Example 1 with Status
use of org.opensaml.saml.saml2.core.Status in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
}
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Status(org.opensaml.saml.saml2.core.Status)
SAMLObject(org.opensaml.saml.common.SAMLObject)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SecureRandom(java.security.SecureRandom)
Example 2 with Status
use of org.opensaml.saml.saml2.core.Status in project ddf by codice.
the class LoginFilter method createSamlResponse.
/**
* Creates the SAML response that we use for validation against the CXF
* code.
*
* @param inResponseTo
* @param issuer
* @param status
* @return Response
*/
private static Response createSamlResponse(String inResponseTo, String issuer, Status status) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ServletResponse(javax.servlet.ServletResponse)
DateTime(org.joda.time.DateTime)
Example 3 with Status
use of org.opensaml.saml.saml2.core.Status in project ddf by codice.
the class LoginFilter method createStatus.
/**
* Creates the status object for the response.
*
* @param statusCodeValue
* @param statusMessage
* @return Status
*/
private static Status createStatus(String statusCodeValue, String statusMessage) {
if (statusBuilder == null) {
statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
}
if (statusCodeBuilder == null) {
statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
}
if (statusMessageBuilder == null) {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
return status;
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
StatusCode(org.opensaml.saml.saml2.core.StatusCode)
StatusMessage(org.opensaml.saml.saml2.core.StatusMessage)
Example 4 with Status
use of org.opensaml.saml.saml2.core.Status in project ddf by codice.
the class IdpEndpoint method continueLogout.
private Response continueLogout(LogoutState logoutState, Cookie cookie, SamlProtocol.Binding incomingBinding) throws IdpException {
if (logoutState == null) {
throw new IdpException("Cannot continue a Logout that doesn't exist!");
}
try {
SignableSAMLObject logoutObject;
String relay = "";
String entityId = "";
SamlProtocol.Type samlType;
Optional<String> nextTarget = logoutState.getNextTarget();
if (nextTarget.isPresent()) {
// Another target exists, log them out
entityId = nextTarget.get();
if (logoutState.getOriginalIssuer().equals(entityId)) {
return continueLogout(logoutState, cookie, incomingBinding);
}
LogoutRequest logoutRequest = logoutMessage.buildLogoutRequest(logoutState.getNameId(), SystemBaseUrl.constructUrl("/idp/logout", true));
logoutState.setCurrentRequestId(logoutRequest.getID());
logoutObject = logoutRequest;
samlType = SamlProtocol.Type.REQUEST;
relay = "";
} else {
// No more targets, respond to original issuer
entityId = logoutState.getOriginalIssuer();
String status = logoutState.isPartialLogout() ? StatusCode.PARTIAL_LOGOUT : StatusCode.SUCCESS;
logoutObject = logoutMessage.buildLogoutResponse(SystemBaseUrl.constructUrl("/idp/logout", true), status, logoutState.getOriginalRequestId());
relay = logoutState.getInitialRelayState();
LogoutState decode = logoutStates.decode(cookie.getValue(), true);
samlType = SamlProtocol.Type.RESPONSE;
}
LOGGER.debug("Responding to [{}] with a [{}] and relay state [{}]", entityId, samlType, relay);
EntityInformation.ServiceInfo entityServiceInfo = serviceProviders.get(entityId).getLogoutService(incomingBinding);
if (entityServiceInfo == null) {
LOGGER.info("Could not find entity service info for {}", entityId);
return continueLogout(logoutState, cookie, incomingBinding);
}
switch(entityServiceInfo.getBinding()) {
case HTTP_REDIRECT:
return getSamlRedirectResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
case HTTP_POST:
return getSamlPostResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
default:
LOGGER.debug("No supported binding available for SP [{}].", entityId);
logoutState.setPartialLogout(true);
return continueLogout(logoutState, cookie, incomingBinding);
}
} catch (WSSecurityException | SimpleSign.SignatureException | IOException e) {
LOGGER.debug("Error while processing logout", e);
}
throw new IdpException("Server error while processing logout");
}
Also used :
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
SamlProtocol(ddf.security.samlp.SamlProtocol)
SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject)
EntityInformation(ddf.security.samlp.impl.EntityInformation)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Example 5 with Status
use of org.opensaml.saml.saml2.core.Status in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorService method toModel.
private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}
Also used :
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer)
Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty)
Subject(org.opensaml.saml.saml2.core.Subject)
IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper)
ResponseFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseFromCountryValidator)
SamlResponseSignatureValidator(uk.gov.ida.saml.security.validators.signature.SamlResponseSignatureValidator)
Inject(javax.inject.Inject)
Assertion(org.opensaml.saml.saml2.core.Assertion)
AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
ResponseAssertionsFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseAssertionsFromCountryValidator)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)
AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)
List(java.util.List)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
DestinationValidator(uk.gov.ida.saml.core.validators.DestinationValidator)
Optional(java.util.Optional)
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
NameID(org.opensaml.saml.saml2.core.NameID)
SamlAssertionsSignatureValidator(uk.gov.ida.saml.security.SamlAssertionsSignatureValidator)
InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
Subject(org.opensaml.saml.saml2.core.Subject)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
Aggregations
Status (org.opensaml.saml.saml2.core.Status)103
Test (org.junit.jupiter.api.Test)83
Response (org.opensaml.saml.saml2.core.Response)59
StatusCode (org.opensaml.saml.saml2.core.StatusCode)33
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)33
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)27
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)22
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)20
Document (org.w3c.dom.Document)20
TransactionIdaStatus (uk.gov.ida.saml.core.domain.TransactionIdaStatus)20
Element (org.w3c.dom.Element)19
StatusBuilder.aStatus (uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)19
DateTime (org.joda.time.DateTime)17
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)16
ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16
OpenSamlXmlObjectFactory (uk.gov.ida.saml.core.OpenSamlXmlObjectFactory)14
StatusCodeBuilder.aStatusCode (uk.gov.ida.saml.core.test.builders.StatusCodeBuilder.aStatusCode)14
Crypto (org.apache.wss4j.common.crypto.Crypto)9
SamlStatusCode (uk.gov.ida.saml.core.domain.SamlStatusCode)9
InputStream (java.io.InputStream)8
