Example 21 with StatusCode
use of org.opensaml.saml.saml2.core.StatusCode in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method validateSamlProtocolResponse.
/**
* Validates the SAML protocol response:
* - IssueInstant
* - Issuer
* - StatusCode
* - Signature
*
* @param response the response
* @param context the context
* @param engine the engine
*/
protected final void validateSamlProtocolResponse(final Response response, final SAML2MessageContext context, final SignatureTrustEngine engine) {
if (!StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) {
String status = response.getStatus().getStatusCode().getValue();
if (response.getStatus().getStatusMessage() != null) {
status += " / " + response.getStatus().getStatusMessage().getMessage();
}
throw new SAMLException("Authentication response is not success ; actual " + status);
}
if (response.getSignature() != null) {
final String entityId = context.getSAMLPeerEntityContext().getEntityId();
validateSignature(response.getSignature(), entityId, engine);
context.getSAMLPeerEntityContext().setAuthenticated(true);
}
if (!isIssueInstantValid(response.getIssueInstant())) {
throw new SAMLIssueInstantException("Response issue instant is too old or in the future");
}
AuthnRequest request = null;
final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
if (messageStorage != null && response.getInResponseTo() != null) {
final XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
if (xmlObject == null) {
throw new SAMLInResponseToMismatchException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
} else if (xmlObject instanceof AuthnRequest) {
request = (AuthnRequest) xmlObject;
} else {
throw new SAMLInResponseToMismatchException("Sent request was of different type than the expected AuthnRequest " + response.getInResponseTo());
}
}
verifyEndpoint(context.getSAMLEndpointContext().getEndpoint(), response.getDestination());
if (request != null) {
verifyRequest(request, context);
}
if (response.getIssuer() != null) {
validateIssuer(response.getIssuer(), context);
}
}
Also used :
SAMLInResponseToMismatchException(org.pac4j.saml.exceptions.SAMLInResponseToMismatchException)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
XMLObject(org.opensaml.core.xml.XMLObject)
SAMLIssueInstantException(org.pac4j.saml.exceptions.SAMLIssueInstantException)
SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 22 with StatusCode
use of org.opensaml.saml.saml2.core.StatusCode in project testcases by coheigea.
the class SAML2PResponseComponentBuilder method createStatus.
@SuppressWarnings("unchecked")
public static Status createStatus(String statusCodeValue, String statusMessage) {
if (statusBuilder == null) {
statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
}
if (statusCodeBuilder == null) {
statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
}
if (statusMessageBuilder == null) {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
return status;
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
StatusCode(org.opensaml.saml.saml2.core.StatusCode)
StatusMessage(org.opensaml.saml.saml2.core.StatusMessage)
Example 23 with StatusCode
use of org.opensaml.saml.saml2.core.StatusCode in project cloudstack by apache.
the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.
private Response buildMockResponse() throws Exception {
Response samlMessage = new ResponseBuilder().buildObject();
samlMessage.setID("foo");
samlMessage.setVersion(SAMLVersion.VERSION_20);
samlMessage.setIssueInstant(new DateTime(0));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("MockedIssuer");
samlMessage.setIssuer(issuer);
Status status = new StatusBuilder().buildObject();
StatusCode statusCode = new StatusCodeBuilder().buildObject();
statusCode.setValue(StatusCode.SUCCESS_URI);
status.setStatusCode(statusCode);
samlMessage.setStatus(status);
Assertion assertion = new AssertionBuilder().buildObject();
Subject subject = new SubjectBuilder().buildObject();
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue("SOME-UNIQUE-ID");
nameID.setFormat(NameIDType.PERSISTENT);
subject.setNameID(nameID);
assertion.setSubject(subject);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setSessionIndex("Some Session String");
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
assertion.getAttributeStatements().add(attributeStatement);
samlMessage.getAssertions().add(assertion);
return samlMessage;
}
Also used :
Status(org.opensaml.saml2.core.Status)
AttributeStatementBuilder(org.opensaml.saml2.core.impl.AttributeStatementBuilder)
StatusCodeBuilder(org.opensaml.saml2.core.impl.StatusCodeBuilder)
Issuer(org.opensaml.saml2.core.Issuer)
NameID(org.opensaml.saml2.core.NameID)
Assertion(org.opensaml.saml2.core.Assertion)
AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder)
AuthnStatementBuilder(org.opensaml.saml2.core.impl.AuthnStatementBuilder)
StatusCode(org.opensaml.saml2.core.StatusCode)
DateTime(org.joda.time.DateTime)
Subject(org.opensaml.saml2.core.Subject)
Response(org.opensaml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder)
AttributeStatement(org.opensaml.saml2.core.AttributeStatement)
AuthnStatement(org.opensaml.saml2.core.AuthnStatement)
StatusBuilder(org.opensaml.saml2.core.impl.StatusBuilder)
IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder)
ResponseBuilder(org.opensaml.saml2.core.impl.ResponseBuilder)
SubjectBuilder(org.opensaml.saml2.core.impl.SubjectBuilder)
Example 24 with StatusCode
use of org.opensaml.saml.saml2.core.StatusCode in project spring-security by spring-projects.
the class OpenSamlLogoutResponseResolver method resolve.
Saml2LogoutResponse resolve(HttpServletRequest request, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutResponse> logoutResponseConsumer) {
String registrationId = getRegistrationId(authentication);
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
if (registration == null) {
return null;
}
if (registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation() == null) {
return null;
}
String serialized = request.getParameter(Saml2ParameterNames.SAML_REQUEST);
byte[] b = Saml2Utils.samlDecode(serialized);
LogoutRequest logoutRequest = parse(inflateIfRequired(registration, b));
LogoutResponse logoutResponse = this.logoutResponseBuilder.buildObject();
logoutResponse.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
Issuer issuer = this.issuerBuilder.buildObject();
issuer.setValue(registration.getEntityId());
logoutResponse.setIssuer(issuer);
StatusCode code = this.statusCodeBuilder.buildObject();
code.setValue(StatusCode.SUCCESS);
Status status = this.statusBuilder.buildObject();
status.setStatusCode(code);
logoutResponse.setStatus(status);
logoutResponse.setInResponseTo(logoutRequest.getID());
if (logoutResponse.getID() == null) {
logoutResponse.setID("LR" + UUID.randomUUID());
}
logoutResponseConsumer.accept(registration, logoutResponse);
Saml2LogoutResponse.Builder result = Saml2LogoutResponse.withRelyingPartyRegistration(registration);
if (registration.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
String xml = serialize(OpenSamlSigningUtils.sign(logoutResponse, registration));
String samlResponse = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
result.samlResponse(samlResponse);
if (request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
result.relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE));
}
return result.build();
} else {
String xml = serialize(logoutResponse);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
result.samlResponse(deflatedAndEncoded);
QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_RESPONSE, deflatedAndEncoded);
if (request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
partial.param(Saml2ParameterNames.RELAY_STATE, request.getParameter(Saml2ParameterNames.RELAY_STATE));
}
return result.parameters((params) -> params.putAll(partial.parameters())).build();
}
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Status(org.opensaml.saml.saml2.core.Status)
QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial)
LogoutResponseBuilder(org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Status(org.opensaml.saml.saml2.core.Status)
StatusCode(org.opensaml.saml.saml2.core.StatusCode)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport)
Document(org.w3c.dom.Document)
BiConsumer(java.util.function.BiConsumer)
StatusCodeBuilder(org.opensaml.saml.saml2.core.impl.StatusCodeBuilder)
MarshallingException(org.opensaml.core.xml.io.MarshallingException)
QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial)
RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
ConfigurationService(org.opensaml.core.config.ConfigurationService)
UUID(java.util.UUID)
StandardCharsets(java.nio.charset.StandardCharsets)
XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport)
StatusBuilder(org.opensaml.saml.saml2.core.impl.StatusBuilder)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
ParserPool(net.shibboleth.utilities.java.support.xml.ParserPool)
LogoutResponseMarshaller(org.opensaml.saml.saml2.core.impl.LogoutResponseMarshaller)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Element(org.w3c.dom.Element)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Log(org.apache.commons.logging.Log)
LogFactory(org.apache.commons.logging.LogFactory)
Authentication(org.springframework.security.core.Authentication)
Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)
LogoutRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.LogoutRequestUnmarshaller)
Assert(org.springframework.util.Assert)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
Issuer(org.opensaml.saml.saml2.core.Issuer)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
StatusCode(org.opensaml.saml.saml2.core.StatusCode)
Example 25 with StatusCode
use of org.opensaml.saml.saml2.core.StatusCode in project spring-security by spring-projects.
the class TestOpenSamlObjects method assertingPartyLogoutResponse.
public static LogoutResponse assertingPartyLogoutResponse(RelyingPartyRegistration registration) {
LogoutResponseBuilder logoutResponseBuilder = new LogoutResponseBuilder();
LogoutResponse logoutResponse = logoutResponseBuilder.buildObject();
logoutResponse.setID("id");
StatusBuilder statusBuilder = new StatusBuilder();
StatusCodeBuilder statusCodeBuilder = new StatusCodeBuilder();
StatusCode code = statusCodeBuilder.buildObject();
code.setValue(StatusCode.SUCCESS);
Status status = statusBuilder.buildObject();
status.setStatusCode(code);
logoutResponse.setStatus(status);
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
logoutResponse.setIssuer(issuer);
logoutResponse.setDestination(registration.getSingleLogoutServiceResponseLocation());
return logoutResponse;
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
StatusCodeBuilder(org.opensaml.saml.saml2.core.impl.StatusCodeBuilder)
LogoutResponseBuilder(org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Issuer(org.opensaml.saml.saml2.core.Issuer)
StatusBuilder(org.opensaml.saml.saml2.core.impl.StatusBuilder)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
StatusCode(org.opensaml.saml.saml2.core.StatusCode)
Aggregations
StatusCode (org.opensaml.saml.saml2.core.StatusCode)36
Status (org.opensaml.saml.saml2.core.Status)30
Test (org.junit.jupiter.api.Test)18
OpenSamlXmlObjectFactory (uk.gov.ida.saml.core.OpenSamlXmlObjectFactory)14
StatusCodeBuilder.aStatusCode (uk.gov.ida.saml.core.test.builders.StatusCodeBuilder.aStatusCode)14
SamlStatusCode (uk.gov.ida.saml.core.domain.SamlStatusCode)11
StatusBuilder.aStatus (uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)10
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)9
StatusMessage (org.opensaml.saml.saml2.core.StatusMessage)6
SamlTransformationErrorFactory.invalidStatusCode (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.invalidStatusCode)5
SamlTransformationErrorFactory.invalidSubStatusCode (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.invalidSubStatusCode)5
Issuer (org.opensaml.saml.saml2.core.Issuer)4
StatusBuilder (org.opensaml.saml.saml2.core.impl.StatusBuilder)4
StatusCodeBuilder (org.opensaml.saml.saml2.core.impl.StatusCodeBuilder)4
TransactionIdaStatus (uk.gov.ida.saml.core.domain.TransactionIdaStatus)4
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)3
SamlValidationException (uk.gov.ida.saml.hub.exception.SamlValidationException)3
XMLObject (org.opensaml.core.xml.XMLObject)2
Response (org.opensaml.saml.saml2.core.Response)2
IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)2
