Search in sources :

Example 1 with Extensions

use of org.opensaml.saml.saml2.core.Extensions in project cas by apereo.

the class MetadataUIUtils method locateMetadataUserInterfaceForEntityId.

/**
     * Locate mdui for entity id simple metadata ui info.
     *
     * @param entityDescriptor  the entity descriptor
     * @param entityId          the entity id
     * @param registeredService the registered service
     * @return the simple metadata ui info
     */
public static SamlMetadataUIInfo locateMetadataUserInterfaceForEntityId(final EntityDescriptor entityDescriptor, final String entityId, final RegisteredService registeredService) {
    final SamlMetadataUIInfo mdui = new SamlMetadataUIInfo(registeredService);
    if (entityDescriptor == null) {
        LOGGER.debug("Entity descriptor not found for [{}]", entityId);
        return mdui;
    }
    final SPSSODescriptor spssoDescriptor = getSPSsoDescriptor(entityDescriptor);
    if (spssoDescriptor == null) {
        LOGGER.debug("SP SSO descriptor not found for [{}]", entityId);
        return mdui;
    }
    final Extensions extensions = spssoDescriptor.getExtensions();
    if (extensions == null) {
        LOGGER.debug("No extensions in the SP SSO descriptor are found for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
        return mdui;
    }
    final List<XMLObject> spExtensions = extensions.getUnknownXMLObjects(UIInfo.DEFAULT_ELEMENT_NAME);
    if (spExtensions.isEmpty()) {
        LOGGER.debug("No extensions in the SP SSO descriptor are located for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
        return mdui;
    }
    spExtensions.stream().filter(UIInfo.class::isInstance).forEach(obj -> {
        final UIInfo uiInfo = (UIInfo) obj;
        LOGGER.debug("Found MDUI info for [{}]", entityId);
        mdui.setUIInfo(uiInfo);
    });
    return mdui;
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) UIInfo(org.opensaml.saml.ext.saml2mdui.UIInfo) XMLObject(org.opensaml.core.xml.XMLObject) Extensions(org.opensaml.saml.saml2.metadata.Extensions)

Example 2 with Extensions

use of org.opensaml.saml.saml2.core.Extensions in project pac4j by pac4j.

the class SAML2MetadataGenerator method generateMetadataExtensions.

protected final Extensions generateMetadataExtensions() {
    final SAMLObjectBuilder<Extensions> builderExt = (SAMLObjectBuilder<Extensions>) this.builderFactory.getBuilder(Extensions.DEFAULT_ELEMENT_NAME);
    final Extensions extensions = builderExt.buildObject();
    extensions.getNamespaceManager().registerAttributeName(DigestMethod.TYPE_NAME);
    final SAMLObjectBuilder<DigestMethod> builder = (SAMLObjectBuilder<DigestMethod>) this.builderFactory.getBuilder(DigestMethod.DEFAULT_ELEMENT_NAME);
    DigestMethod method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha512");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#sha384");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#sha224");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    extensions.getUnknownXMLObjects().add(method);
    method = builder.buildObject();
    method.setAlgorithm("http://www.w3.org/2000/09/xmldsig#dsa-sha1");
    extensions.getUnknownXMLObjects().add(method);
    return extensions;
}
Also used : SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) DigestMethod(org.opensaml.saml.ext.saml2alg.DigestMethod) Extensions(org.opensaml.saml.saml2.metadata.Extensions)

Example 3 with Extensions

use of org.opensaml.saml.saml2.core.Extensions in project pac4j by pac4j.

the class SAML2MetadataGenerator method buildSPSSODescriptor.

protected final SPSSODescriptor buildSPSSODescriptor() {
    final SAMLObjectBuilder<SPSSODescriptor> builder = (SAMLObjectBuilder<SPSSODescriptor>) this.builderFactory.getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    final SPSSODescriptor spDescriptor = builder.buildObject();
    spDescriptor.setAuthnRequestsSigned(this.authnRequestSigned);
    spDescriptor.setWantAssertionsSigned(this.wantAssertionSigned);
    spDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
    spDescriptor.addSupportedProtocol(SAMLConstants.SAML10P_NS);
    spDescriptor.addSupportedProtocol(SAMLConstants.SAML11P_NS);
    final SAMLObjectBuilder<Extensions> builderExt = (SAMLObjectBuilder<Extensions>) this.builderFactory.getBuilder(Extensions.DEFAULT_ELEMENT_NAME);
    final Extensions extensions = builderExt.buildObject();
    extensions.getNamespaceManager().registerAttributeName(RequestInitiator.DEFAULT_ELEMENT_NAME);
    final SAMLObjectBuilder<RequestInitiator> builderReq = (SAMLObjectBuilder<RequestInitiator>) this.builderFactory.getBuilder(RequestInitiator.DEFAULT_ELEMENT_NAME);
    final RequestInitiator requestInitiator = builderReq.buildObject();
    requestInitiator.setLocation(this.requestInitiatorLocation);
    requestInitiator.setBinding(RequestInitiator.DEFAULT_ELEMENT_NAME.getNamespaceURI());
    extensions.getUnknownXMLObjects().add(requestInitiator);
    spDescriptor.setExtensions(extensions);
    spDescriptor.getNameIDFormats().addAll(buildNameIDFormat());
    int index = 0;
    // Fix the POST binding for the response instead of using the binding of the request
    spDescriptor.getAssertionConsumerServices().add(getAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI, index++, this.defaultACSIndex == index));
    if (credentialProvider != null) {
        spDescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, this.credentialProvider.getKeyInfo()));
        spDescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.ENCRYPTION, this.credentialProvider.getKeyInfo()));
    }
    return spDescriptor;
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) RequestInitiator(org.opensaml.saml.ext.saml2mdreqinit.RequestInitiator) Extensions(org.opensaml.saml.saml2.metadata.Extensions)

Example 4 with Extensions

use of org.opensaml.saml.saml2.core.Extensions in project spring-security by spring-projects.

the class OpenSamlMetadataAssertingPartyDetailsConverter method signingMethods.

private List<SigningMethod> signingMethods(IDPSSODescriptor idpssoDescriptor) {
    Extensions extensions = idpssoDescriptor.getExtensions();
    List<SigningMethod> result = signingMethods(extensions);
    if (!result.isEmpty()) {
        return result;
    }
    EntityDescriptor descriptor = (EntityDescriptor) idpssoDescriptor.getParent();
    extensions = descriptor.getExtensions();
    return signingMethods(extensions);
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) Extensions(org.opensaml.saml.saml2.metadata.Extensions) SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)

Example 5 with Extensions

use of org.opensaml.saml.saml2.core.Extensions in project cas by apereo.

the class SamlIdPSingleLogoutRedirectionStrategy method supports.

@Override
public boolean supports(final RequestContext context) {
    val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    val registeredService = WebUtils.getRegisteredService(request);
    if (registeredService instanceof SamlRegisteredService) {
        val logout = configurationContext.getCasProperties().getAuthn().getSamlIdp().getLogout();
        val samlRegisteredService = (SamlRegisteredService) registeredService;
        val sloRequest = WebUtils.getSingleLogoutRequest(request);
        val async = new AtomicBoolean(false);
        if (StringUtils.isNotBlank(sloRequest)) {
            async.set(getLogoutRequest(request).map(RequestAbstractType::getExtensions).stream().filter(Objects::nonNull).anyMatch(extensions -> !extensions.getUnknownXMLObjects(Asynchronous.DEFAULT_ELEMENT_NAME).isEmpty()));
        }
        return logout.isSendLogoutResponse() && samlRegisteredService != null && samlRegisteredService.isLogoutResponseEnabled() && sloRequest != null && !async.get();
    }
    return false;
}
Also used : lombok.val(lombok.val) MessageContext(org.opensaml.messaging.context.MessageContext) RandomUtils(org.apereo.cas.util.RandomUtils) SneakyThrows(lombok.SneakyThrows) RequiredArgsConstructor(lombok.RequiredArgsConstructor) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) StringUtils(org.apache.commons.lang3.StringUtils) XMLObjectSupport(org.opensaml.core.xml.util.XMLObjectSupport) RequestContext(org.springframework.webflow.execution.RequestContext) SamlUtils(org.apereo.cas.support.saml.SamlUtils) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) StatusCode(org.opensaml.saml.saml2.core.StatusCode) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) HttpServletRequest(javax.servlet.http.HttpServletRequest) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport) LogoutRedirectionStrategy(org.apereo.cas.logout.LogoutRedirectionStrategy) CollectionUtils(org.apereo.cas.util.CollectionUtils) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) lombok.val(lombok.val) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) SamlProtocolConstants(org.apereo.cas.support.saml.SamlProtocolConstants) Objects(java.util.Objects) SamlProfileHandlerConfigurationContext(org.apereo.cas.support.saml.web.idp.profile.SamlProfileHandlerConfigurationContext) Slf4j(lombok.extern.slf4j.Slf4j) Asynchronous(org.opensaml.saml.ext.saml2aslo.Asynchronous) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) Optional(java.util.Optional) EncodingUtils(org.apereo.cas.util.EncodingUtils) WebUtils(org.apereo.cas.web.support.WebUtils) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) Objects(java.util.Objects)

Aggregations

Extensions (org.opensaml.saml.saml2.metadata.Extensions)4 Optional (java.util.Optional)2 lombok.val (lombok.val)2 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)2 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)2 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 Objects (java.util.Objects)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 EqualsAndHashCode (lombok.EqualsAndHashCode)1 Getter (lombok.Getter)1 RequiredArgsConstructor (lombok.RequiredArgsConstructor)1 Setter (lombok.Setter)1 SneakyThrows (lombok.SneakyThrows)1 ToString (lombok.ToString)1 Slf4j (lombok.extern.slf4j.Slf4j)1