Example 26 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SSOSamlProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.
private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
final AuthnRequest authnRequest = pair.getKey();
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
this.ticketValidator.setRenew(authnRequest.isForceAuthn());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.trace("Created service url for validation: [{}]", serviceUrl);
final Assertion assertion = this.ticketValidator.validate(ticket, serviceUrl);
logCasValidationAssertion(assertion);
return assertion;
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Assertion(org.jasig.cas.client.validation.Assertion)
Example 27 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlRequestAuditResourceResolver method getAuditResourceFromSamlAuthnRequest.
private String[] getAuditResourceFromSamlAuthnRequest(final AuthnRequest returnValue) {
final AuthnRequest request = returnValue;
final String result = new ToStringBuilder(this, ToStringStyle.NO_CLASS_NAME_STYLE).append("issuer", request.getIssuer().getValue()).append("binding", request.getProtocolBinding()).toString();
return new String[] { result };
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ToStringBuilder(org.apache.commons.lang3.builder.ToStringBuilder)
Example 28 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlProfileHandlerController method constructServiceUrl.
/**
* Construct service url string.
*
* @param request the request
* @param response the response
* @param pair the pair
* @return the string
* @throws SamlException the saml exception
*/
@SneakyThrows
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response, final Pair<? extends SignableSAMLObject, MessageContext> pair) throws SamlException {
final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
final MessageContext messageContext = pair.getRight();
try (StringWriter writer = SamlUtils.transformSamlObject(this.configBean, authnRequest)) {
final URLBuilder builder = new URLBuilder(this.callbackService.getId());
builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_ENTITY_ID, SamlIdPUtils.getIssuerFromSamlRequest(authnRequest)));
final String samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest));
builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE, SAMLBindingSupport.getRelayState(messageContext)));
final String url = builder.buildURL();
LOGGER.trace("Built service callback url [{}]", url);
return CommonUtils.constructServiceUrl(request, response, url, casProperties.getServer().getName(), CasProtocolConstants.PARAMETER_SERVICE, CasProtocolConstants.PARAMETER_TICKET, false);
}
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
StringWriter(java.io.StringWriter)
MessageContext(org.opensaml.messaging.context.MessageContext)
URLBuilder(net.shibboleth.utilities.java.support.net.URLBuilder)
SneakyThrows(lombok.SneakyThrows)
Example 29 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlProfileHandlerController method issueAuthenticationRequestRedirect.
/**
* Redirect request for authentication.
*
* @param pair the pair
* @param request the request
* @param response the response
* @throws Exception the exception
*/
protected void issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url [{}]", serviceUrl);
final String initialUrl = CommonUtils.constructRedirectUrl(casProperties.getServer().getLoginUrl(), CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(), authnRequest.isPassive());
final String urlToRedirectTo = buildRedirectUrlByRequestedAuthnContext(initialUrl, authnRequest, request);
LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo);
final AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
}
Also used :
DefaultAuthenticationRedirectStrategy(org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
DefaultAuthenticationRedirectStrategy(org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy)
AuthenticationRedirectStrategy(org.jasig.cas.client.authentication.AuthenticationRedirectStrategy)
Example 30 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlProfileHandlerController method retrieveSamlAuthenticationRequestFromHttpRequest.
/**
* Retrieve authn request authn request.
*
* @param request the request
* @return the authn request
* @throws Exception the exception
*/
protected AuthnRequest retrieveSamlAuthenticationRequestFromHttpRequest(final HttpServletRequest request) throws Exception {
LOGGER.debug("Retrieving authentication request from scope");
final String requestValue = request.getParameter(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
if (StringUtils.isBlank(requestValue)) {
throw new IllegalArgumentException("SAML request could not be determined from the authentication request");
}
final byte[] encodedRequest = EncodingUtils.decodeBase64(requestValue.getBytes(StandardCharsets.UTF_8));
final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(this.configBean.getParserPool(), new ByteArrayInputStream(encodedRequest));
return authnRequest;
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)40
Test (org.junit.Test)11
IOException (java.io.IOException)9
AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)9
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
Assertion (org.jasig.cas.client.validation.Assertion)7
MessageContext (org.opensaml.messaging.context.MessageContext)7
Document (org.w3c.dom.Document)7
ZonedDateTime (java.time.ZonedDateTime)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)6
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)6
Assertion (org.opensaml.saml.saml2.core.Assertion)6
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)6
NameID (org.opensaml.saml.saml2.core.NameID)6
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)6
Envelope (org.opensaml.soap.soap11.Envelope)6
Response (javax.ws.rs.core.Response)5
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)5
SimpleSign (ddf.security.samlp.SimpleSign)4
