Search in sources :

Example 16 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cxf by apache.

the class AuthnRequestBuilderTest method testCreateAuthnRequest.

@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
    Document doc = DOMUtils.createDocument();
    Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
    NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
    AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
    AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
    Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
    doc.appendChild(policyElement);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}
Also used : RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) Element(org.w3c.dom.Element) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) Document(org.w3c.dom.Document)

Example 17 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cxf by apache.

the class SamlpRequestComponentBuilder method createAuthnRequest.

@SuppressWarnings("unchecked")
public static // CHECKSTYLE:OFF
AuthnRequest createAuthnRequest(String serviceURL, boolean forceAuthn, boolean isPassive, String protocolBinding, SAMLVersion version, Issuer issuer, NameIDPolicy nameIDPolicy, RequestedAuthnContext requestedAuthnCtx) {
    // CHECKSTYLE:ON
    if (authnRequestBuilder == null) {
        authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>) builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    }
    AuthnRequest authnRequest = authnRequestBuilder.buildObject();
    authnRequest.setAssertionConsumerServiceURL(serviceURL);
    authnRequest.setForceAuthn(forceAuthn);
    authnRequest.setID("_" + UUID.randomUUID());
    authnRequest.setIsPassive(isPassive);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setProtocolBinding(protocolBinding);
    authnRequest.setVersion(version);
    authnRequest.setIssuer(issuer);
    authnRequest.setNameIDPolicy(nameIDPolicy);
    authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
    return authnRequest;
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) DateTime(org.joda.time.DateTime)

Example 18 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.

the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldPropagateComparisonType.

@Test
public void shouldPropagateComparisonType() {
    IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withComparisonType(AuthnContextComparisonTypeEnumeration.MINIMUM).buildFromHub();
    AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
    RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
    assertThat(requestedAuthnContext.getComparison()).isEqualTo(AuthnContextComparisonTypeEnumeration.MINIMUM);
}
Also used : IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) IdaAuthnRequestBuilder.anIdaAuthnRequest(uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Test(org.junit.jupiter.api.Test)

Example 19 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.

the class IdaAuthnRequestFromHubToAuthnRequestTransformer method supplementAuthnRequestWithDetails.

protected void supplementAuthnRequestWithDetails(IdaAuthnRequestFromHub originalRequestFromHub, AuthnRequest authnRequest) {
    Conditions conditions = getSamlObjectFactory().createConditions();
    conditions.setNotOnOrAfter(originalRequestFromHub.getSessionExpiryTimestamp());
    authnRequest.setConditions(conditions);
    Scoping scoping = getSamlObjectFactory().createScoping();
    scoping.setProxyCount(0);
    authnRequest.setScoping(scoping);
    AuthnContextComparisonTypeEnumeration comparisonType = originalRequestFromHub.getComparisonType();
    RequestedAuthnContext requestedAuthnContext = getSamlObjectFactory().createRequestedAuthnContext(comparisonType);
    originalRequestFromHub.getLevelsOfAssurance().stream().map(AuthnContext::getUri).map(uri -> getSamlObjectFactory().createAuthnContextClassReference(uri)).forEach(ref -> requestedAuthnContext.getAuthnContextClassRefs().add(ref));
    NameIDPolicy nameIdPolicy = getSamlObjectFactory().createNameIdPolicy();
    nameIdPolicy.setFormat(NameIDType.PERSISTENT);
    nameIdPolicy.setSPNameQualifier(HubConstants.SP_NAME_QUALIFIER);
    nameIdPolicy.setAllowCreate(true);
    authnRequest.setNameIDPolicy(nameIdPolicy);
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);
    if (originalRequestFromHub.getForceAuthentication().isPresent()) {
        authnRequest.setForceAuthn(originalRequestFromHub.getForceAuthentication().get());
    }
}
Also used : AuthnContextComparisonTypeEnumeration(org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration) IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) HubConstants(uk.gov.ida.saml.hub.HubConstants) Inject(com.google.inject.Inject) NameIDType(org.opensaml.saml.saml2.core.NameIDType) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) Scoping(org.opensaml.saml.saml2.core.Scoping) Conditions(org.opensaml.saml.saml2.core.Conditions) OpenSamlXmlObjectFactory(uk.gov.ida.saml.core.OpenSamlXmlObjectFactory) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) Scoping(org.opensaml.saml.saml2.core.Scoping) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContextComparisonTypeEnumeration(org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration) Conditions(org.opensaml.saml.saml2.core.Conditions) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 20 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project ddf by codice.

the class IdpHandler method createAndSignAuthnRequest.

private String createAndSignAuthnRequest(boolean isPost, boolean wantSigned) throws AuthenticationFailureException {
    String spIssuerId = getSpIssuerId();
    String spAssertionConsumerServiceUrl = getSpAssertionConsumerServiceUrl(spIssuerId);
    AuthnRequest authnRequest = authnRequestBuilder.buildObject();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(spIssuerId);
    authnRequest.setIssuer(issuer);
    authnRequest.setAssertionConsumerServiceURL(spAssertionConsumerServiceUrl);
    authnRequest.setID("_" + UUID.randomUUID().toString());
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setDestination(idpMetadata.getSingleSignOnLocation());
    authnRequest.setProtocolBinding(SamlProtocol.POST_BINDING);
    authnRequest.setNameIDPolicy(SamlpRequestComponentBuilder.createNameIDPolicy(true, SAML2Constants.NAMEID_FORMAT_PERSISTENT, spIssuerId));
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    for (String authContextClass : authContextClasses) {
        if (StringUtils.isNotEmpty(authContextClass)) {
            AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
            authnContextClassRef.setAuthnContextClassRef(authContextClass);
            requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
        }
    }
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);
    return serializeAndSign(isPost, wantSigned, authnRequest);
}
Also used : RequestedAuthnContextBuilder(org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder) DateTime(org.joda.time.DateTime)

Aggregations

RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)16 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)13 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)13 lombok.val (lombok.val)5 Test (org.junit.jupiter.api.Test)5 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)5 DateTime (org.joda.time.DateTime)4 Issuer (org.opensaml.saml.saml2.core.Issuer)4 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)4 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3 AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)3 IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)3 XMLObject (org.opensaml.core.xml.XMLObject)2 MessageContext (org.opensaml.messaging.context.MessageContext)2 RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2 JEEContext (org.pac4j.core.context.JEEContext)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 Inject (com.google.inject.Inject)1 StringReader (java.io.StringReader)1