use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlIdPUtils method retrieveSamlRequest.
/**
* Retrieve authn request authn request.
*
* @param context the context
* @param sessionStore the session store
* @param openSamlConfigBean the open saml config bean
* @param clazz the clazz
* @return the request
*/
public static Optional<Pair<? extends RequestAbstractType, MessageContext>> retrieveSamlRequest(final WebContext context, final SessionStore sessionStore, final OpenSamlConfigBean openSamlConfigBean, final Class<? extends RequestAbstractType> clazz) {
LOGGER.trace("Retrieving authentication request from scope");
val authnContext = sessionStore.get(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST).map(String.class::cast).map(value -> retrieveSamlRequest(openSamlConfigBean, clazz, value)).flatMap(authnRequest -> sessionStore.get(context, MessageContext.class.getName()).map(String.class::cast).map(result -> SamlIdPAuthenticationContext.decode(result).toMessageContext(authnRequest)));
return authnContext.map(ctx -> Pair.of((AuthnRequest) ctx.getMessage(), ctx));
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlIdPSingleLogoutRedirectionStrategy method supports.
@Override
public boolean supports(final RequestContext context) {
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
val registeredService = WebUtils.getRegisteredService(request);
if (registeredService instanceof SamlRegisteredService) {
val logout = configurationContext.getCasProperties().getAuthn().getSamlIdp().getLogout();
val samlRegisteredService = (SamlRegisteredService) registeredService;
val sloRequest = WebUtils.getSingleLogoutRequest(request);
val async = new AtomicBoolean(false);
if (StringUtils.isNotBlank(sloRequest)) {
async.set(getLogoutRequest(request).map(RequestAbstractType::getExtensions).stream().filter(Objects::nonNull).anyMatch(extensions -> !extensions.getUnknownXMLObjects(Asynchronous.DEFAULT_ELEMENT_NAME).isEmpty()));
}
return logout.isSendLogoutResponse() && samlRegisteredService != null && samlRegisteredService.isLogoutResponseEnabled() && sloRequest != null && !async.get();
}
return false;
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlIdPUtils method getAssertionConsumerServiceFromRequest.
private static AssertionConsumerService getAssertionConsumerServiceFromRequest(final RequestAbstractType request, final String binding, final SamlRegisteredServiceServiceProviderMetadataFacade adapter) {
if (request instanceof AuthnRequest) {
val authnRequest = AuthnRequest.class.cast(request);
var acsUrl = authnRequest.getAssertionConsumerServiceURL();
val acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (StringUtils.isBlank(acsUrl) && acsIndex == null) {
LOGGER.debug("No assertion consumer service url or index is supplied in the authentication request");
return null;
}
if (StringUtils.isBlank(acsUrl) && acsIndex != null) {
LOGGER.debug("Locating assertion consumer service url for binding [{}] and index [{}]", acsUrl, acsIndex);
acsUrl = adapter.getAssertionConsumerServiceFor(binding, acsIndex).orElseGet(() -> {
LOGGER.warn("Unable to locate acs url in for entity [{}] and binding [{}] with index [{}]", adapter.getEntityId(), binding, acsIndex);
return null;
});
}
if (StringUtils.isNotBlank(acsUrl)) {
LOGGER.debug("Fetched assertion consumer service url [{}] with binding [{}] from authentication request", acsUrl, binding);
val builder = new AssertionConsumerServiceBuilder();
val endpoint = builder.buildObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
endpoint.setBinding(binding);
endpoint.setResponseLocation(acsUrl);
endpoint.setLocation(acsUrl);
endpoint.setIndex(acsIndex);
return endpoint;
}
}
return null;
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class AbstractSamlIdPProfileHandlerController method retrieveAuthenticationRequest.
/**
* Retrieve authentication request.
*
* @param response the response
* @param request the request
* @return the authn request
*/
@Synchronized
protected final Pair<? extends RequestAbstractType, MessageContext> retrieveAuthenticationRequest(final HttpServletResponse response, final HttpServletRequest request) {
LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
val webContext = new JEEContext(request, response);
return SamlIdPUtils.retrieveSamlRequest(webContext, configurationContext.getSessionStore(), configurationContext.getOpenSamlConfigBean(), AuthnRequest.class).orElseThrow(() -> new IllegalArgumentException("SAML request or context could not be determined from session store"));
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class AbstractSamlIdPProfileHandlerController method buildResponseBasedSingleSignOnSession.
/**
* Build response based single sign on session.
* The http response before encoding the SAML response is reset
* to ensure a clean slate from previous attempts, specially
* when requests/responses are produced rapidly.
*
* @param context the pair
* @param ticketGrantingTicket the authentication
* @param request the request
* @param response the response
* @throws Exception the exception
*/
protected void buildResponseBasedSingleSignOnSession(final Pair<? extends RequestAbstractType, MessageContext> context, final TicketGrantingTicket ticketGrantingTicket, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
val authnRequest = (AuthnRequest) context.getLeft();
val id = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
val service = configurationContext.getWebApplicationServiceFactory().createService(id);
service.getAttributes().put(SamlProtocolConstants.PARAMETER_ENTITY_ID, CollectionUtils.wrapList(id));
val registeredService = configurationContext.getServicesManager().findServiceBy(service, SamlRegisteredService.class);
val audit = AuditableContext.builder().service(service).authentication(ticketGrantingTicket.getAuthentication()).registeredService(registeredService).httpRequest(request).httpResponse(response).build();
val accessResult = configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(audit);
accessResult.throwExceptionIfNeeded();
val assertion = buildCasAssertion(ticketGrantingTicket.getAuthentication(), service, registeredService, Map.of());
val authenticationContext = buildAuthenticationContextPair(request, response, context);
val binding = determineProfileBinding(authenticationContext);
val messageContext = authenticationContext.getRight();
val relayState = SAMLBindingSupport.getRelayState(messageContext);
SAMLBindingSupport.setRelayState(authenticationContext.getRight(), relayState);
response.reset();
val factory = (ServiceTicketFactory) getConfigurationContext().getTicketFactory().get(ServiceTicket.class);
val st = factory.create(ticketGrantingTicket, service, false, ServiceTicket.class);
getConfigurationContext().getTicketRegistry().addTicket(st);
getConfigurationContext().getTicketRegistry().updateTicket(ticketGrantingTicket);
buildSamlResponse(response, request, authenticationContext, assertion, binding);
}
Aggregations