Example 16 with RelayState
use of org.opensaml.saml.saml2.ecp.RelayState in project verify-hub by alphagov.
the class SamlMessageReceiverApiResourceTest method shouldErrorWhenAuthnRequestIsNotSigned.
@Test
public void shouldErrorWhenAuthnRequestIsNotSigned() throws Exception {
AuthnRequest authnRequest = anAuthnRequest().withIssuer(anIssuer().withIssuerId(TEST_RP).build()).withDestination(Endpoints.SSO_REQUEST_ENDPOINT).withId(AuthnRequestIdGenerator.generateRequestId()).withoutSignatureElement().build();
SamlRequestDto authnRequestWrapper = new SamlRequestDto(authnRequestToStringTransformer.apply(authnRequest), "relayState", "ipAddress");
Response clientResponse = postSAML(authnRequestWrapper, Urls.SamlProxyUrls.SAML2_SSO_RECEIVER_API_ROOT);
assertError(clientResponse, ExceptionType.INVALID_SAML);
}
Also used :
Response(javax.ws.rs.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)
SamlRequestDto(uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto)
Test(org.junit.Test)
Example 17 with RelayState
use of org.opensaml.saml.saml2.ecp.RelayState in project cas by apereo.
the class BaseSamlResponseEncoder method encode.
/**
* Encode.
*
* @param samlResponse the saml response
* @param relayState the relay state
* @return the response
* @throws SamlException the saml exception
*/
@SneakyThrows
public final Response encode(final Response samlResponse, final String relayState) throws SamlException {
if (httpResponse != null) {
final BaseSAML2MessageEncoder encoder = getMessageEncoderInstance();
encoder.setHttpServletResponse(httpResponse);
final MessageContext ctx = getEncoderMessageContext(samlResponse, relayState);
encoder.setMessageContext(ctx);
finalizeEncode(encoder, samlResponse, relayState);
}
return samlResponse;
}
Also used :
BaseSAML2MessageEncoder(org.opensaml.saml.saml2.binding.encoding.impl.BaseSAML2MessageEncoder)
MessageContext(org.opensaml.messaging.context.MessageContext)
SneakyThrows(lombok.SneakyThrows)
Example 18 with RelayState
use of org.opensaml.saml.saml2.ecp.RelayState in project cas by apereo.
the class SamlResponseArtifactEncoder method finalizeEncode.
@Override
protected void finalizeEncode(final BaseSAML2MessageEncoder e, final Response samlResponse, final String relayState) throws Exception {
final HTTPArtifactEncoder encoder = (HTTPArtifactEncoder) e;
encoder.setArtifactMap(this.samlArtifactMap);
final MessageContext ctx = getEncoderMessageContext(samlResponse, relayState);
prepareArtifactContext(samlResponse, ctx);
encoder.setMessageContext(ctx);
super.finalizeEncode(encoder, samlResponse, relayState);
}
Also used :
MessageContext(org.opensaml.messaging.context.MessageContext)
HTTPArtifactEncoder(org.opensaml.saml.saml2.binding.encoding.impl.HTTPArtifactEncoder)
Example 19 with RelayState
use of org.opensaml.saml.saml2.ecp.RelayState in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method encode.
@Override
protected Response encode(final SamlRegisteredService service, final Response samlResponse, final HttpServletResponse httpResponse, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState) throws SamlException {
try {
final HTTPPostEncoder encoder = new HTTPPostEncoder();
encoder.setHttpServletResponse(httpResponse);
encoder.setVelocityEngine(this.velocityEngineFactory.createVelocityEngine());
final MessageContext outboundMessageContext = new MessageContext<>();
SamlIdPUtils.preparePeerEntitySamlEndpointContext(outboundMessageContext, adaptor);
outboundMessageContext.setMessage(samlResponse);
SAMLBindingSupport.setRelayState(outboundMessageContext, relayState);
encoder.setMessageContext(outboundMessageContext);
encoder.initialize();
encoder.encode();
return samlResponse;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
HTTPPostEncoder(org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 20 with RelayState
use of org.opensaml.saml.saml2.ecp.RelayState in project ddf by codice.
the class LogoutRequestService method getLogoutRequest.
@GET
public Response getLogoutRequest(@QueryParam(SAML_REQUEST) String deflatedSamlRequest, @QueryParam(SAML_RESPONSE) String deflatedSamlResponse, @QueryParam(RELAY_STATE) String relayState, @QueryParam(SIG_ALG) String signatureAlgorithm, @QueryParam(SIGNATURE) String signature) {
if (deflatedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(deflatedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlRequest, relayState, signatureAlgorithm, signature, logoutRequest);
logout();
String entityId = getEntityId();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(entityId, StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (IOException e) {
String msg = "Unable to decode and inflate logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(deflatedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlResponse, relayState, signatureAlgorithm, signature, logoutResponse);
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
} catch (IOException e) {
String msg = "Unable to decode and inflate logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
GET(javax.ws.rs.GET)
Aggregations
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)18
Response (javax.ws.rs.core.Response)15
Test (org.junit.Test)12
Matchers.anyString (org.mockito.Matchers.anyString)11
IOException (java.io.IOException)9
ValidationException (ddf.security.samlp.ValidationException)8
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)8
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
XMLStreamException (javax.xml.stream.XMLStreamException)6
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)6
Path (javax.ws.rs.Path)5
MessageContext (org.opensaml.messaging.context.MessageContext)5
SimpleSign (ddf.security.samlp.SimpleSign)4
GET (javax.ws.rs.GET)4
NewCookie (javax.ws.rs.core.NewCookie)4
Document (org.w3c.dom.Document)4
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)4
SecurityServiceException (ddf.security.service.SecurityServiceException)3
URI (java.net.URI)3
POST (javax.ws.rs.POST)3
