Example 51 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class IdpHandler method createEcpRelayState.
private String createEcpRelayState(HttpServletRequest request) throws WSSecurityException {
RelayStateBuilder relayStateBuilder = new RelayStateBuilder();
RelayState relayState = relayStateBuilder.buildObject();
relayState.setSOAP11Actor(HTTP_SCHEMAS_XMLSOAP_ORG_SOAP_ACTOR_NEXT);
relayState.setSOAP11MustUnderstand(true);
relayState.setValue(createRelayState(request));
return convertXmlObjectToString(relayState);
}
Also used :
RelayState(org.opensaml.saml.saml2.ecp.RelayState)
RelayStateBuilder(org.opensaml.saml.saml2.ecp.impl.RelayStateBuilder)
Example 52 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class LogoutRequestService method getLogoutRequest.
@GET
public Response getLogoutRequest(@QueryParam(SAML_REQUEST) String deflatedSamlRequest, @QueryParam(SAML_RESPONSE) String deflatedSamlResponse, @QueryParam(RELAY_STATE) String relayState, @QueryParam(SIG_ALG) String signatureAlgorithm, @QueryParam(SIGNATURE) String signature) {
if (deflatedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(deflatedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlRequest, relayState, signatureAlgorithm, signature, logoutRequest);
logout();
String entityId = getEntityId();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(entityId, StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (IOException e) {
String msg = "Unable to decode and inflate logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(deflatedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlResponse, relayState, signatureAlgorithm, signature, logoutResponse);
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
} catch (IOException e) {
String msg = "Unable to decode and inflate logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
GET(javax.ws.rs.GET)
Example 53 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class LogoutRequestService method postLogoutRequest.
@POST
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
public Response postLogoutRequest(@FormParam(SAML_REQUEST) String encodedSamlRequest, @FormParam(SAML_REQUEST) String encodedSamlResponse, @FormParam(RELAY_STATE) String relayState) {
if (encodedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(decodeBase64(encodedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutRequest);
logout();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(logoutRequest.getIssuer().getValue(), StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (WSSecurityException e) {
String msg = "Failed to sign logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(decodeBase64(encodedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutResponse);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
SamlValidator(ddf.security.samlp.impl.SamlValidator)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 54 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class LogoutRequestServiceTest method getPostLogoutRequestNotParsable.
@Test
public void getPostLogoutRequestNotParsable() throws Exception {
String relayState = UUID.randomUUID().toString();
String encodedSamlRequest = "encodedSamlRequest";
Response response = logoutRequestService.postLogoutRequest(encodedSamlRequest, null, relayState);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Unable to parse logout request.".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 55 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestResponseInvalidSignature.
@Test
public void testGetLogoutRequestResponseInvalidSignature() throws Exception {
String signature = "signature";
String signatureAlgorithm = "sha1";
String relayState = UUID.randomUUID().toString();
String deflatedSamlResponse = RestSecurity.deflateAndBase64Encode("deflatedSamlResponse");
LogoutResponse logoutResponse = mock(LogoutResponse.class);
when(logoutMessage.extractSamlLogoutResponse(eq("deflatedSamlResponse"))).thenReturn(logoutResponse);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.init();
Response response = lrs.getLogoutRequest(null, deflatedSamlResponse, relayState, signatureAlgorithm, signature);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Unable to validate".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)16
IOException (java.io.IOException)13
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)13
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
ValidationException (ddf.security.samlp.ValidationException)9
Response (javax.ws.rs.core.Response)9
Document (org.w3c.dom.Document)9
XMLStreamException (javax.xml.stream.XMLStreamException)8
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)7
ByteArrayInputStream (java.io.ByteArrayInputStream)6
Test (org.junit.Test)6
Matchers.anyString (org.mockito.Matchers.anyString)6
Assertion (org.opensaml.saml.saml2.core.Assertion)6
Element (org.w3c.dom.Element)6
SimpleSign (ddf.security.samlp.SimpleSign)5
Path (javax.ws.rs.Path)5
NewCookie (javax.ws.rs.core.NewCookie)5
XMLObject (org.opensaml.core.xml.XMLObject)5
MessageContext (org.opensaml.messaging.context.MessageContext)5
ServletException (javax.servlet.ServletException)4
