Example 41 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.
@Override
protected Envelope buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final Response ecpResponse = newEcpResponse(adaptor.getAssertionConsumerService().getLocation());
final Header header = newSoapObject(Header.class);
header.getUnknownXMLObjects().add(ecpResponse);
final Body body = newSoapObject(Body.class);
final org.opensaml.saml.saml2.core.Response saml2Response = (org.opensaml.saml.saml2.core.Response) saml2ResponseBuilder.build(authnRequest, request, response, casAssertion, service, adaptor);
body.getUnknownXMLObjects().add(saml2Response);
final Envelope envelope = newSoapObject(Envelope.class);
envelope.setHeader(header);
envelope.setBody(body);
return envelope;
}
Also used :
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(org.opensaml.saml.saml2.ecp.Response)
Header(org.opensaml.soap.soap11.Header)
Envelope(org.opensaml.soap.soap11.Envelope)
Body(org.opensaml.soap.soap11.Body)
Example 42 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SSOPostProfileCallbackHandlerController method handleCallbackProfileRequest.
/**
* Handle callback profile request.
*
* @param response the response
* @param request the request
* @throws Exception the exception
*/
@GetMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK)
protected void handleCallbackProfileRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
final AuthnRequest authnRequest = retrieveSamlAuthenticationRequestFromHttpRequest(request);
if (authnRequest == null) {
LOGGER.error("Can not validate the request because the original Authn request can not be found.");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
if (StringUtils.isBlank(ticket)) {
LOGGER.error("Can not validate the request because no [{}] is provided via the request", CasProtocolConstants.PARAMETER_TICKET);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
final Pair<AuthnRequest, MessageContext> authenticationContext = buildAuthenticationContextPair(request, authnRequest);
final Assertion assertion = validateRequestAndBuildCasAssertion(response, request, authenticationContext);
buildSamlResponse(response, request, authenticationContext, assertion);
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Assertion(org.jasig.cas.client.validation.Assertion)
MessageContext(org.opensaml.messaging.context.MessageContext)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Example 43 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cloudstack by apache.
the class SAMLUtilsTest method testBuildAuthnRequestObject.
@Test
public void testBuildAuthnRequestObject() throws Exception {
String consumerUrl = "http://someurl.com";
String idpUrl = "http://idp.domain.example";
String spId = "cloudstack";
String authnId = SAMLUtils.generateSecureRandomId();
AuthnRequest req = SAMLUtils.buildAuthnRequestObject(authnId, spId, idpUrl, consumerUrl);
assertEquals(req.getAssertionConsumerServiceURL(), consumerUrl);
assertEquals(req.getDestination(), idpUrl);
assertEquals(req.getIssuer().getValue(), spId);
}
Also used :
AuthnRequest(org.opensaml.saml2.core.AuthnRequest)
Test(org.junit.Test)
Example 44 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cloudstack by apache.
the class SAMLUtils method buildAuthnRequestUrl.
public static String buildAuthnRequestUrl(final String authnId, final SAMLProviderMetadata spMetadata, final SAMLProviderMetadata idpMetadata, final String signatureAlgorithm) {
String redirectUrl = "";
try {
DefaultBootstrap.bootstrap();
AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(authnId, spMetadata.getEntityId(), idpMetadata.getSsoUrl(), spMetadata.getSsoUrl());
PrivateKey privateKey = null;
if (spMetadata.getKeyPair() != null) {
privateKey = spMetadata.getKeyPair().getPrivate();
}
redirectUrl = idpMetadata.getSsoUrl() + "?" + SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest), privateKey, signatureAlgorithm);
} catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException | NoSuchAlgorithmException | InvalidKeyException | java.security.SignatureException e) {
s_logger.error("SAML AuthnRequest message building error: " + e.getMessage());
}
return redirectUrl;
}
Also used :
PrivateKey(java.security.PrivateKey)
AuthnRequest(org.opensaml.saml2.core.AuthnRequest)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
Example 45 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project ddf by codice.
the class IdpEndpoint method processLogin.
@GET
@Path("/login/sso")
public Response processLogin(@QueryParam(SAML_REQ) String samlRequest, @QueryParam(RELAY_STATE) String relayState, @QueryParam(AUTH_METHOD) String authMethod, @QueryParam(SSOConstants.SIG_ALG) String signatureAlgorithm, @QueryParam(SSOConstants.SIGNATURE) String signature, @QueryParam(ORIGINAL_BINDING) String originalBinding, @Context HttpServletRequest request) {
LOGGER.debug("Processing login request: [ authMethod {} ], [ sigAlg {} ], [ relayState {} ]", authMethod, signatureAlgorithm, relayState);
try {
Binding binding;
String template;
if (!request.isSecure()) {
throw new IllegalArgumentException("Authn Request must use TLS.");
}
//the authn request is always encoded as if it came in via redirect when coming from the web app
Binding redirectBinding = new RedirectBinding(systemCrypto, serviceProviders);
AuthnRequest authnRequest = redirectBinding.decoder().decodeRequest(samlRequest);
String assertionConsumerServiceBinding = ResponseCreator.getAssertionConsumerServiceBinding(authnRequest, serviceProviders);
if (HTTP_POST_BINDING.equals(originalBinding)) {
binding = new PostBinding(systemCrypto, serviceProviders);
template = submitForm;
} else if (HTTP_REDIRECT_BINDING.equals(originalBinding)) {
binding = redirectBinding;
template = redirectPage;
} else {
throw new IdpException(new UnsupportedOperationException("Must use HTTP POST or Redirect bindings."));
}
binding.validator().validateAuthnRequest(authnRequest, samlRequest, relayState, signatureAlgorithm, signature, strictSignature);
if (HTTP_POST_BINDING.equals(assertionConsumerServiceBinding)) {
if (!(binding instanceof PostBinding)) {
binding = new PostBinding(systemCrypto, serviceProviders);
}
} else if (HTTP_REDIRECT_BINDING.equals(assertionConsumerServiceBinding)) {
if (!(binding instanceof RedirectBinding)) {
binding = new RedirectBinding(systemCrypto, serviceProviders);
}
}
org.opensaml.saml.saml2.core.Response encodedSaml = handleLogin(authnRequest, authMethod, request, null, false, false);
LOGGER.debug("Returning SAML Response for relayState: {}" + relayState);
NewCookie newCookie = createCookie(request, encodedSaml);
Response response = binding.creator().getSamlpResponse(relayState, authnRequest, encodedSaml, newCookie, template);
if (newCookie != null) {
cookieCache.addActiveSp(newCookie.getValue(), authnRequest.getIssuer().getValue());
logAddedSp(authnRequest);
}
return response;
} catch (SecurityServiceException e) {
LOGGER.info("Unable to retrieve subject for user.", e);
return Response.status(Response.Status.UNAUTHORIZED).build();
} catch (WSSecurityException e) {
LOGGER.info("Unable to encode SAMLP response.", e);
} catch (SimpleSign.SignatureException e) {
LOGGER.info("Unable to sign SAML response.", e);
} catch (IllegalArgumentException e) {
LOGGER.info(e.getMessage(), e);
return Response.status(Response.Status.BAD_REQUEST).build();
} catch (ValidationException e) {
LOGGER.info("AuthnRequest schema validation failed.", e);
return Response.status(Response.Status.BAD_REQUEST).build();
} catch (IOException e) {
LOGGER.info("Unable to create SAML Response.", e);
} catch (IdpException e) {
LOGGER.info(e.getMessage(), e);
return Response.status(Response.Status.BAD_REQUEST).build();
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
}
Also used :
RedirectBinding(org.codice.ddf.security.idp.binding.redirect.RedirectBinding)
SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding)
Binding(org.codice.ddf.security.idp.binding.api.Binding)
PostBinding(org.codice.ddf.security.idp.binding.post.PostBinding)
RedirectBinding(org.codice.ddf.security.idp.binding.redirect.RedirectBinding)
SecurityServiceException(ddf.security.service.SecurityServiceException)
ValidationException(ddf.security.samlp.ValidationException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
SimpleSign(ddf.security.samlp.SimpleSign)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
PostBinding(org.codice.ddf.security.idp.binding.post.PostBinding)
NewCookie(javax.ws.rs.core.NewCookie)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)40
Test (org.junit.Test)11
IOException (java.io.IOException)9
AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)9
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
Assertion (org.jasig.cas.client.validation.Assertion)7
MessageContext (org.opensaml.messaging.context.MessageContext)7
Document (org.w3c.dom.Document)7
ZonedDateTime (java.time.ZonedDateTime)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)6
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)6
Assertion (org.opensaml.saml.saml2.core.Assertion)6
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)6
NameID (org.opensaml.saml.saml2.core.NameID)6
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)6
Envelope (org.opensaml.soap.soap11.Envelope)6
Response (javax.ws.rs.core.Response)5
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)5
SimpleSign (ddf.security.samlp.SimpleSign)4
