Examples with Response org.opensaml.saml.saml2.core.Response used on opensource projects

Example 21 with Response

use of org.opensaml.saml.saml2.core.Response in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorServiceTest method setup.

@Before
public void setup() throws Exception {
    IdaSamlBootstrap.bootstrap();
    service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
    Response eidasSAMLResponse = (Response) buildResponseFromFile();
    ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
    List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
    when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
    when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
    when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
    doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
    when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
    when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
    when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
    when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}

Example 22 with Response

use of org.opensaml.saml.saml2.core.Response in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorService method toModel.

private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
    Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
    Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
    IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
    return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}

Example 23 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class Saml2AttributeQueryProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SOAP_ATTRIBUTE_QUERY)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
    final MessageContext ctx = decodeSoapRequest(request);
    final AttributeQuery query = (AttributeQuery) ctx.getMessage();
    try {
        final String issuer = query.getIssuer().getValue();
        final SamlRegisteredService service = verifySamlRegisteredService(issuer);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, query);
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, query, facade);
        final Map<String, Object> attrs = new LinkedHashMap<>();
        if (query.getAttributes().isEmpty()) {
            final String id = this.samlAttributeQueryTicketFactory.createTicketIdFor(query.getSubject().getNameID().getValue());
            final SamlAttributeQueryTicket ticket = this.ticketRegistry.getTicket(id, SamlAttributeQueryTicket.class);
            final Authentication authentication = ticket.getTicketGrantingTicket().getAuthentication();
            final Principal principal = authentication.getPrincipal();
            final Map<String, Object> authnAttrs = authentication.getAttributes();
            final Map<String, Object> principalAttrs = principal.getAttributes();
            query.getAttributes().forEach(a -> {
                if (authnAttrs.containsKey(a.getName())) {
                    attrs.put(a.getName(), authnAttrs.get(a.getName()));
                } else if (principalAttrs.containsKey(a.getName())) {
                    attrs.put(a.getName(), principalAttrs.get(a.getName()));
                }
            });
        }
        final Assertion casAssertion = buildCasAssertion(issuer, service, attrs);
        this.responseBuilder.build(query, request, response, casAssertion, service, facade, SAMLConstants.SAML2_SOAP11_BINDING_URI);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
        samlFaultResponseBuilder.build(query, request, response, null, null, null, SAMLConstants.SAML2_SOAP11_BINDING_URI);
    }
}

Example 24 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class SSOSamlProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.

private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
    final AuthnRequest authnRequest = pair.getKey();
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    this.ticketValidator.setRenew(authnRequest.isForceAuthn());
    final String serviceUrl = constructServiceUrl(request, response, pair);
    LOGGER.trace("Created service url for validation: [{}]", serviceUrl);
    final Assertion assertion = this.ticketValidator.validate(ticket, serviceUrl);
    logCasValidationAssertion(assertion);
    return assertion;
}

Example 25 with Response

use of org.opensaml.saml.saml2.core.Response in project cas by apereo.

the class AbstractSamlProfileHandlerController method constructServiceUrl.

/**
 * Construct service url string.
 *
 * @param request  the request
 * @param response the response
 * @param pair     the pair
 * @return the string
 * @throws SamlException the saml exception
 */
@SneakyThrows
protected String constructServiceUrl(final HttpServletRequest request, final HttpServletResponse response, final Pair<? extends SignableSAMLObject, MessageContext> pair) throws SamlException {
    final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
    final MessageContext messageContext = pair.getRight();
    try (StringWriter writer = SamlUtils.transformSamlObject(this.configBean, authnRequest)) {
        final URLBuilder builder = new URLBuilder(this.callbackService.getId());
        builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_ENTITY_ID, SamlIdPUtils.getIssuerFromSamlRequest(authnRequest)));
        final String samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
        builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest));
        builder.getQueryParams().add(new net.shibboleth.utilities.java.support.collection.Pair<>(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE, SAMLBindingSupport.getRelayState(messageContext)));
        final String url = builder.buildURL();
        LOGGER.trace("Built service callback url [{}]", url);
        return CommonUtils.constructServiceUrl(request, response, url, casProperties.getServer().getName(), CasProtocolConstants.PARAMETER_SERVICE, CasProtocolConstants.PARAMETER_TICKET, false);
    }
}