Example 16 with RequestAbstractType
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileSamlNameIdBuilder method encodeNameIdBasedOnNameFormat.
/**
* Encode name id based on name format name id.
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param nameFormat the name format
* @param service the service
* @param adaptor the adaptor
* @return the name id
*/
protected NameID encodeNameIdBasedOnNameFormat(final RequestAbstractType authnRequest, final Object assertion, final String nameFormat, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
try {
if (authnRequest instanceof AttributeQuery) {
final AttributeQuery query = AttributeQuery.class.cast(authnRequest);
final NameID nameID = query.getSubject().getNameID();
nameID.detach();
return nameID;
}
final IdPAttribute attribute = prepareNameIdAttribute(assertion, nameFormat, adaptor);
final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
final NameID nameid = encoder.encode(attribute);
LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
return nameid;
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
Also used :
AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery)
NameID(org.opensaml.saml.saml2.core.NameID)
IdPAttribute(net.shibboleth.idp.attribute.IdPAttribute)
SAML2StringNameIDEncoder(net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 17 with RequestAbstractType
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileSamlNameIdBuilder method buildNameId.
/**
* Build name id.
* If there are no explicitly defined NameIDFormats, include the default format.
* see: http://saml2int.org/profile/current/#section92
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param service the service
* @param adaptor the adaptor
* @return the name id
* @throws SamlException the saml exception
*/
private NameID buildNameId(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final List<String> supportedNameFormats = getSupportedNameIdFormats(service, adaptor);
final String requiredNameFormat = getRequiredNameIdFormatIfAny(authnRequest);
validateRequiredNameIdFormatIfAny(authnRequest, adaptor, supportedNameFormats, requiredNameFormat);
final NameID nameid = determineNameId(authnRequest, assertion, supportedNameFormats, service, adaptor);
return finalizeNameId(nameid, authnRequest, assertion, supportedNameFormats, service, adaptor);
}
Also used :
NameID(org.opensaml.saml.saml2.core.NameID)
Example 18 with RequestAbstractType
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileSamlNameIdBuilder method determineNameId.
/**
* Determine name id name id.
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param supportedNameFormats the supported name formats
* @param service the service
* @param adaptor the adaptor
* @return the name id
*/
protected NameID determineNameId(final RequestAbstractType authnRequest, final Object assertion, final List<String> supportedNameFormats, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
for (final String nameFormat : supportedNameFormats) {
LOGGER.debug("Evaluating NameID format [{}]", nameFormat);
final NameID nameid = encodeNameIdBasedOnNameFormat(authnRequest, assertion, nameFormat, service, adaptor);
if (nameid != null) {
return nameid;
}
}
return null;
}
Also used :
NameID(org.opensaml.saml.saml2.core.NameID)
Example 19 with RequestAbstractType
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method build.
@Audit(action = "SAML2_RESPONSE", actionResolverName = "SAML2_RESPONSE_ACTION_RESOLVER", resourceResolverName = "SAML2_RESPONSE_RESOURCE_RESOLVER")
@Override
public T build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor, binding);
final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response, binding);
return encodeFinalResponse(request, response, service, adaptor, finalResponse, binding, authnRequest, casAssertion);
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 20 with RequestAbstractType
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileArtifactResponseBuilder method buildResponse.
@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
final org.jasig.cas.client.validation.Assertion castedAssertion = org.jasig.cas.client.validation.Assertion.class.cast(casAssertion);
final SamlArtifactTicket ticket = (SamlArtifactTicket) castedAssertion.getAttributes().get("artifact");
final ArtifactResponse artifactResponse = new ArtifactResponseBuilder().buildObject();
artifactResponse.setIssueInstant(DateTime.now());
artifactResponse.setIssuer(newIssuer(ticket.getIssuer()));
artifactResponse.setInResponseTo(ticket.getRelyingPartyId());
artifactResponse.setID(ticket.getId());
artifactResponse.setStatus(newStatus(StatusCode.SUCCESS, "Success"));
final SAMLObject samlResponse = SamlUtils.transformSamlObject(configBean, ticket.getObject(), SAMLObject.class);
artifactResponse.setMessage(samlResponse);
final Header header = newSoapObject(Header.class);
final Body body = newSoapObject(Body.class);
body.getUnknownXMLObjects().add(artifactResponse);
final Envelope envelope = newSoapObject(Envelope.class);
envelope.setHeader(header);
envelope.setBody(body);
SamlUtils.logSamlObject(this.configBean, envelope);
return envelope;
}
Also used :
Header(org.opensaml.soap.soap11.Header)
SAMLObject(org.opensaml.saml.common.SAMLObject)
ArtifactResponse(org.opensaml.saml.saml2.core.ArtifactResponse)
ArtifactResponseBuilder(org.opensaml.saml.saml2.core.impl.ArtifactResponseBuilder)
SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket)
Envelope(org.opensaml.soap.soap11.Envelope)
Body(org.opensaml.soap.soap11.Body)
Aggregations
lombok.val (lombok.val)11
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)8
SAMLObject (org.opensaml.saml.common.SAMLObject)5
RequestAbstractType (org.opensaml.saml.saml2.core.RequestAbstractType)5
MessageContext (org.opensaml.messaging.context.MessageContext)4
Assertion (org.opensaml.saml.saml2.core.Assertion)4
NameID (org.opensaml.saml.saml2.core.NameID)4
ZonedDateTime (java.time.ZonedDateTime)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
SneakyThrows (lombok.SneakyThrows)3
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)3
SamlException (org.apereo.cas.support.saml.SamlException)3
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)3
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)3
Body (org.opensaml.soap.soap11.Body)3
Envelope (org.opensaml.soap.soap11.Envelope)3
Header (org.opensaml.soap.soap11.Header)3
ArrayList (java.util.ArrayList)2
Objects (java.util.Objects)2
Optional (java.util.Optional)2
