Examples with RequestAbstractType org.opensaml.saml.saml2.core.RequestAbstractType used on opensource projects

Example 1 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildAuthnStatement.

/**
 * Creates an authentication statement for the current request.
 *
 * @param assertion    the assertion
 * @param authnRequest the authn request
 * @param adaptor      the adaptor
 * @param service      the service
 * @param binding      the binding
 * @return constructed authentication statement
 * @throws SamlException the saml exception
 */
private AuthnStatement buildAuthnStatement(final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
    if (assertion.getValidUntilDate() != null) {
        final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
        statement.setSessionNotOnOrAfter(DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
    }
    statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor, binding));
    return statement;
}

Example 2 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlProfileSamlConditionsBuilder method buildConditions.

/**
 * Build conditions conditions.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the conditions
 * @throws SamlException the saml exception
 */
protected Conditions buildConditions(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    int skewAllowance = casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance();
    if (skewAllowance <= 0) {
        skewAllowance = casProperties.getSamlCore().getSkewAllowance();
    }
    final List<String> audienceUrls = new ArrayList<>();
    audienceUrls.add(adaptor.getEntityId());
    if (StringUtils.isNotBlank(service.getAssertionAudiences())) {
        final Set<String> audiences = org.springframework.util.StringUtils.commaDelimitedListToSet(service.getAssertionAudiences());
        audienceUrls.addAll(audiences);
    }
    final Conditions conditions = newConditions(currentDateTime, currentDateTime.plusSeconds(skewAllowance), audienceUrls.toArray(new String[] {}));
    return conditions;
}

Example 3 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
public Response buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    if (casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
        storeAttributeQueryTicketInRegistry(assertion, request, adaptor);
    }
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, null);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request, binding);
        SamlUtils.logSamlObject(configBean, samlResponse);
    }
    return samlResponse;
}

Example 4 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project pac4j by pac4j.

the class Pac4jHTTPPostEncoder method populateVelocityContext.

/**
 * Populate the Velocity context instance which will be used to render the POST body.
 *
 * @param velocityContext the Velocity context instance to populate with data
 * @param messageContext the SAML message context source of data
 * @param endpointURL endpoint URL to which to encode message
 * @throws MessageEncodingException thrown if there is a problem encoding the message
 */
protected void populateVelocityContext(VelocityContext velocityContext, MessageContext<SAMLObject> messageContext, String endpointURL) throws MessageEncodingException {
    String encodedEndpointURL = HTMLEncoder.encodeForHTMLAttribute(endpointURL);
    log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
    velocityContext.put("action", encodedEndpointURL);
    velocityContext.put("binding", getBindingURI());
    SAMLObject outboundMessage = messageContext.getMessage();
    log.debug("Marshalling and Base64 encoding SAML message");
    Element domMessage = marshallMessage(outboundMessage);
    String messageXML = SerializeSupport.nodeToString(domMessage);
    log.trace("Output XML message: {}", messageXML);
    String encodedMessage = Base64Support.encode(messageXML.getBytes(StandardCharsets.UTF_8), Base64Support.UNCHUNKED);
    if (outboundMessage instanceof RequestAbstractType) {
        velocityContext.put("SAMLRequest", encodedMessage);
    } else if (outboundMessage instanceof StatusResponseType) {
        velocityContext.put("SAMLResponse", encodedMessage);
    } else {
        throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
    }
    String relayState = SAMLBindingSupport.getRelayState(messageContext);
    if (SAMLBindingSupport.checkRelayState(relayState)) {
        String encodedRelayState = HTMLEncoder.encodeForHTMLAttribute(relayState);
        log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodedRelayState);
        velocityContext.put("RelayState", encodedRelayState);
    }
}

Example 5 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlIdPUtils method determineEndpointForRequest.

/**
 * Determine assertion consumer service assertion consumer service.
 *
 * @param authnContext the authn context
 * @param adaptor      the adaptor
 * @param binding      the binding
 * @return the assertion consumer service
 */
public static Endpoint determineEndpointForRequest(final Pair<? extends RequestAbstractType, MessageContext> authnContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) {
    var endpoint = (Endpoint) null;
    val authnRequest = authnContext.getLeft();
    if (authnRequest instanceof LogoutRequest) {
        endpoint = adaptor.getSingleLogoutService(binding);
    } else {
        val acsEndpointFromReq = getAssertionConsumerServiceFromRequest(authnRequest, binding, adaptor);
        val acsEndpointFromMetadata = adaptor.getAssertionConsumerService(binding);
        endpoint = determineEndpointForRequest(authnRequest, adaptor, binding, acsEndpointFromReq, acsEndpointFromMetadata, authnContext.getRight());
    }
    if (endpoint == null) {
        throw new SamlException("Endpoint for " + authnRequest.getSchemaType() + " is not available or does not define a binding for " + binding);
    }
    val missingLocation = StringUtils.isBlank(endpoint.getResponseLocation()) && StringUtils.isBlank(endpoint.getLocation());
    if (StringUtils.isBlank(endpoint.getBinding()) || missingLocation) {
        throw new SamlException("Endpoint for " + authnRequest.getSchemaType() + " does not define a binding or location for binding " + binding);
    }
    return endpoint;
}