFromSamlRequest(authnRequest)));
        final String samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
        builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest));
        builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE, SAMLBindingSupport.getRelayState(messageContext)));
        final String url = builder.buildURL();
        LOGGER.trace("Built service callback url [{}]", url);
        return CommonUtils.constructServiceUrl(request, response, url, casProperties.getServer().getName(), CasProtocolConstants.PARAMETER_SERVICE, CasProtocolConstants.PARAMETER_TICKET, false);
    }
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) StringWriter(java.io.StringWriter) MessageContext(org.opensaml.messaging.context.MessageContext) URLBuilder(net.shibboleth.utilities.java.support.net.URLBuilder) SneakyThrows(lombok.SneakyThrows)

Example 29 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class AbstractSamlProfileHandlerController method issueAuthenticationRequestRedirect.

/**
 * Redirect request for authentication.
 *
 * @param pair     the pair
 * @param request  the request
 * @param response the response
 * @throws Exception the exception
 */
protected void issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
    final String serviceUrl = constructServiceUrl(request, response, pair);
    LOGGER.debug("Created service url [{}]", serviceUrl);
    final String initialUrl = CommonUtils.constructRedirectUrl(casProperties.getServer().getLoginUrl(), CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(), authnRequest.isPassive());
    final String urlToRedirectTo = buildRedirectUrlByRequestedAuthnContext(initialUrl, authnRequest, request);
    LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo);
    final AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
    authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
}
Also used : DefaultAuthenticationRedirectStrategy(org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) DefaultAuthenticationRedirectStrategy(org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy) AuthenticationRedirectStrategy(org.jasig.cas.client.authentication.AuthenticationRedirectStrategy)

Example 30 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.

the class AbstractSamlProfileHandlerController method retrieveSamlAuthenticationRequestFromHttpRequest.

/**
 * Retrieve authn request authn request.
 *
 * @param request the request
 * @return the authn request
 * @throws Exception the exception
 */
protected AuthnRequest retrieveSamlAuthenticationRequestFromHttpRequest(final HttpServletRequest request) throws Exception {
    LOGGER.debug("Retrieving authentication request from scope");
    final String requestValue = request.getParameter(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
    if (StringUtils.isBlank(requestValue)) {
        throw new IllegalArgumentException("SAML request could not be determined from the authentication request");
    }
    final byte[] encodedRequest = EncodingUtils.decodeBase64(requestValue.getBytes(StandardCharsets.UTF_8));
    final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(this.configBean.getParserPool(), new ByteArrayInputStream(encodedRequest));
    return authnRequest;
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ByteArrayInputStream(java.io.ByteArrayInputStream)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)40 Test (org.junit.Test)11 IOException (java.io.IOException)9 AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)9 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 Assertion (org.jasig.cas.client.validation.Assertion)7 MessageContext (org.opensaml.messaging.context.MessageContext)7 Document (org.w3c.dom.Document)7 ZonedDateTime (java.time.ZonedDateTime)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)6 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)6 Assertion (org.opensaml.saml.saml2.core.Assertion)6 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)6 NameID (org.opensaml.saml.saml2.core.NameID)6 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)6 Envelope (org.opensaml.soap.soap11.Envelope)6 Response (javax.ws.rs.core.Response)5 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)5 SimpleSign (ddf.security.samlp.SimpleSign)4