Examples with NameIDPolicy org.opensaml.saml.saml2.core.NameIDPolicy used on opensource projects

Search in sources :

Example 6 with NameIDPolicy

use of org.opensaml.saml.saml2.core.NameIDPolicy in project pac4j by pac4j.

the class SAML2AuthnRequestBuilder method buildAuthnRequest.

@SuppressWarnings("unchecked")
protected final AuthnRequest buildAuthnRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleSignOnService ssoService) {
    final SAMLObjectBuilder<AuthnRequest> builder = (SAMLObjectBuilder<AuthnRequest>) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    final AuthnRequest request = builder.buildObject();
    if (comparisonType != null) {
        final RequestedAuthnContext authnContext = new RequestedAuthnContextBuilder().buildObject();
        authnContext.setComparison(comparisonType);
        if (authnContextClassRef != null) {
            final AuthnContextClassRef classRef = new AuthnContextClassRefBuilder().buildObject();
            classRef.setAuthnContextClassRef(authnContextClassRef);
            authnContext.getAuthnContextClassRefs().add(classRef);
        }
        request.setRequestedAuthnContext(authnContext);
    }
    final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
    request.setID(generateID());
    request.setIssuer(getIssuer(selfContext.getEntityId()));
    request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
    request.setVersion(SAMLVersion.VERSION_20);
    request.setIsPassive(this.passive);
    request.setForceAuthn(this.forceAuth);
    request.setProviderName("pac4j-saml");
    if (nameIdPolicyFormat != null) {
        final NameIDPolicy nameIdPolicy = new NameIDPolicyBuilder().buildObject();
        nameIdPolicy.setAllowCreate(true);
        nameIdPolicy.setFormat(nameIdPolicyFormat);
        request.setNameIDPolicy(nameIdPolicy);
    }
    request.setDestination(ssoService.getLocation());
    if (assertionConsumerServiceIndex >= 0) {
        request.setAssertionConsumerServiceIndex(assertionConsumerServiceIndex);
    } else {
        request.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
    }
    request.setProtocolBinding(assertionConsumerService.getBinding());
    if (attributeConsumingServiceIndex >= 0) {
        request.setAttributeConsumingServiceIndex(attributeConsumingServiceIndex);
    }
    return request;
}
Also used : RequestedAuthnContextBuilder(org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) SAMLSelfEntityContext(org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext) NameIDPolicyBuilder(org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)

Example 7 with NameIDPolicy

use of org.opensaml.saml.saml2.core.NameIDPolicy in project cas by apereo.

the class SamlIdPInitiatedProfileHandlerController method handleIdPInitiatedSsoRequest.

/**
 * Handle idp initiated sso requests.
 * The URL of the response location at the SP (called the "Assertion Consumer Service")
 * but can be omitted in favor of the IdP picking the default endpoint location from metadata.
 *
 * @param response the response
 * @param request  the request
 * @return the model and view
 * @throws Exception the exception
 */
@GetMapping(path = SamlIdPConstants.ENDPOINT_SAML2_IDP_INIT_PROFILE_SSO)
protected ModelAndView handleIdPInitiatedSsoRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    val providerId = request.getParameter(SamlIdPConstants.PROVIDER_ID);
    if (StringUtils.isBlank(providerId)) {
        LOGGER.warn("No providerId parameter given in unsolicited SSO authentication request.");
        throw new MessageDecodingException("Missing providerId");
    }
    val registeredService = verifySamlRegisteredService(providerId);
    val adaptor = getSamlMetadataFacadeFor(registeredService, providerId);
    if (adaptor.isEmpty()) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + providerId);
    }
    var shire = request.getParameter(SamlIdPConstants.SHIRE);
    val facade = adaptor.get();
    if (StringUtils.isBlank(shire)) {
        LOGGER.info("Resolving service provider assertion consumer service URL for [{}] and binding [{}]", providerId, SAMLConstants.SAML2_POST_BINDING_URI);
        val acs = facade.getAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI);
        shire = acs != null ? StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation() : null;
    }
    if (StringUtils.isBlank(shire)) {
        LOGGER.warn("Unable to resolve service provider assertion consumer service URL for AuthnRequest construction for entityID: [{}]", providerId);
        throw new MessageDecodingException("Unable to resolve SP ACS URL for AuthnRequest construction");
    }
    val target = request.getParameter(SamlIdPConstants.TARGET);
    val time = request.getParameter(SamlIdPConstants.TIME);
    val builder = (SAMLObjectBuilder) getConfigurationContext().getOpenSamlConfigBean().getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    val authnRequest = (AuthnRequest) builder.buildObject();
    authnRequest.setAssertionConsumerServiceURL(shire);
    val isBuilder = (SAMLObjectBuilder) getConfigurationContext().getOpenSamlConfigBean().getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    val issuer = (Issuer) isBuilder.buildObject();
    issuer.setValue(providerId);
    authnRequest.setIssuer(issuer);
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
    val pBuilder = (SAMLObjectBuilder) getConfigurationContext().getOpenSamlConfigBean().getBuilderFactory().getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
    val nameIDPolicy = (NameIDPolicy) pBuilder.buildObject();
    nameIDPolicy.setAllowCreate(Boolean.TRUE);
    authnRequest.setNameIDPolicy(nameIDPolicy);
    if (NumberUtils.isCreatable(time)) {
        authnRequest.setIssueInstant(Instant.ofEpochMilli(Long.parseLong(time)));
    } else {
        authnRequest.setIssueInstant(ZonedDateTime.now(ZoneOffset.UTC).toInstant());
    }
    authnRequest.setForceAuthn(Boolean.FALSE);
    if (StringUtils.isNotBlank(target)) {
        request.setAttribute(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE, target);
    }
    val ctx = new MessageContext();
    if (facade.isAuthnRequestsSigned() || registeredService.isSignUnsolicitedAuthnRequest()) {
        getConfigurationContext().getSamlObjectSigner().encode(authnRequest, registeredService, facade, response, request, SAMLConstants.SAML2_POST_BINDING_URI, authnRequest, ctx);
    }
    ctx.setMessage(authnRequest);
    val bindingContext = ctx.getSubcontext(SAMLBindingContext.class, true);
    Objects.requireNonNull(bindingContext).setHasBindingSignature(false);
    SAMLBindingSupport.setRelayState(ctx, target);
    val pair = Pair.<RequestAbstractType, MessageContext>of(authnRequest, ctx);
    val modelAndView = initiateAuthenticationRequest(pair, response, request);
    if (modelAndView != null) {
        val view = (RedirectView) modelAndView.getView();
        val urlBuilder = new URIBuilder(Objects.requireNonNull(view).getUrl());
        val paramNames = request.getParameterNames();
        while (paramNames.hasMoreElements()) {
            val parameterName = paramNames.nextElement();
            if (!parameterName.equalsIgnoreCase(SamlIdPConstants.TARGET) && !parameterName.equalsIgnoreCase(SamlIdPConstants.TIME) && !parameterName.equalsIgnoreCase(SamlIdPConstants.SHIRE) && !parameterName.equalsIgnoreCase(SamlIdPConstants.PROVIDER_ID)) {
                urlBuilder.addParameter(parameterName, request.getParameter(parameterName));
            }
        }
        view.setUrl(urlBuilder.build().toString());
    }
    return modelAndView;
}
Also used : lombok.val(lombok.val) MessageDecodingException(org.opensaml.messaging.decoder.MessageDecodingException) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) Issuer(org.opensaml.saml.saml2.core.Issuer) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) RedirectView(org.springframework.web.servlet.view.RedirectView) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) MessageContext(org.opensaml.messaging.context.MessageContext) URIBuilder(org.apache.http.client.utils.URIBuilder) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 8 with NameIDPolicy

use of org.opensaml.saml.saml2.core.NameIDPolicy in project cxf by apache.

the class DefaultAuthnRequestBuilder method createAuthnRequest.

/**
 * Create a SAML 2.0 Protocol AuthnRequest
 */
public AuthnRequest createAuthnRequest(Message message, String issuerId, String assertionConsumerServiceAddress) throws Exception {
    Issuer issuer = SamlpRequestComponentBuilder.createIssuer(issuerId);
    NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
    AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
    // CHECKSTYLE:OFF
    return SamlpRequestComponentBuilder.createAuthnRequest(assertionConsumerServiceAddress, forceAuthn, isPassive, protocolBinding, SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
}
Also used : RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) Issuer(org.opensaml.saml.saml2.core.Issuer) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)

Example 9 with NameIDPolicy

use of org.opensaml.saml.saml2.core.NameIDPolicy in project cxf by apache.

the class AuthnRequestBuilderTest method testCreateAuthnRequest.

@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
    Document doc = DOMUtils.createDocument();
    Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
    NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
    AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
    AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
    Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
    doc.appendChild(policyElement);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}
Also used : RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) Element(org.w3c.dom.Element) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) Document(org.w3c.dom.Document)

Example 10 with NameIDPolicy

use of org.opensaml.saml.saml2.core.NameIDPolicy in project cxf by apache.

the class SamlpRequestComponentBuilder method createAuthnRequest.

@SuppressWarnings("unchecked")
public static // CHECKSTYLE:OFF
AuthnRequest createAuthnRequest(String serviceURL, boolean forceAuthn, boolean isPassive, String protocolBinding, SAMLVersion version, Issuer issuer, NameIDPolicy nameIDPolicy, RequestedAuthnContext requestedAuthnCtx) {
    // CHECKSTYLE:ON
    if (authnRequestBuilder == null) {
        authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>) builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    }
    AuthnRequest authnRequest = authnRequestBuilder.buildObject();
    authnRequest.setAssertionConsumerServiceURL(serviceURL);
    authnRequest.setForceAuthn(forceAuthn);
    authnRequest.setID("_" + UUID.randomUUID());
    authnRequest.setIsPassive(isPassive);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setProtocolBinding(protocolBinding);
    authnRequest.setVersion(version);
    authnRequest.setIssuer(issuer);
    authnRequest.setNameIDPolicy(nameIDPolicy);
    authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
    return authnRequest;
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) DateTime(org.joda.time.DateTime)

Aggregations

NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)11 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)8 Issuer (org.opensaml.saml.saml2.core.Issuer)5 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)5 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)4 DateTime (org.joda.time.DateTime)3 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)2 MessageContext (org.opensaml.messaging.context.MessageContext)2 MessageDecodingException (org.opensaml.messaging.decoder.MessageDecodingException)2 AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)2 NameIDPolicyBuilder (org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder)2 RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2 GetMapping (org.springframework.web.bind.annotation.GetMapping)2 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)2 Inject (com.google.inject.Inject)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 NonNull (lombok.NonNull)1 lombok.val (lombok.val)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial