use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileAttributeQueryResponseBuilder method build.
@Override
public Envelope build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
final AttributeQuery query = (AttributeQuery) authnRequest;
final Header header = newSoapObject(Header.class);
final Body body = newSoapObject(Body.class);
final Response saml2Response = buildSaml2Response(casAssertion, query, service, adaptor, request, SAMLConstants.SAML2_POST_BINDING_URI);
body.getUnknownXMLObjects().add(saml2Response);
final Envelope envelope = newSoapObject(Envelope.class);
envelope.setHeader(header);
envelope.setBody(body);
SamlUtils.logSamlObject(this.configBean, envelope);
return encodeFinalResponse(request, response, service, adaptor, envelope, binding, authnRequest, casAssertion);
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.
@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
@NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
LOGGER.debug("Located assertion consumer service url [{}]", acs);
final Response ecpResponse = newEcpResponse(acs.getLocation());
final Header header = newSoapObject(Header.class);
header.getUnknownXMLObjects().add(ecpResponse);
final Body body = newSoapObject(Body.class);
final org.opensaml.saml.saml2.core.Response saml2Response = buildSaml2Response(casAssertion, authnRequest, service, adaptor, request, binding);
body.getUnknownXMLObjects().add(saml2Response);
final Envelope envelope = newSoapObject(Envelope.class);
envelope.setHeader(header);
envelope.setBody(body);
SamlUtils.logSamlObject(this.configBean, envelope);
return envelope;
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileSamlSoap11ResponseBuilder method encode.
@Override
@SneakyThrows
protected Envelope encode(final SamlRegisteredService service, final Envelope envelope, final HttpServletResponse httpResponse, final HttpServletRequest httpRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState, final String binding, final RequestAbstractType authnRequest, final Object assertion) throws SamlException {
final MessageContext result = new MessageContext();
final SOAP11Context ctx = result.getSubcontext(SOAP11Context.class, true);
ctx.setEnvelope(envelope);
final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
encoder.setHttpServletResponse(httpResponse);
encoder.setMessageContext(result);
encoder.initialize();
encoder.encode();
return envelope;
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project cas by apereo.
the class SamlProfileSamlSubjectBuilder method buildSubject.
private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final RequestAbstractType authnRequest, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
final Assertion assertion = Assertion.class.cast(casAssertion);
final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
@NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
if (StringUtils.isBlank(location)) {
LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
}
final NameID nameId = getNameIdForService(request, response, authnRequest, service, adaptor, binding, assertion);
final Subject subject = newSubject(nameId, service.isSkipGeneratingSubjectConfirmationRecipient() ? null : location, service.isSkipGeneratingSubjectConfirmationNotOnOrAfter() ? null : validFromDate.plusSeconds(this.skewAllowance), service.isSkipGeneratingSubjectConfirmationInResponseTo() ? null : authnRequest.getID(), service.isSkipGeneratingSubjectConfirmationNotBefore() ? null : ZonedDateTime.now());
LOGGER.debug("Created SAML subject [{}]", subject);
return subject;
}
use of org.opensaml.saml.saml2.core.RequestAbstractType in project pac4j by pac4j.
the class Pac4jHTTPRedirectDeflateEncoder method buildRedirectURL.
/**
* Builds the URL to redirect the client to.
*
* @param messageContext current message context
* @param endpoint endpoint URL to send encoded message to
* @param message Deflated and Base64 encoded message
*
* @return URL to redirect client to
*
* @throws MessageEncodingException thrown if the SAML message is neither a RequestAbstractType or Response
*/
protected String buildRedirectURL(MessageContext<SAMLObject> messageContext, String endpoint, String message) throws MessageEncodingException {
log.debug("Building URL to redirect client to");
URLBuilder urlBuilder = null;
try {
urlBuilder = new URLBuilder(endpoint);
} catch (MalformedURLException e) {
throw new MessageEncodingException("Endpoint URL " + endpoint + " is not a valid URL", e);
}
List<Pair<String, String>> queryParams = urlBuilder.getQueryParams();
queryParams.clear();
SAMLObject outboundMessage = messageContext.getMessage();
if (outboundMessage instanceof RequestAbstractType) {
queryParams.add(new Pair<>("SAMLRequest", message));
} else if (outboundMessage instanceof StatusResponseType) {
queryParams.add(new Pair<>("SAMLResponse", message));
} else {
throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
String relayState = SAMLBindingSupport.getRelayState(messageContext);
if (SAMLBindingSupport.checkRelayState(relayState)) {
queryParams.add(new Pair<>("RelayState", relayState));
}
SignatureSigningParameters signingParameters = SAMLMessageSecuritySupport.getContextSigningParameters(messageContext);
if (signingParameters != null && signingParameters.getSigningCredential() != null) {
String sigAlgURI = getSignatureAlgorithmURI(signingParameters);
Pair<String, String> sigAlg = new Pair<>("SigAlg", sigAlgURI);
queryParams.add(sigAlg);
String sigMaterial = urlBuilder.buildQueryString();
queryParams.add(new Pair<>("Signature", generateSignature(signingParameters.getSigningCredential(), sigAlgURI, sigMaterial)));
} else {
log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing");
}
return urlBuilder.buildURL();
}
Aggregations