Example 46 with Response
use of org.opensaml.saml.saml2.core.Response in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newResponse.
/**
* Create a new SAML response object.
*
* @param id the id
* @param issueInstant the issue instant
* @param recipient the recipient
* @param service the service
* @return the response
*/
public Response newResponse(final String id, final ZonedDateTime issueInstant, final String recipient, final WebApplicationService service) {
final Response samlResponse = newSamlObject(Response.class);
samlResponse.setID(id);
samlResponse.setIssueInstant(DateTimeUtils.dateTimeOf(issueInstant));
samlResponse.setVersion(SAMLVersion.VERSION_20);
setInResponseToForSamlResponseIfNeeded(service, samlResponse);
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
Example 47 with Response
use of org.opensaml.saml.saml2.core.Response in project cas by apereo.
the class SamlProfileSamlAssertionBuilder method build.
@Override
public Assertion build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response, final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final List<Statement> statements = new ArrayList<>();
statements.add(this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
statements.add(this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
signAssertion(assertion, request, response, service, adaptor);
return assertion;
}
Also used :
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Statement(org.opensaml.saml.saml2.core.Statement)
ArrayList(java.util.ArrayList)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SecureRandom(java.security.SecureRandom)
Example 48 with Response
use of org.opensaml.saml.saml2.core.Response in project cas by apereo.
the class SamlProfileSamlSubjectBuilder method buildSubject.
private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response, assertion, service, adaptor);
final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(), authnRequest.getAssertionConsumerServiceURL(), validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
subject.setNameID(nameID);
return subject;
}
Also used :
NameID(org.opensaml.saml.saml2.core.NameID)
ZonedDateTime(java.time.ZonedDateTime)
Subject(org.opensaml.saml.saml2.core.Subject)
Example 49 with Response
use of org.opensaml.saml.saml2.core.Response in project cas by apereo.
the class SamlObjectEncrypter method encode.
/**
* Encode a given saml object by invoking a number of outbound security handlers on the context.
*
* @param samlObject the saml object
* @param service the service
* @param adaptor the adaptor
* @param response the response
* @param request the request
* @return the t
* @throws SamlException the saml exception
*/
public EncryptedAssertion encode(final Assertion samlObject, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletResponse response, final HttpServletRequest request) throws SamlException {
try {
LOGGER.debug("Attempting to encrypt [{}] for [{}]", samlObject.getClass().getName(), adaptor.getEntityId());
final Credential credential = getKeyEncryptionCredential(adaptor.getEntityId(), adaptor, service);
LOGGER.info("Found encryption public key: [{}]", EncodingUtils.encodeBase64(credential.getPublicKey().getEncoded()));
final KeyEncryptionParameters keyEncParams = getKeyEncryptionParameters(samlObject, service, adaptor, credential);
LOGGER.debug("Key encryption algorithm for [{}] is [{}]", keyEncParams.getRecipient(), keyEncParams.getAlgorithm());
final DataEncryptionParameters dataEncParams = getDataEncryptionParameters(samlObject, service, adaptor);
LOGGER.debug("Data encryption algorithm for [{}] is [{}]", adaptor.getEntityId(), dataEncParams.getAlgorithm());
final Encrypter encrypter = getEncrypter(samlObject, service, adaptor, keyEncParams, dataEncParams);
LOGGER.debug("Attempting to encrypt [{}] for [{}] with key placement of [{}]", samlObject.getClass().getName(), adaptor.getEntityId(), encrypter.getKeyPlacement());
return encrypter.encrypt(samlObject);
} catch (final Exception e) {
throw new SamlException(e.getMessage(), e);
}
}
Also used :
Encrypter(org.opensaml.saml.saml2.encryption.Encrypter)
KeyEncryptionParameters(org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters)
Credential(org.opensaml.security.credential.Credential)
SamlException(org.apereo.cas.support.saml.SamlException)
DataEncryptionParameters(org.opensaml.xmlsec.encryption.support.DataEncryptionParameters)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 50 with Response
use of org.opensaml.saml.saml2.core.Response in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method encode.
@Override
protected Response encode(final SamlRegisteredService service, final Response samlResponse, final HttpServletResponse httpResponse, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState) throws SamlException {
try {
final HTTPPostEncoder encoder = new HTTPPostEncoder();
encoder.setHttpServletResponse(httpResponse);
encoder.setVelocityEngine(this.velocityEngineFactory.createVelocityEngine());
final MessageContext outboundMessageContext = new MessageContext<>();
SamlIdPUtils.preparePeerEntitySamlEndpointContext(outboundMessageContext, adaptor);
outboundMessageContext.setMessage(samlResponse);
SAMLBindingSupport.setRelayState(outboundMessageContext, relayState);
encoder.setMessageContext(outboundMessageContext);
encoder.initialize();
encoder.encode();
return samlResponse;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
HTTPPostEncoder(org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlException(org.apereo.cas.support.saml.SamlException)
Aggregations
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)25
Response (javax.ws.rs.core.Response)19
IOException (java.io.IOException)16
Test (org.junit.Test)16
Matchers.anyString (org.mockito.Matchers.anyString)15
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)11
Document (org.w3c.dom.Document)11
HttpServletResponse (javax.servlet.http.HttpServletResponse)10
ValidationException (ddf.security.samlp.ValidationException)9
Assertion (org.opensaml.saml.saml2.core.Assertion)9
Response (org.opensaml.saml.saml2.core.Response)9
Path (javax.ws.rs.Path)7
XMLStreamException (javax.xml.stream.XMLStreamException)7
DateTime (org.joda.time.DateTime)7
GET (javax.ws.rs.GET)6
MessageContext (org.opensaml.messaging.context.MessageContext)6
Element (org.w3c.dom.Element)6
SimpleSign (ddf.security.samlp.SimpleSign)5
