Search in sources :

Example 11 with Response

use of org.opensaml.saml.saml2.core.Response in project ddf by codice.

the class LoginFilter method createStatus.

/**
     * Creates the status object for the response.
     *
     * @param statusCodeValue
     * @param statusMessage
     * @return Status
     */
private static Status createStatus(String statusCodeValue, String statusMessage) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }
    Status status = statusBuilder.buildObject();
    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);
    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }
    return status;
}
Also used : Status(org.opensaml.saml.saml2.core.Status) StatusCode(org.opensaml.saml.saml2.core.StatusCode) StatusMessage(org.opensaml.saml.saml2.core.StatusMessage)

Example 12 with Response

use of org.opensaml.saml.saml2.core.Response in project ddf by codice.

the class SamlProtocolTest method testCreateResponse.

@Test
public void testCreateResponse() throws WSSecurityException {
    Response response = SamlProtocol.createResponse(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createStatus("mystatus"), "myid", null);
    assertEquals("myissuer", response.getIssuer().getValue());
    assertEquals("mystatus", response.getStatus().getStatusCode().getValue());
    assertEquals("myid", response.getInResponseTo());
}
Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(org.opensaml.saml.saml2.core.Response) Test(org.junit.Test)

Example 13 with Response

use of org.opensaml.saml.saml2.core.Response in project ddf by codice.

the class SoapResponseCreator method createEcpResponse.

private String createEcpResponse(AuthnRequest authnRequest) throws WSSecurityException {
    ResponseBuilder responseBuilder = new ResponseBuilder();
    org.opensaml.saml.saml2.ecp.Response response = responseBuilder.buildObject();
    response.setSOAP11Actor(HTTP_SCHEMAS_XMLSOAP_ORG_SOAP_ACTOR_NEXT);
    response.setSOAP11MustUnderstand(true);
    response.setAssertionConsumerServiceURL(getAssertionConsumerServiceURL(authnRequest));
    return convertXmlObjectToString(response);
}
Also used : ResponseBuilder(org.opensaml.saml.saml2.ecp.impl.ResponseBuilder)

Example 14 with Response

use of org.opensaml.saml.saml2.core.Response in project ddf by codice.

the class IdpEndpoint method processPostLogout.

@Override
@POST
@Path("/logout")
public Response processPostLogout(@FormParam(SAML_REQ) final String samlRequest, @FormParam(SAML_RESPONSE) final String samlResponse, @FormParam(RELAY_STATE) final String relayState, @Context final HttpServletRequest request) throws WSSecurityException, IdpException {
    LogoutState logoutState = getLogoutState(request);
    Cookie cookie = getCookie(request);
    try {
        if (samlRequest != null) {
            LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(samlRequest));
            validatePost(request, logoutRequest);
            return handleLogoutRequest(cookie, logoutState, logoutRequest, SamlProtocol.Binding.HTTP_POST, relayState);
        } else if (samlResponse != null) {
            LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(samlResponse));
            String requestId = logoutState != null ? logoutState.getCurrentRequestId() : null;
            validatePost(request, logoutResponse, requestId);
            return handleLogoutResponse(cookie, logoutState, logoutResponse, SamlProtocol.Binding.HTTP_POST);
        }
    } catch (IOException | XMLStreamException e) {
        throw new IdpException("Unable to inflate Saml Object", e);
    } catch (ValidationException e) {
        throw new IdpException("Unable to validate Saml Object", e);
    }
    throw new IdpException("Unable to process logout");
}
Also used : NewCookie(javax.ws.rs.core.NewCookie) Cookie(javax.servlet.http.Cookie) ValidationException(ddf.security.samlp.ValidationException) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) XMLStreamException(javax.xml.stream.XMLStreamException) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) IOException(java.io.IOException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 15 with Response

use of org.opensaml.saml.saml2.core.Response in project ddf by codice.

the class IdpEndpoint method continueLogout.

private Response continueLogout(LogoutState logoutState, Cookie cookie, SamlProtocol.Binding incomingBinding) throws IdpException {
    if (logoutState == null) {
        throw new IdpException("Cannot continue a Logout that doesn't exist!");
    }
    try {
        SignableSAMLObject logoutObject;
        String relay = "";
        String entityId = "";
        SamlProtocol.Type samlType;
        Optional<String> nextTarget = logoutState.getNextTarget();
        if (nextTarget.isPresent()) {
            // Another target exists, log them out
            entityId = nextTarget.get();
            if (logoutState.getOriginalIssuer().equals(entityId)) {
                return continueLogout(logoutState, cookie, incomingBinding);
            }
            LogoutRequest logoutRequest = logoutMessage.buildLogoutRequest(logoutState.getNameId(), SystemBaseUrl.constructUrl("/idp/logout", true));
            logoutState.setCurrentRequestId(logoutRequest.getID());
            logoutObject = logoutRequest;
            samlType = SamlProtocol.Type.REQUEST;
            relay = "";
        } else {
            // No more targets, respond to original issuer
            entityId = logoutState.getOriginalIssuer();
            String status = logoutState.isPartialLogout() ? StatusCode.PARTIAL_LOGOUT : StatusCode.SUCCESS;
            logoutObject = logoutMessage.buildLogoutResponse(SystemBaseUrl.constructUrl("/idp/logout", true), status, logoutState.getOriginalRequestId());
            relay = logoutState.getInitialRelayState();
            LogoutState decode = logoutStates.decode(cookie.getValue(), true);
            samlType = SamlProtocol.Type.RESPONSE;
        }
        LOGGER.debug("Responding to [{}] with a [{}] and relay state [{}]", entityId, samlType, relay);
        EntityInformation.ServiceInfo entityServiceInfo = serviceProviders.get(entityId).getLogoutService(incomingBinding);
        if (entityServiceInfo == null) {
            LOGGER.info("Could not find entity service info for {}", entityId);
            return continueLogout(logoutState, cookie, incomingBinding);
        }
        switch(entityServiceInfo.getBinding()) {
            case HTTP_REDIRECT:
                return getSamlRedirectResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
            case HTTP_POST:
                return getSamlPostResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
            default:
                LOGGER.debug("No supported binding available for SP [{}].", entityId);
                logoutState.setPartialLogout(true);
                return continueLogout(logoutState, cookie, incomingBinding);
        }
    } catch (WSSecurityException | SimpleSign.SignatureException | IOException e) {
        LOGGER.debug("Error while processing logout", e);
    }
    throw new IdpException("Server error while processing logout");
}
Also used : WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) SamlProtocol(ddf.security.samlp.SamlProtocol) SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) EntityInformation(ddf.security.samlp.impl.EntityInformation) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)

Aggregations

Response (org.opensaml.saml.saml2.core.Response)241 Test (org.junit.jupiter.api.Test)183 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)94 Assertion (org.opensaml.saml.saml2.core.Assertion)82 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)61 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)52 Element (org.w3c.dom.Element)51 Status (org.opensaml.saml.saml2.core.Status)50 Document (org.w3c.dom.Document)43 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)42 DateTime (org.joda.time.DateTime)42 Response (javax.ws.rs.core.Response)38 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)34 lombok.val (lombok.val)32 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)30 Issuer (org.opensaml.saml.saml2.core.Issuer)30 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27 Test (org.junit.Test)26 IOException (java.io.IOException)25 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)24