Examples with Response org.opensaml.saml.saml2.core.Response used on opensource projects

Example 51 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
    final Response ecpResponse = newEcpResponse(adaptor.getAssertionConsumerService().getLocation());
    final Header header = newSoapObject(Header.class);
    header.getUnknownXMLObjects().add(ecpResponse);
    final Body body = newSoapObject(Body.class);
    final org.opensaml.saml.saml2.core.Response saml2Response = (org.opensaml.saml.saml2.core.Response) saml2ResponseBuilder.build(authnRequest, request, response, casAssertion, service, adaptor);
    body.getUnknownXMLObjects().add(saml2Response);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    return envelope;
}

Example 52 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class AbstractSamlSLOProfileHandlerController method handleSloProfileRequest.

/**
     * Handle profile request.
     *
     * @param response the response
     * @param request  the request
     * @param decoder  the decoder
     * @throws Exception the exception
     */
protected void handleSloProfileRequest(final HttpServletResponse response, final HttpServletRequest request, final BaseHttpServletRequestXMLMessageDecoder decoder) throws Exception {
    if (singleLogoutCallbacksDisabled) {
        LOGGER.info("Processing SAML IdP SLO requests is disabled");
        return;
    }
    final Pair<? extends SignableSAMLObject, MessageContext> pair = decodeSamlContextFromHttpRequest(request, decoder, LogoutRequest.class);
    final LogoutRequest logoutRequest = LogoutRequest.class.cast(pair.getKey());
    final MessageContext ctx = pair.getValue();
    if (this.forceSignedLogoutRequests && !SAMLBindingSupport.isMessageSigned(ctx)) {
        throw new SAMLException("Logout request is not signed but should be.");
    }
    if (SAMLBindingSupport.isMessageSigned(ctx)) {
        final MetadataResolver resolver = SamlIdPUtils.getMetadataResolverForAllSamlServices(this.servicesManager, SamlIdPUtils.getIssuerFromSamlRequest(logoutRequest), this.samlRegisteredServiceCachingMetadataResolver);
        this.samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(logoutRequest, resolver, request, ctx);
    }
    SamlUtils.logSamlObject(this.configBean, logoutRequest);
    response.sendRedirect(this.logoutUrl);
}

Example 53 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class SSOPostProfileCallbackHandlerController method handleCallbackProfileRequest.

/**
     * Handle callback profile request.
     *
     * @param response the response
     * @param request  the request
     * @throws Exception the exception
     */
@GetMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK)
protected void handleCallbackProfileRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
    final AuthnRequest authnRequest = retrieveSamlAuthenticationRequestFromHttpRequest(request);
    if (authnRequest == null) {
        LOGGER.error("Can not validate the request because the original Authn request can not be found.");
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    if (StringUtils.isBlank(ticket)) {
        LOGGER.error("Can not validate the request because no [{}] is provided via the request", CasProtocolConstants.PARAMETER_TICKET);
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    final Pair<AuthnRequest, MessageContext> authenticationContext = buildAuthenticationContextPair(request, authnRequest);
    final Assertion assertion = validateRequestAndBuildCasAssertion(response, request, authenticationContext);
    buildSamlResponse(response, request, authenticationContext, assertion);
}

Example 54 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class SamlIdPUtils method getAssertionConsumerServiceFor.

/**
     * Gets assertion consumer service for.
     *
     * @param authnRequest    the authn request
     * @param servicesManager the services manager
     * @param resolver        the resolver
     * @return the assertion consumer service for
     */
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
    try {
        final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
        if (authnRequest.getAssertionConsumerServiceIndex() != null) {
            final String issuer = getIssuerFromSamlRequest(authnRequest);
            final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
            final CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(issuer));
            criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
            criteriaSet.add(new BindingCriterion(Arrays.asList(SAMLConstants.SAML2_POST_BINDING_URI)));
            final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
            it.forEach(entityDescriptor -> {
                final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
                final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
                if (acsEndpoints.isEmpty()) {
                    throw new RuntimeException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
                }
                final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
                if (acsIndex + 1 > acsEndpoints.size()) {
                    throw new RuntimeException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
                }
                final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
                acs.setBinding(foundAcs.getBinding());
                acs.setLocation(foundAcs.getLocation());
                acs.setResponseLocation(foundAcs.getResponseLocation());
                acs.setIndex(acsIndex);
            });
        } else {
            acs.setBinding(authnRequest.getProtocolBinding());
            acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
            acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
            acs.setIndex(0);
            acs.setIsDefault(Boolean.TRUE);
        }
        LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
        if (StringUtils.isBlank(acs.getBinding())) {
            throw new SamlException("AssertionConsumerService has no protocol binding defined");
        }
        if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
            throw new SamlException("AssertionConsumerService has no location or response location defined");
        }
        return acs;
    } catch (final Exception e) {
        throw new RuntimeException(new SamlException(e.getMessage(), e));
    }
}

Example 55 with Response

use of org.opensaml.saml.saml2.core.Response in project cloudstack by apache.

the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.

private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}