use of org.opensaml.saml.saml2.core.Issuer in project ddf by codice.
the class SamlProtocol method createLogoutRequest.
public static LogoutRequest createLogoutRequest(Issuer issuer, NameID nameId, String id) {
LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
logoutRequest.setID(id);
logoutRequest.setIssuer(issuer);
logoutRequest.setNameID(nameId);
logoutRequest.setIssueInstant(DateTime.now());
logoutRequest.setVersion(SAMLVersion.VERSION_20);
return logoutRequest;
}
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class SamlIdPUtils method getAssertionConsumerServiceFor.
/**
* Gets assertion consumer service for.
*
* @param authnRequest the authn request
* @param servicesManager the services manager
* @param resolver the resolver
* @return the assertion consumer service for
*/
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
try {
final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
if (authnRequest.getAssertionConsumerServiceIndex() != null) {
final String issuer = getIssuerFromSamlRequest(authnRequest);
final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion(issuer));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new BindingCriterion(CollectionUtils.wrap(SAMLConstants.SAML2_POST_BINDING_URI)));
final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
it.forEach(entityDescriptor -> {
final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
if (acsEndpoints.isEmpty()) {
throw new IllegalArgumentException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
}
final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (acsIndex + 1 > acsEndpoints.size()) {
throw new IllegalArgumentException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
}
final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
acs.setBinding(foundAcs.getBinding());
acs.setLocation(foundAcs.getLocation());
acs.setResponseLocation(foundAcs.getResponseLocation());
acs.setIndex(acsIndex);
});
} else {
acs.setBinding(authnRequest.getProtocolBinding());
acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setIndex(0);
acs.setIsDefault(Boolean.TRUE);
}
LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
if (StringUtils.isBlank(acs.getBinding())) {
throw new SamlException("AssertionConsumerService has no protocol binding defined");
}
if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
throw new SamlException("AssertionConsumerService has no location or response location defined");
}
return acs;
} catch (final Exception e) {
throw new IllegalArgumentException(new SamlException(e.getMessage(), e));
}
}
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class AbstractSamlProfileHandlerController method verifySamlAuthenticationRequest.
/**
* Verify saml authentication request.
*
* @param authenticationContext the pair
* @param request the request
* @return the pair
* @throws Exception the exception
*/
protected Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(final Pair<? extends SignableSAMLObject, MessageContext> authenticationContext, final HttpServletRequest request) throws Exception {
final AuthnRequest authnRequest = AuthnRequest.class.cast(authenticationContext.getKey());
final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
LOGGER.debug("Located issuer [{}] from authentication request", issuer);
final SamlRegisteredService registeredService = verifySamlRegisteredService(issuer);
LOGGER.debug("Fetching saml metadata adaptor for [{}]", issuer);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, registeredService, authnRequest);
if (!adaptor.isPresent()) {
LOGGER.warn("No metadata could be found for [{}]", issuer);
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
verifyAuthenticationContextSignature(authenticationContext, request, authnRequest, facade);
SamlUtils.logSamlObject(this.configBean, authnRequest);
return Pair.of(registeredService, facade);
}
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class Saml1ArtifactResolutionProfileHandlerController method handlePostRequest.
/**
* Handle post request.
*
* @param response the response
* @param request the request
*/
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML1_SOAP_ARTIFACT_RESOLUTION)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
final MessageContext ctx = decodeSoapRequest(request);
final ArtifactResolve artifactMsg = (ArtifactResolve) ctx.getMessage();
try {
final String issuer = artifactMsg.getIssuer().getValue();
final SamlRegisteredService service = verifySamlRegisteredService(issuer);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, artifactMsg);
if (!adaptor.isPresent()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
verifyAuthenticationContextSignature(ctx, request, artifactMsg, facade);
final String artifactId = artifactMsg.getArtifact().getArtifact();
final String ticketId = artifactTicketFactory.createTicketIdFor(artifactId);
final SamlArtifactTicket ticket = this.ticketRegistry.getTicket(ticketId, SamlArtifactTicket.class);
final Service issuerService = webApplicationServiceFactory.createService(issuer);
final Assertion casAssertion = buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), issuerService, service, CollectionUtils.wrap("artifact", ticket));
this.responseBuilder.build(artifactMsg, request, response, casAssertion, service, facade, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
samlFaultResponseBuilder.build(artifactMsg, request, response, null, null, null, SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
}
}
use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method buildEntityIssuer.
/**
* Build entity issuer issuer.
*
* @return the issuer
*/
protected Issuer buildEntityIssuer() {
final Issuer issuer = newIssuer(casProperties.getAuthn().getSamlIdp().getEntityId());
issuer.setFormat(Issuer.ENTITY);
return issuer;
}
Aggregations