use of org.opensaml.saml.saml2.core.Status in project testcases by coheigea.
the class SAML2PResponseComponentBuilder method createStatus.
@SuppressWarnings("unchecked")
public static Status createStatus(String statusCodeValue, String statusMessage) {
if (statusBuilder == null) {
statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
}
if (statusCodeBuilder == null) {
statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
}
if (statusMessageBuilder == null) {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
return status;
}
use of org.opensaml.saml.saml2.core.Status in project testcases by coheigea.
the class SamlSso method createResponse.
private Element createResponse(String requestID, String racs, String requestIssuer) throws Exception {
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
Status status = SAML2PResponseComponentBuilder.createStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null);
Response response = SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setIssuer(issuer);
String user = messageContext.getSecurityContext().getUserPrincipal().getName();
callbackHandler.setSubjectName(user);
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(messageContext.getHttpServletRequest().getRemoteAddr());
subjectConfirmationData.setInResponseTo(requestID);
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(racs);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
// Audience Restriction
ConditionsBean conditions = new ConditionsBean();
conditions.setTokenPeriodMinutes(5);
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Crypto issuerCrypto = CryptoFactory.getInstance("stsKeystore.properties");
assertion.signAssertion("mystskey", "stskpass", issuerCrypto, false);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
return policyElement;
}
use of org.opensaml.saml.saml2.core.Status in project syncope by apache.
the class SAML2SPLogic method validateLogoutResponse.
@PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))")
public void validateLogoutResponse(final String accessToken, final SAML2ReceivedResponseTO response) {
check();
// 1. fetch the current JWT used for Syncope authentication
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
throw new IllegalArgumentException("Invalid signature found in Access Token");
}
// 2. extract raw SAML response and relay state
JwsJwtCompactConsumer relayState = null;
Boolean useDeflateEncoding = false;
if (StringUtils.isNotBlank(response.getRelayState())) {
// first checks for the provided relay state, if available
relayState = new JwsJwtCompactConsumer(response.getRelayState());
if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
throw new IllegalArgumentException("Invalid signature found in Relay State");
}
Long expiryTime = relayState.getJwtClaims().getExpiryTime();
if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) {
throw new IllegalArgumentException("Relay State is expired");
}
useDeflateEncoding = Boolean.valueOf(relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString());
}
// 3. parse the provided SAML response
LogoutResponse logoutResponse;
try {
XMLObject responseObject = saml2rw.read(useDeflateEncoding, response.getSamlResponse());
if (!(responseObject instanceof LogoutResponse)) {
throw new IllegalArgumentException("Expected " + LogoutResponse.class.getName() + ", got " + responseObject.getClass().getName());
}
logoutResponse = (LogoutResponse) responseObject;
} catch (Exception e) {
LOG.error("While parsing LogoutResponse", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
// 4. if relay state was available, check the SAML Reponse's InResponseTo
if (relayState != null && !relayState.getJwtClaims().getSubject().equals(logoutResponse.getInResponseTo())) {
throw new IllegalArgumentException("Unmatching request ID: " + logoutResponse.getInResponseTo());
}
// 5. finally check for the logout status
if (StatusCode.SUCCESS.equals(logoutResponse.getStatus().getStatusCode().getValue())) {
accessTokenDAO.delete(consumer.getJwtClaims().getTokenId());
} else {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
if (logoutResponse.getStatus().getStatusMessage() == null) {
sce.getElements().add(logoutResponse.getStatus().getStatusCode().getValue());
} else {
sce.getElements().add(logoutResponse.getStatus().getStatusMessage().getMessage());
}
throw sce;
}
}
use of org.opensaml.saml.saml2.core.Status in project syncope by apache.
the class SAML2PResponseComponentBuilder method createSAMLResponse.
public static Response createSAMLResponse(final String inResponseTo, final String issuer, final Status status) {
if (responseBuilder == null) {
responseBuilder = new ResponseBuilder();
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
use of org.opensaml.saml.saml2.core.Status in project ddf by codice.
the class SamlProtocol method createLogoutResponse.
public static LogoutWrapper<LogoutResponse> createLogoutResponse(Issuer issuer, Status status, String inResponseTo, String id) {
LogoutResponse logoutResponse = logoutResponseBuilder.buildObject();
logoutResponse.setID(id);
logoutResponse.setIssuer(issuer);
logoutResponse.setStatus(status);
if (StringUtils.isNotBlank(inResponseTo)) {
logoutResponse.setInResponseTo(inResponseTo);
}
logoutResponse.setIssueInstant(DateTime.now());
logoutResponse.setVersion(SAMLVersion.VERSION_20);
return new LogoutWrapperImpl<>(logoutResponse);
}
Aggregations