Example 96 with Issuer
use of org.opensaml.saml.saml2.core.Issuer in project ddf by codice.
the class SamlProtocol method createLogoutRequest.
public static LogoutRequest createLogoutRequest(Issuer issuer, NameID nameId, String id) {
LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
logoutRequest.setID(id);
logoutRequest.setIssuer(issuer);
logoutRequest.setNameID(nameId);
logoutRequest.setIssueInstant(DateTime.now());
logoutRequest.setVersion(SAMLVersion.VERSION_20);
return logoutRequest;
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Example 97 with Issuer
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class SamlIdPUtils method getAssertionConsumerServiceFor.
/**
* Gets assertion consumer service for.
*
* @param authnRequest the authn request
* @param servicesManager the services manager
* @param resolver the resolver
* @return the assertion consumer service for
*/
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
try {
final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
if (authnRequest.getAssertionConsumerServiceIndex() != null) {
final String issuer = getIssuerFromSamlRequest(authnRequest);
final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion(issuer));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new BindingCriterion(CollectionUtils.wrap(SAMLConstants.SAML2_POST_BINDING_URI)));
final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
it.forEach(entityDescriptor -> {
final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
if (acsEndpoints.isEmpty()) {
throw new IllegalArgumentException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
}
final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (acsIndex + 1 > acsEndpoints.size()) {
throw new IllegalArgumentException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
}
final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
acs.setBinding(foundAcs.getBinding());
acs.setLocation(foundAcs.getLocation());
acs.setResponseLocation(foundAcs.getResponseLocation());
acs.setIndex(acsIndex);
});
} else {
acs.setBinding(authnRequest.getProtocolBinding());
acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setIndex(0);
acs.setIsDefault(Boolean.TRUE);
}
LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
if (StringUtils.isBlank(acs.getBinding())) {
throw new SamlException("AssertionConsumerService has no protocol binding defined");
}
if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
throw new SamlException("AssertionConsumerService has no location or response location defined");
}
return acs;
} catch (final Exception e) {
throw new IllegalArgumentException(new SamlException(e.getMessage(), e));
}
}
Also used :
AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
BindingCriterion(org.opensaml.saml.criterion.BindingCriterion)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
Endpoint(org.opensaml.saml.saml2.metadata.Endpoint)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Example 98 with Issuer
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class AbstractSamlProfileHandlerController method verifySamlAuthenticationRequest.
/**
* Verify saml authentication request.
*
* @param authenticationContext the pair
* @param request the request
* @return the pair
* @throws Exception the exception
*/
protected Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(final Pair<? extends SignableSAMLObject, MessageContext> authenticationContext, final HttpServletRequest request) throws Exception {
final AuthnRequest authnRequest = AuthnRequest.class.cast(authenticationContext.getKey());
final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
LOGGER.debug("Located issuer [{}] from authentication request", issuer);
final SamlRegisteredService registeredService = verifySamlRegisteredService(issuer);
LOGGER.debug("Fetching saml metadata adaptor for [{}]", issuer);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, registeredService, authnRequest);
if (!adaptor.isPresent()) {
LOGGER.warn("No metadata could be found for [{}]", issuer);
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
verifyAuthenticationContextSignature(authenticationContext, request, authnRequest, facade);
SamlUtils.logSamlObject(this.configBean, authnRequest);
return Pair.of(registeredService, facade);
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
Example 99 with Issuer
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class Saml1ArtifactResolutionProfileHandlerController method handlePostRequest.
/**
* Handle post request.
*
* @param response the response
* @param request the request
*/
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
final MessageContext ctx = decodeSoapRequest(request);
final ArtifactResolve artifactMsg = (ArtifactResolve) ctx.getMessage();
try {
final String issuer = artifactMsg.getIssuer().getValue();
final SamlRegisteredService service = verifySamlRegisteredService(issuer);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, artifactMsg);
if (!adaptor.isPresent()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade);
final String artifactId = artifactMsg.getArtifact().getArtifact();
final String ticketId = artifactTicketFactory.createTicketIdFor(artifactId);
final SamlArtifactTicket ticket = this.ticketRegistry.getTicket(ticketId, SamlArtifactTicket.class);
final Service issuerService = webApplicationServiceFactory.createService(issuer);
final Assertion casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, service, CollectionUtils.wrap("artifact", ticket));
this.responseBuilder.build(artifactMsg, request, response, casAssertion, service, facade, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
samlFaultResponseBuilder.build(artifactMsg, request, response, null, null, null, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
}
}
Also used :
ArtifactResolve(org.opensaml.saml.saml2.core.ArtifactResolve)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
Assertion(org.jasig.cas.client.validation.Assertion)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
Example 100 with Issuer
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method buildEntityIssuer.
/**
* Build entity issuer issuer.
*
* @return the issuer
*/
protected Issuer buildEntityIssuer() {
final Issuer issuer = newIssuer(casProperties.getAuthn().getSamlIdp().getEntityId());
issuer.setFormat(Issuer.ENTITY);
return issuer;
}
Also used :
Issuer(org.opensaml.saml.saml2.core.Issuer)
Aggregations
Issuer (org.opensaml.saml.saml2.core.Issuer)79
Response (org.opensaml.saml.saml2.core.Response)59
DateTime (org.joda.time.DateTime)57
Test (org.junit.jupiter.api.Test)37
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)36
Element (org.w3c.dom.Element)34
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)32
lombok.val (lombok.val)28
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26
Document (org.w3c.dom.Document)25
Status (org.opensaml.saml.saml2.core.Status)24
Assertion (org.opensaml.saml.saml2.core.Assertion)22
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)20
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)20
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)17
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)16
InputStream (java.io.InputStream)15
IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)15
Crypto (org.apache.wss4j.common.crypto.Crypto)14
KeyStore (java.security.KeyStore)13
