Examples with RelayState org.opensaml.saml.saml2.ecp.RelayState used on opensource projects

Search in sources :

Example 1 with RelayState

use of org.opensaml.saml.saml2.ecp.RelayState in project cas by apereo.

the class SamlProfileSamlSoap11ResponseBuilder method encode.

@Override
protected Envelope encode(final SamlRegisteredService service, final Envelope envelope, final HttpServletResponse httpResponse, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState) throws SamlException {
    try {
        final MessageContext result = new MessageContext();
        final SOAP11Context ctx = result.getSubcontext(SOAP11Context.class, true);
        ctx.setEnvelope(envelope);
        final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
        encoder.setHttpServletResponse(httpResponse);
        encoder.setMessageContext(result);
        encoder.initialize();
        encoder.encode();
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
    return envelope;
}
Also used : SOAP11Context(org.opensaml.soap.messaging.context.SOAP11Context) HTTPSOAP11Encoder(org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder) MessageContext(org.opensaml.messaging.context.MessageContext) SamlException(org.apereo.cas.support.saml.SamlException)

Example 2 with RelayState

use of org.opensaml.saml.saml2.ecp.RelayState in project ddf by codice.

the class IdpEndpoint method processPostLogout.

@Override
@POST
@Path("/logout")
public Response processPostLogout(@FormParam(SAML_REQ) final String samlRequest, @FormParam(SAML_RESPONSE) final String samlResponse, @FormParam(RELAY_STATE) final String relayState, @Context final HttpServletRequest request) throws WSSecurityException, IdpException {
    LogoutState logoutState = getLogoutState(request);
    Cookie cookie = getCookie(request);
    try {
        if (samlRequest != null) {
            LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(samlRequest));
            validatePost(request, logoutRequest);
            return handleLogoutRequest(cookie, logoutState, logoutRequest, SamlProtocol.Binding.HTTP_POST, relayState);
        } else if (samlResponse != null) {
            LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(samlResponse));
            String requestId = logoutState != null ? logoutState.getCurrentRequestId() : null;
            validatePost(request, logoutResponse, requestId);
            return handleLogoutResponse(cookie, logoutState, logoutResponse, SamlProtocol.Binding.HTTP_POST);
        }
    } catch (IOException | XMLStreamException e) {
        throw new IdpException("Unable to inflate Saml Object", e);
    } catch (ValidationException e) {
        throw new IdpException("Unable to validate Saml Object", e);
    }
    throw new IdpException("Unable to process logout");
}
Also used : NewCookie(javax.ws.rs.core.NewCookie) Cookie(javax.servlet.http.Cookie) ValidationException(ddf.security.samlp.ValidationException) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) XMLStreamException(javax.xml.stream.XMLStreamException) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) IOException(java.io.IOException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 3 with RelayState

use of org.opensaml.saml.saml2.ecp.RelayState in project ddf by codice.

the class IdpEndpoint method doSoapLogin.

@POST
@Path("/login")
@Consumes({ "text/xml", "application/soap+xml" })
public Response doSoapLogin(InputStream body, @Context HttpServletRequest request) {
    if (!request.isSecure()) {
        throw new IllegalArgumentException("Authn Request must use TLS.");
    }
    SoapBinding soapBinding = new SoapBinding(systemCrypto, serviceProviders);
    try {
        String bodyStr = IOUtils.toString(body);
        AuthnRequest authnRequest = soapBinding.decoder().decodeRequest(bodyStr);
        String relayState = ((SoapRequestDecoder) soapBinding.decoder()).decodeRelayState(bodyStr);
        soapBinding.validator().validateRelayState(relayState);
        soapBinding.validator().validateAuthnRequest(authnRequest, bodyStr, null, null, null, strictSignature);
        boolean hasCookie = hasValidCookie(request, authnRequest.isForceAuthn());
        AuthObj authObj = determineAuthMethod(bodyStr, authnRequest);
        org.opensaml.saml.saml2.core.Response response = handleLogin(authnRequest, authObj.method, request, authObj, authnRequest.isPassive(), hasCookie);
        Response samlpResponse = soapBinding.creator().getSamlpResponse(relayState, authnRequest, response, null, soapMessage);
        samlpResponse.getHeaders().put("SOAPAction", Collections.singletonList("http://www.oasis-open.org/committees/security"));
        return samlpResponse;
    } catch (IOException e) {
        LOGGER.debug("Unable to decode SOAP AuthN Request", e);
    } catch (SimpleSign.SignatureException e) {
        LOGGER.debug("Unable to validate signature.", e);
    } catch (ValidationException e) {
        LOGGER.debug("Unable to validate request.", e);
    } catch (SecurityServiceException e) {
        LOGGER.debug("Unable to authenticate user.", e);
    } catch (WSSecurityException | IllegalArgumentException e) {
        LOGGER.debug("Bad request.", e);
    }
    return null;
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) ValidationException(ddf.security.samlp.ValidationException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SoapRequestDecoder(org.codice.ddf.security.idp.binding.soap.SoapRequestDecoder) IOException(java.io.IOException) SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(javax.ws.rs.core.Response) SimpleSign(ddf.security.samlp.SimpleSign) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 4 with RelayState

use of org.opensaml.saml.saml2.ecp.RelayState in project ddf by codice.

the class SoapResponseCreator method createEcpRelayState.

private String createEcpRelayState(String relayStateStr) throws WSSecurityException {
    RelayStateBuilder relayStateBuilder = new RelayStateBuilder();
    RelayState relayState = relayStateBuilder.buildObject();
    relayState.setSOAP11Actor(HTTP_SCHEMAS_XMLSOAP_ORG_SOAP_ACTOR_NEXT);
    relayState.setSOAP11MustUnderstand(true);
    relayState.setValue(relayStateStr);
    return convertXmlObjectToString(relayState);
}
Also used : RelayState(org.opensaml.saml.saml2.ecp.RelayState) RelayStateBuilder(org.opensaml.saml.saml2.ecp.impl.RelayStateBuilder)

Example 5 with RelayState

use of org.opensaml.saml.saml2.ecp.RelayState in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.

@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
    String signature = "signature";
    String signatureAlgorithm = "sha1";
    String relayState = UUID.randomUUID().toString();
    String deflatedSamlRequest = RestSecurity.deflateAndBase64Encode("deflatedSamlRequest");
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    when(logoutMessage.extractSamlLogoutRequest(eq("deflatedSamlRequest"))).thenReturn(logoutRequest);
    LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
    lrs.setEncryptionService(encryptionService);
    lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
    lrs.setLogoutMessage(logoutMessage);
    lrs.setRequest(request);
    lrs.setSessionFactory(sessionFactory);
    lrs.init();
    Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, signatureAlgorithm, signature);
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    String msg = "Unable to validate".replaceAll(" ", "+");
    assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(javax.ws.rs.core.Response) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Aggregations

LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)18 Response (javax.ws.rs.core.Response)14 Test (org.junit.Test)10 Matchers.anyString (org.mockito.Matchers.anyString)10 IOException (java.io.IOException)9 ValidationException (ddf.security.samlp.ValidationException)8 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)8 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 XMLStreamException (javax.xml.stream.XMLStreamException)6 Path (javax.ws.rs.Path)5 SimpleSign (ddf.security.samlp.SimpleSign)4 GET (javax.ws.rs.GET)4 NewCookie (javax.ws.rs.core.NewCookie)4 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)4 SecurityServiceException (ddf.security.service.SecurityServiceException)3 URI (java.net.URI)3 POST (javax.ws.rs.POST)3 DateTime (org.joda.time.DateTime)3 URISyntaxException (java.net.URISyntaxException)2 Cookie (javax.servlet.http.Cookie)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial