Examples with Status org.opensaml.saml.saml2.core.Status used on opensource projects

Search in sources :

Example 76 with Status

use of org.opensaml.saml.saml2.core.Status in project testcases by coheigea.

the class SAML2PResponseComponentBuilder method createStatus.

@SuppressWarnings("unchecked")
public static Status createStatus(String statusCodeValue, String statusMessage) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }
    Status status = statusBuilder.buildObject();
    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);
    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }
    return status;
}
Also used : Status(org.opensaml.saml.saml2.core.Status) StatusCode(org.opensaml.saml.saml2.core.StatusCode) StatusMessage(org.opensaml.saml.saml2.core.StatusMessage)

Example 77 with Status

use of org.opensaml.saml.saml2.core.Status in project testcases by coheigea.

the class SamlSso method createResponse.

private Element createResponse(String requestID, String racs, String requestIssuer) throws Exception {
    DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
    Document doc = docBuilder.newDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setIssuer(issuer);
    String user = messageContext.getSecurityContext().getUserPrincipal().getName();
    callbackHandler.setSubjectName(user);
    // Subject Confirmation Data
    SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
    subjectConfirmationData.setAddress(messageContext.getHttpServletRequest().getRemoteAddr());
    subjectConfirmationData.setInResponseTo(requestID);
    subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
    subjectConfirmationData.setRecipient(racs);
    callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
    // Audience Restriction
    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(conditions);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = CryptoFactory.getInstance("stsKeystore.properties");
    assertion.signAssertion("mystskey", "stskpass", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    return policyElement;
}
Also used : Status(org.opensaml.saml.saml2.core.Status) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Element(org.w3c.dom.Element) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) DateTime(org.joda.time.DateTime) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) DocumentBuilder(javax.xml.parsers.DocumentBuilder) SubjectConfirmationDataBean(org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 78 with Status

use of org.opensaml.saml.saml2.core.Status in project syncope by apache.

the class SAML2SPLogic method validateLogoutResponse.

@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))")
public void validateLogoutResponse(final String accessToken, final SAML2ReceivedResponseTO response) {
    check();
    // 1. fetch the current JWT used for Syncope authentication
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
    if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
        throw new IllegalArgumentException("Invalid signature found in Access Token");
    }
    // 2. extract raw SAML response and relay state
    JwsJwtCompactConsumer relayState = null;
    Boolean useDeflateEncoding = false;
    if (StringUtils.isNotBlank(response.getRelayState())) {
        // first checks for the provided relay state, if available
        relayState = new JwsJwtCompactConsumer(response.getRelayState());
        if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
            throw new IllegalArgumentException("Invalid signature found in Relay State");
        }
        Long expiryTime = relayState.getJwtClaims().getExpiryTime();
        if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) {
            throw new IllegalArgumentException("Relay State is expired");
        }
        useDeflateEncoding = Boolean.valueOf(relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString());
    }
    // 3. parse the provided SAML response
    LogoutResponse logoutResponse;
    try {
        XMLObject responseObject = saml2rw.read(useDeflateEncoding, response.getSamlResponse());
        if (!(responseObject instanceof LogoutResponse)) {
            throw new IllegalArgumentException("Expected " + LogoutResponse.class.getName() + ", got " + responseObject.getClass().getName());
        }
        logoutResponse = (LogoutResponse) responseObject;
    } catch (Exception e) {
        LOG.error("While parsing LogoutResponse", e);
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
        sce.getElements().add(e.getMessage());
        throw sce;
    }
    // 4. if relay state was available, check the SAML Reponse's InResponseTo
    if (relayState != null && !relayState.getJwtClaims().getSubject().equals(logoutResponse.getInResponseTo())) {
        throw new IllegalArgumentException("Unmatching request ID: " + logoutResponse.getInResponseTo());
    }
    // 5. finally check for the logout status
    if (StatusCode.SUCCESS.equals(logoutResponse.getStatus().getStatusCode().getValue())) {
        accessTokenDAO.delete(consumer.getJwtClaims().getTokenId());
    } else {
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
        if (logoutResponse.getStatus().getStatusMessage() == null) {
            sce.getElements().add(logoutResponse.getStatus().getStatusCode().getValue());
        } else {
            sce.getElements().add(logoutResponse.getStatus().getStatusMessage().getMessage());
        }
        throw sce;
    }
}
Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) XMLObject(org.opensaml.core.xml.XMLObject) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) Date(java.util.Date) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 79 with Status

use of org.opensaml.saml.saml2.core.Status in project syncope by apache.

the class SAML2PResponseComponentBuilder method createSAMLResponse.

public static Response createSAMLResponse(final String inResponseTo, final String issuer, final Status status) {
    if (responseBuilder == null) {
        responseBuilder = new ResponseBuilder();
    }
    Response response = responseBuilder.buildObject();
    response.setID(UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);
    return response;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) ResponseBuilder(org.opensaml.saml.saml2.core.impl.ResponseBuilder) DateTime(org.joda.time.DateTime)

Example 80 with Status

use of org.opensaml.saml.saml2.core.Status in project ddf by codice.

the class SamlProtocol method createLogoutResponse.

public static LogoutWrapper<LogoutResponse> createLogoutResponse(Issuer issuer, Status status, String inResponseTo, String id) {
    LogoutResponse logoutResponse = logoutResponseBuilder.buildObject();
    logoutResponse.setID(id);
    logoutResponse.setIssuer(issuer);
    logoutResponse.setStatus(status);
    if (StringUtils.isNotBlank(inResponseTo)) {
        logoutResponse.setInResponseTo(inResponseTo);
    }
    logoutResponse.setIssueInstant(DateTime.now());
    logoutResponse.setVersion(SAMLVersion.VERSION_20);
    return new LogoutWrapperImpl<>(logoutResponse);
}
Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)

Aggregations

Status (org.opensaml.saml.saml2.core.Status)103 Test (org.junit.jupiter.api.Test)83 Response (org.opensaml.saml.saml2.core.Response)59 StatusCode (org.opensaml.saml.saml2.core.StatusCode)33 IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)33 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)27 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)22 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)20 Document (org.w3c.dom.Document)20 TransactionIdaStatus (uk.gov.ida.saml.core.domain.TransactionIdaStatus)20 Element (org.w3c.dom.Element)19 StatusBuilder.aStatus (uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)19 DateTime (org.joda.time.DateTime)17 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)16 ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16 OpenSamlXmlObjectFactory (uk.gov.ida.saml.core.OpenSamlXmlObjectFactory)14 StatusCodeBuilder.aStatusCode (uk.gov.ida.saml.core.test.builders.StatusCodeBuilder.aStatusCode)14 Crypto (org.apache.wss4j.common.crypto.Crypto)9 SamlStatusCode (uk.gov.ida.saml.core.domain.SamlStatusCode)9 InputStream (java.io.InputStream)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial