Examples with Issuer org.opensaml.saml.saml2.core.Issuer used on opensource projects

Example 66 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class AbstractSamlIdPProfileHandlerController method verifySamlAuthenticationRequest.

/**
 * Verify saml authentication request.
 *
 * @param authenticationContext the pair
 * @param request               the request
 * @return the pair
 * @throws Exception the exception
 */
protected Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(final Pair<? extends RequestAbstractType, MessageContext> authenticationContext, final HttpServletRequest request) throws Exception {
    val authnRequest = (AuthnRequest) authenticationContext.getKey();
    val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
    LOGGER.debug("Located issuer [{}] from authentication request", issuer);
    val registeredService = verifySamlRegisteredService(issuer);
    LOGGER.debug("Fetching SAML2 metadata adaptor for [{}]", issuer);
    val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(configurationContext.getSamlRegisteredServiceCachingMetadataResolver(), registeredService, authnRequest);
    if (adaptor.isEmpty()) {
        LOGGER.warn("No metadata could be found for [{}]", issuer);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
    }
    val facade = adaptor.get();
    verifyAuthenticationContextSignature(authenticationContext, request, authnRequest, facade, registeredService);
    val binding = determineProfileBinding(authenticationContext);
    val acs = SamlIdPUtils.determineEndpointForRequest(Pair.of(authnRequest, authenticationContext.getRight()), facade, binding);
    LOGGER.debug("Determined SAML2 endpoint for authentication request as [{}]", StringUtils.defaultIfBlank(acs.getResponseLocation(), acs.getLocation()));
    SamlUtils.logSamlObject(configurationContext.getOpenSamlConfigBean(), authnRequest);
    return Pair.of(registeredService, facade);
}

Example 67 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class BaseSamlRegisteredServiceAttributeReleasePolicy method getEntityIdFromRequest.

/**
 * Gets entity id from request.
 *
 * @param selectedService the selected service
 * @return the entity id from request
 */
protected static String getEntityIdFromRequest(final Service selectedService) {
    val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
    if (request == null || selectedService == null) {
        LOGGER.debug("No http request could be identified to locate the entity id");
        return null;
    }
    LOGGER.debug("Attempting to determine entity id for service [{}]", selectedService);
    val entityIdAttribute = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_ENTITY_ID);
    if (entityIdAttribute != null && !entityIdAttribute.isEmpty()) {
        LOGGER.debug("Found entity id [{}] as a service attribute", entityIdAttribute);
        return CollectionUtils.firstElement(entityIdAttribute).map(Object::toString).orElseThrow();
    }
    val providerIdAttribute = selectedService.getAttributes().get(SamlIdPConstants.PROVIDER_ID);
    if (providerIdAttribute != null && !providerIdAttribute.isEmpty()) {
        LOGGER.debug("Found provider entity id [{}] as a service attribute", providerIdAttribute);
        return CollectionUtils.firstElement(providerIdAttribute).map(Object::toString).orElseThrow();
    }
    val samlRequest = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
    if (samlRequest != null && !samlRequest.isEmpty()) {
        val applicationContext = ApplicationContextProvider.getApplicationContext();
        val resolver = applicationContext.getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class);
        val attributeValue = CollectionUtils.firstElement(samlRequest).map(Object::toString).orElseThrow();
        val openSamlConfigBean = resolver.getOpenSamlConfigBean();
        val authnRequest = SamlIdPUtils.retrieveSamlRequest(openSamlConfigBean, RequestAbstractType.class, attributeValue);
        SamlUtils.logSamlObject(openSamlConfigBean, authnRequest);
        val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
        LOGGER.debug("Found entity id [{}] from SAML request issuer", issuer);
        return issuer;
    }
    val entityId = request.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
    if (StringUtils.isNotBlank(entityId)) {
        LOGGER.debug("Found entity id [{}] as a request parameter", entityId);
        return entityId;
    }
    val svcParam = request.getParameter(CasProtocolConstants.PARAMETER_SERVICE);
    return FunctionUtils.doIf(StringUtils.isNotBlank(svcParam), () -> FunctionUtils.doAndHandle(o -> {
        val builder = new URIBuilder(svcParam);
        return builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).map(NameValuePair::getValue).findFirst().orElse(StringUtils.EMPTY);
    }, throwable -> {
        LoggingUtils.error(LOGGER, throwable);
        return null;
    }).apply(svcParam), () -> null).get();
}

Example 68 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class SSOSamlIdPPostSimpleSignProfileHandlerControllerTests method getAuthnRequest.

private AuthnRequest getAuthnRequest() {
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    val authnRequest = (AuthnRequest) builder.buildObject();
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI);
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    val issuer = (Issuer) builder.buildObject();
    issuer.setValue(samlRegisteredService.getServiceId());
    authnRequest.setIssuer(issuer);
    return authnRequest;
}

Example 69 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class SamlIdPSingleSignOnParticipationStrategyTests method verifyForcedAuthn.

@Test
public void verifyForcedAuthn() {
    val context = new MockRequestContext();
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    RequestContextHolder.setRequestContext(context);
    ExternalContextHolder.setExternalContext(context.getExternalContext());
    val issuer = UUID.randomUUID().toString();
    val authnRequest = getAuthnRequestFor(issuer);
    when(authnRequest.isForceAuthn()).thenReturn(Boolean.TRUE);
    val ssoRequest = SingleSignOnParticipationRequest.builder().httpServletRequest(request).requestContext(context).build().attribute(AuthnRequest.class.getName(), authnRequest).attribute(Issuer.class.getName(), issuer);
    assertTrue(samlIdPSingleSignOnParticipationStrategy.supports(ssoRequest));
    assertFalse(samlIdPSingleSignOnParticipationStrategy.isParticipating(ssoRequest));
}

Example 70 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class SamlIdPConsentSingleSignOnParticipationStrategyTests method verifyIdPNeedsConsentOperation.

@Test
public void verifyIdPNeedsConsentOperation() {
    val context = new MockRequestContext();
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    RequestContextHolder.setRequestContext(context);
    ExternalContextHolder.setExternalContext(context.getExternalContext());
    val principal = RegisteredServiceTestUtils.getPrincipal("casuser", CollectionUtils.wrap("uid", "CAS-System"));
    val authn = RegisteredServiceTestUtils.getAuthentication(principal);
    val cookie = new MockTicketGrantingTicket(authn);
    val issuer = UUID.randomUUID().toString();
    val registeredService = SamlIdPTestUtils.getSamlRegisteredService(issuer);
    registeredService.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(List.of("uid")));
    val service = RegisteredServiceTestUtils.getService(issuer);
    val authnRequest = getAuthnRequestFor(issuer);
    val ssoRequest = SingleSignOnParticipationRequest.builder().httpServletRequest(request).requestContext(context).build().attribute(AuthnRequest.class.getName(), authnRequest).attribute(Issuer.class.getName(), issuer).attribute(Service.class.getName(), service).attribute(RegisteredService.class.getName(), registeredService).attribute(Authentication.class.getName(), authn).attribute(TicketGrantingTicket.class.getName(), cookie);
    assertFalse(singleSignOnParticipationStrategy.isParticipating(ssoRequest));
}