Examples with RequestAbstractType org.opensaml.saml.saml2.core.RequestAbstractType used on opensource projects

Example 6 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlIdPUtils method retrieveSamlRequest.

/**
 * Retrieve authn request authn request.
 *
 * @param context            the context
 * @param sessionStore       the session store
 * @param openSamlConfigBean the open saml config bean
 * @param clazz              the clazz
 * @return the request
 */
public static Optional<Pair<? extends RequestAbstractType, MessageContext>> retrieveSamlRequest(final WebContext context, final SessionStore sessionStore, final OpenSamlConfigBean openSamlConfigBean, final Class<? extends RequestAbstractType> clazz) {
    LOGGER.trace("Retrieving authentication request from scope");
    val authnContext = sessionStore.get(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST).map(String.class::cast).map(value -> retrieveSamlRequest(openSamlConfigBean, clazz, value)).flatMap(authnRequest -> sessionStore.get(context, MessageContext.class.getName()).map(String.class::cast).map(result -> SamlIdPAuthenticationContext.decode(result).toMessageContext(authnRequest)));
    return authnContext.map(ctx -> Pair.of((AuthnRequest) ctx.getMessage(), ctx));
}

Example 7 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlIdPSingleLogoutRedirectionStrategy method supports.

@Override
public boolean supports(final RequestContext context) {
    val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    val registeredService = WebUtils.getRegisteredService(request);
    if (registeredService instanceof SamlRegisteredService) {
        val logout = configurationContext.getCasProperties().getAuthn().getSamlIdp().getLogout();
        val samlRegisteredService = (SamlRegisteredService) registeredService;
        val sloRequest = WebUtils.getSingleLogoutRequest(request);
        val async = new AtomicBoolean(false);
        if (StringUtils.isNotBlank(sloRequest)) {
            async.set(getLogoutRequest(request).map(RequestAbstractType::getExtensions).stream().filter(Objects::nonNull).anyMatch(extensions -> !extensions.getUnknownXMLObjects(Asynchronous.DEFAULT_ELEMENT_NAME).isEmpty()));
        }
        return logout.isSendLogoutResponse() && samlRegisteredService != null && samlRegisteredService.isLogoutResponseEnabled() && sloRequest != null && !async.get();
    }
    return false;
}

Example 8 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class SamlIdPUtils method getAssertionConsumerServiceFromRequest.

private static AssertionConsumerService getAssertionConsumerServiceFromRequest(final RequestAbstractType request, final String binding, final SamlRegisteredServiceServiceProviderMetadataFacade adapter) {
    if (request instanceof AuthnRequest) {
        val authnRequest = AuthnRequest.class.cast(request);
        var acsUrl = authnRequest.getAssertionConsumerServiceURL();
        val acsIndex = authnRequest.getAssertionConsumerServiceIndex();
        if (StringUtils.isBlank(acsUrl) && acsIndex == null) {
            LOGGER.debug("No assertion consumer service url or index is supplied in the authentication request");
            return null;
        }
        if (StringUtils.isBlank(acsUrl) && acsIndex != null) {
            LOGGER.debug("Locating assertion consumer service url for binding [{}] and index [{}]", acsUrl, acsIndex);
            acsUrl = adapter.getAssertionConsumerServiceFor(binding, acsIndex).orElseGet(() -> {
                LOGGER.warn("Unable to locate acs url in for entity [{}] and binding [{}] with index [{}]", adapter.getEntityId(), binding, acsIndex);
                return null;
            });
        }
        if (StringUtils.isNotBlank(acsUrl)) {
            LOGGER.debug("Fetched assertion consumer service url [{}] with binding [{}] from authentication request", acsUrl, binding);
            val builder = new AssertionConsumerServiceBuilder();
            val endpoint = builder.buildObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
            endpoint.setBinding(binding);
            endpoint.setResponseLocation(acsUrl);
            endpoint.setLocation(acsUrl);
            endpoint.setIndex(acsIndex);
            return endpoint;
        }
    }
    return null;
}

Example 9 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class AbstractSamlIdPProfileHandlerController method retrieveAuthenticationRequest.

/**
 * Retrieve authentication request.
 *
 * @param response the response
 * @param request  the request
 * @return the authn request
 */
@Synchronized
protected final Pair<? extends RequestAbstractType, MessageContext> retrieveAuthenticationRequest(final HttpServletResponse response, final HttpServletRequest request) {
    LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
    val webContext = new JEEContext(request, response);
    return SamlIdPUtils.retrieveSamlRequest(webContext, configurationContext.getSessionStore(), configurationContext.getOpenSamlConfigBean(), AuthnRequest.class).orElseThrow(() -> new IllegalArgumentException("SAML request or context could not be determined from session store"));
}

Example 10 with RequestAbstractType

use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.

the class AbstractSamlIdPProfileHandlerController method buildResponseBasedSingleSignOnSession.

/**
 * Build response based single sign on session.
 * The http response before encoding the SAML response is reset
 * to ensure a clean slate from previous attempts, specially
 * when requests/responses are produced rapidly.
 *
 * @param context              the pair
 * @param ticketGrantingTicket the authentication
 * @param request              the request
 * @param response             the response
 * @throws Exception the exception
 */
protected void buildResponseBasedSingleSignOnSession(final Pair<? extends RequestAbstractType, MessageContext> context, final TicketGrantingTicket ticketGrantingTicket, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    val authnRequest = (AuthnRequest) context.getLeft();
    val id = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
    val service = configurationContext.getWebApplicationServiceFactory().createService(id);
    service.getAttributes().put(SamlProtocolConstants.PARAMETER_ENTITY_ID, CollectionUtils.wrapList(id));
    val registeredService = configurationContext.getServicesManager().findServiceBy(service, SamlRegisteredService.class);
    val audit = AuditableContext.builder().service(service).authentication(ticketGrantingTicket.getAuthentication()).registeredService(registeredService).httpRequest(request).httpResponse(response).build();
    val accessResult = configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(audit);
    accessResult.throwExceptionIfNeeded();
    val assertion = buildCasAssertion(ticketGrantingTicket.getAuthentication(), service, registeredService, Map.of());
    val authenticationContext = buildAuthenticationContextPair(request, response, context);
    val binding = determineProfileBinding(authenticationContext);
    val messageContext = authenticationContext.getRight();
    val relayState = SAMLBindingSupport.getRelayState(messageContext);
    SAMLBindingSupport.setRelayState(authenticationContext.getRight(), relayState);
    response.reset();
    val factory = (ServiceTicketFactory) getConfigurationContext().getTicketFactory().get(ServiceTicket.class);
    val st = factory.create(ticketGrantingTicket, service, false, ServiceTicket.class);
    getConfigurationContext().getTicketRegistry().addTicket(st);
    getConfigurationContext().getTicketRegistry().updateTicket(ticketGrantingTicket);
    buildSamlResponse(response, request, authenticationContext, assertion, binding);
}