Search in sources :

Example 1 with Scoping

use of org.opensaml.saml.saml2.core.Scoping in project cas by apereo.

the class SamlIdPDelegatedClientAuthenticationRequestCustomizerTests method setAuthnRequestFor.

private void setAuthnRequestFor(final JEEContext webContext, final String... allowedIdps) throws Exception {
    val service = getSamlRegisteredServiceFor("https://cassp.example.org");
    service.setId(RandomUtils.nextInt());
    val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, service);
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Scoping.DEFAULT_ELEMENT_NAME);
    val scoping = (Scoping) builder.buildObject(Scoping.DEFAULT_ELEMENT_NAME);
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(IDPList.DEFAULT_ELEMENT_NAME);
    val idpList = (IDPList) builder.buildObject(IDPList.DEFAULT_ELEMENT_NAME);
    Arrays.stream(allowedIdps).forEach(idp -> {
        val idpEntry = (IDPEntry) openSamlConfigBean.getBuilderFactory().getBuilder(IDPEntry.DEFAULT_ELEMENT_NAME).buildObject(IDPEntry.DEFAULT_ELEMENT_NAME);
        idpEntry.setProviderID(idp);
        idpList.getIDPEntrys().add(idpEntry);
    });
    scoping.setIDPList(idpList);
    authnRequest.setScoping(scoping);
    storeRequest(authnRequest, webContext);
}
Also used : lombok.val(lombok.val) Scoping(org.opensaml.saml.saml2.core.Scoping) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) IDPList(org.opensaml.saml.saml2.core.IDPList) IDPEntry(org.opensaml.saml.saml2.core.IDPEntry)

Example 2 with Scoping

use of org.opensaml.saml.saml2.core.Scoping in project verify-hub by alphagov.

the class IdaAuthnRequestFromHubToAuthnRequestTransformer method supplementAuthnRequestWithDetails.

protected void supplementAuthnRequestWithDetails(IdaAuthnRequestFromHub originalRequestFromHub, AuthnRequest authnRequest) {
    Conditions conditions = getSamlObjectFactory().createConditions();
    conditions.setNotOnOrAfter(originalRequestFromHub.getSessionExpiryTimestamp());
    authnRequest.setConditions(conditions);
    Scoping scoping = getSamlObjectFactory().createScoping();
    scoping.setProxyCount(0);
    authnRequest.setScoping(scoping);
    AuthnContextComparisonTypeEnumeration comparisonType = originalRequestFromHub.getComparisonType();
    RequestedAuthnContext requestedAuthnContext = getSamlObjectFactory().createRequestedAuthnContext(comparisonType);
    originalRequestFromHub.getLevelsOfAssurance().stream().map(AuthnContext::getUri).map(uri -> getSamlObjectFactory().createAuthnContextClassReference(uri)).forEach(ref -> requestedAuthnContext.getAuthnContextClassRefs().add(ref));
    NameIDPolicy nameIdPolicy = getSamlObjectFactory().createNameIdPolicy();
    nameIdPolicy.setFormat(NameIDType.PERSISTENT);
    nameIdPolicy.setSPNameQualifier(HubConstants.SP_NAME_QUALIFIER);
    nameIdPolicy.setAllowCreate(true);
    authnRequest.setNameIDPolicy(nameIdPolicy);
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);
    if (originalRequestFromHub.getForceAuthentication().isPresent()) {
        authnRequest.setForceAuthn(originalRequestFromHub.getForceAuthentication().get());
    }
}
Also used : AuthnContextComparisonTypeEnumeration(org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration) IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) HubConstants(uk.gov.ida.saml.hub.HubConstants) Inject(com.google.inject.Inject) NameIDType(org.opensaml.saml.saml2.core.NameIDType) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) Scoping(org.opensaml.saml.saml2.core.Scoping) Conditions(org.opensaml.saml.saml2.core.Conditions) OpenSamlXmlObjectFactory(uk.gov.ida.saml.core.OpenSamlXmlObjectFactory) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) Scoping(org.opensaml.saml.saml2.core.Scoping) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContextComparisonTypeEnumeration(org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration) Conditions(org.opensaml.saml.saml2.core.Conditions) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Aggregations

Scoping (org.opensaml.saml.saml2.core.Scoping)2 Inject (com.google.inject.Inject)1 lombok.val (lombok.val)1 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)1 AuthnContextComparisonTypeEnumeration (org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration)1 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)1 Conditions (org.opensaml.saml.saml2.core.Conditions)1 IDPEntry (org.opensaml.saml.saml2.core.IDPEntry)1 IDPList (org.opensaml.saml.saml2.core.IDPList)1 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)1 NameIDType (org.opensaml.saml.saml2.core.NameIDType)1 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)1 OpenSamlXmlObjectFactory (uk.gov.ida.saml.core.OpenSamlXmlObjectFactory)1 AuthnContext (uk.gov.ida.saml.core.domain.AuthnContext)1 HubConstants (uk.gov.ida.saml.hub.HubConstants)1 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)1