Search in sources :

Example 1 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method build.

@Override
public T build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response, final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor);
    final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response);
    return encodeFinalResponse(request, response, service, adaptor, finalResponse);
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion)

Example 2 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method encryptAssertion.

/**
     * Encrypt assertion.
     *
     * @param assertion the assertion
     * @param request   the request
     * @param response  the response
     * @param service   the service
     * @param adaptor   the adaptor
     * @return the saml object
     * @throws SamlException the saml exception
     */
protected SAMLObject encryptAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    try {
        if (service.isEncryptAssertions()) {
            LOGGER.info("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
            final EncryptedAssertion encryptedAssertion = this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
            return encryptedAssertion;
        }
        LOGGER.info("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
        return assertion;
    } catch (final Exception e) {
        throw new SamlException("Unable to marshall assertion for encryption", e);
    }
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) SamlException(org.apereo.cas.support.saml.SamlException) SamlException(org.apereo.cas.support.saml.SamlException)

Example 3 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
    }
    return samlResponse;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(org.opensaml.saml.saml2.core.Status) SAMLObject(org.opensaml.saml.common.SAMLObject) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) SecureRandom(java.security.SecureRandom)

Example 4 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SSOPostProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.

private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
    final AuthnRequest authnRequest = pair.getKey();
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(this.serverPrefix);
    validator.setRenew(authnRequest.isForceAuthn());
    final String serviceUrl = constructServiceUrl(request, response, pair);
    LOGGER.debug("Created service url for validation: [{}]", serviceUrl);
    final Assertion assertion = validator.validate(ticket, serviceUrl);
    logCasValidationAssertion(assertion);
    return assertion;
}
Also used : Cas30ServiceTicketValidator(org.jasig.cas.client.validation.Cas30ServiceTicketValidator) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Assertion(org.jasig.cas.client.validation.Assertion)

Example 5 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildSubjectLocality.

/**
     * Build subject locality subject locality.
     *
     * @param assertion    the assertion
     * @param authnRequest the authn request
     * @param adaptor      the adaptor
     * @return the subject locality
     * @throws SamlException the saml exception
     */
protected SubjectLocality buildSubjectLocality(final Assertion assertion, final AuthnRequest authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final SubjectLocality subjectLocality = newSamlObject(SubjectLocality.class);
    subjectLocality.setAddress(SamlIdPUtils.getIssuerFromSamlRequest(authnRequest));
    return subjectLocality;
}
Also used : SubjectLocality(org.opensaml.saml.saml2.core.SubjectLocality)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)16 IOException (java.io.IOException)13 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)13 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 ValidationException (ddf.security.samlp.ValidationException)9 Response (javax.ws.rs.core.Response)9 Document (org.w3c.dom.Document)9 XMLStreamException (javax.xml.stream.XMLStreamException)8 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)7 ByteArrayInputStream (java.io.ByteArrayInputStream)6 Test (org.junit.Test)6 Matchers.anyString (org.mockito.Matchers.anyString)6 Assertion (org.opensaml.saml.saml2.core.Assertion)6 Element (org.w3c.dom.Element)6 SimpleSign (ddf.security.samlp.SimpleSign)5 Path (javax.ws.rs.Path)5 NewCookie (javax.ws.rs.core.NewCookie)5 XMLObject (org.opensaml.core.xml.XMLObject)5 MessageContext (org.opensaml.messaging.context.MessageContext)5 ServletException (javax.servlet.ServletException)4