Example 1 with Conditions
use of org.opensaml.saml.saml2.core.Conditions in project cas by apereo.
the class GoogleAccountsServiceResponseBuilder method constructSamlResponse.
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
*
* @param service the service
* @return the SAML response
*/
protected String constructSamlResponse(final GoogleAccountsService service) {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService registeredService = servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}
final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service);
final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, service.getId(), service);
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix, notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant, currentDateTime.plusSeconds(this.skewAllowance), service.getId());
assertion.setConditions(conditions);
final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId, service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final StringWriter writer = new StringWriter();
this.samlObjectBuilder.marshalSamlXmlObject(response, writer);
final String result = writer.toString();
LOGGER.debug("Generated Google SAML response: [{}]", result);
return result;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Assertion(org.opensaml.saml.saml2.core.Assertion)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
SecureRandom(java.security.SecureRandom)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Subject(org.opensaml.saml.saml2.core.Subject)
StringWriter(java.io.StringWriter)
ZonedDateTime(java.time.ZonedDateTime)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
Example 2 with Conditions
use of org.opensaml.saml.saml2.core.Conditions in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newConditions.
/**
* New conditions element.
*
* @param notBefore the not before
* @param notOnOrAfter the not on or after
* @param audienceUri the service id
* @return the conditions
*/
public Conditions newConditions(final ZonedDateTime notBefore, final ZonedDateTime notOnOrAfter, final String audienceUri) {
final Conditions conditions = newSamlObject(Conditions.class);
conditions.setNotBefore(DateTimeUtils.dateTimeOf(notBefore));
conditions.setNotOnOrAfter(DateTimeUtils.dateTimeOf(notOnOrAfter));
final AudienceRestriction audienceRestriction = newSamlObject(AudienceRestriction.class);
final Audience audience = newSamlObject(Audience.class);
audience.setAudienceURI(audienceUri);
audienceRestriction.getAudiences().add(audience);
conditions.getAudienceRestrictions().add(audienceRestriction);
return conditions;
}
Also used :
AudienceRestriction(org.opensaml.saml.saml2.core.AudienceRestriction)
Audience(org.opensaml.saml.saml2.core.Audience)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Example 3 with Conditions
use of org.opensaml.saml.saml2.core.Conditions in project cas by apereo.
the class SamlProfileSamlConditionsBuilder method buildConditions.
private Conditions buildConditions(final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final Conditions conditions = newConditions(currentDateTime, currentDateTime.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance()), adaptor.getEntityId());
return conditions;
}
Also used :
ZonedDateTime(java.time.ZonedDateTime)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Example 4 with Conditions
use of org.opensaml.saml.saml2.core.Conditions in project cas by apereo.
the class Saml10ObjectBuilder method newConditions.
/**
* New conditions element.
*
* @param issuedAt the issued at
* @param audienceUri the service id
* @param issueLength the issue length
* @return the conditions
*/
public Conditions newConditions(final ZonedDateTime issuedAt, final String audienceUri, final long issueLength) {
final Conditions conditions = newSamlObject(Conditions.class);
conditions.setNotBefore(DateTimeUtils.dateTimeOf(issuedAt));
conditions.setNotOnOrAfter(DateTimeUtils.dateTimeOf(issuedAt.plus(issueLength, ChronoUnit.MILLIS)));
final AudienceRestrictionCondition audienceRestriction = newSamlObject(AudienceRestrictionCondition.class);
final Audience audience = newSamlObject(Audience.class);
audience.setUri(audienceUri);
audienceRestriction.getAudiences().add(audience);
conditions.getAudienceRestrictionConditions().add(audienceRestriction);
return conditions;
}
Also used :
Audience(org.opensaml.saml.saml1.core.Audience)
AudienceRestrictionCondition(org.opensaml.saml.saml1.core.AudienceRestrictionCondition)
Conditions(org.opensaml.saml.saml1.core.Conditions)
Example 5 with Conditions
use of org.opensaml.saml.saml2.core.Conditions in project cas by apereo.
the class Saml10SuccessResponseView method prepareResponse.
@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
final ZonedDateTime issuedAt = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
final Service service = getAssertionFrom(model).getService();
LOGGER.debug("Preparing SAML response for service [{}]", service);
final Authentication authentication = getPrimaryAuthenticationFrom(model);
final Collection<Object> authnMethods = CollectionUtils.toCollection(authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
LOGGER.debug("Authentication methods found are [{}]", authnMethods);
final Principal principal = getPrincipal(model);
final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement(authentication.getAuthenticationDate(), authnMethods, principal.getId());
LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, authentication.getAuthenticationDate());
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId());
LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, issuedAt);
final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.skewAllowance);
assertion.setConditions(conditions);
LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
final Subject subject = this.samlObjectBuilder.newSubject(principal.getId());
LOGGER.debug("Built subject for principal [{}]", principal);
final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service);
LOGGER.debug("Authentication statement shall include these attributes [{}]", attributesToSend);
if (!attributesToSend.isEmpty()) {
assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(subject, attributesToSend, this.defaultAttributeNamespace));
}
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
LOGGER.debug("Set response status code to [{}]", response.getStatus());
response.getAssertions().add(assertion);
}
Also used :
ZonedDateTime(java.time.ZonedDateTime)
Authentication(org.apereo.cas.authentication.Authentication)
Assertion(org.opensaml.saml.saml1.core.Assertion)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
Principal(org.apereo.cas.authentication.principal.Principal)
AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)
Conditions(org.opensaml.saml.saml1.core.Conditions)
Subject(org.opensaml.saml.saml1.core.Subject)
Aggregations
ZonedDateTime (java.time.ZonedDateTime)4
Conditions (org.opensaml.saml.saml1.core.Conditions)3
Conditions (org.opensaml.saml.saml2.core.Conditions)3
RegisteredService (org.apereo.cas.services.RegisteredService)2
Assertion (org.opensaml.saml.saml1.core.Assertion)2
Throwables (com.google.common.base.Throwables)1
BufferedReader (java.io.BufferedReader)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
InputStream (java.io.InputStream)1
InputStreamReader (java.io.InputStreamReader)1
StringWriter (java.io.StringWriter)1
StandardCharsets (java.nio.charset.StandardCharsets)1
KeyPair (java.security.KeyPair)1
SecureRandom (java.security.SecureRandom)1
Security (java.security.Security)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Collectors (java.util.stream.Collectors)1
IntStream (java.util.stream.IntStream)1
