Search in sources :

Example 76 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method build.

@Audit(action = "SAML2_RESPONSE", actionResolverName = "SAML2_RESPONSE_ACTION_RESOLVER", resourceResolverName = "SAML2_RESPONSE_RESOURCE_RESOLVER")
@Override
public T build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor, binding);
    final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response, binding);
    return encodeFinalResponse(request, response, service, adaptor, finalResponse, binding, authnRequest, casAssertion);
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Audit(org.apereo.inspektr.audit.annotation.Audit)

Example 77 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileArtifactResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final org.jasig.cas.client.validation.Assertion castedAssertion = org.jasig.cas.client.validation.Assertion.class.cast(casAssertion);
    final SamlArtifactTicket ticket = (SamlArtifactTicket) castedAssertion.getAttributes().get("artifact");
    final ArtifactResponse artifactResponse = new ArtifactResponseBuilder().buildObject();
    artifactResponse.setIssueInstant(DateTime.now());
    artifactResponse.setIssuer(newIssuer(ticket.getIssuer()));
    artifactResponse.setInResponseTo(ticket.getRelyingPartyId());
    artifactResponse.setID(ticket.getId());
    artifactResponse.setStatus(newStatus(StatusCode.SUCCESS, "Success"));
    final SAMLObject samlResponse = SamlUtils.transformSamlObject(configBean, ticket.getObject(), SAMLObject.class);
    artifactResponse.setMessage(samlResponse);
    final Header header = newSoapObject(Header.class);
    final Body body = newSoapObject(Body.class);
    body.getUnknownXMLObjects().add(artifactResponse);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.configBean, envelope);
    return envelope;
}
Also used : Header(org.opensaml.soap.soap11.Header) SAMLObject(org.opensaml.saml.common.SAMLObject) ArtifactResponse(org.opensaml.saml.saml2.core.ArtifactResponse) ArtifactResponseBuilder(org.opensaml.saml.saml2.core.impl.ArtifactResponseBuilder) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Example 78 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileAttributeQueryResponseBuilder method build.

@Override
public Envelope build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final AttributeQuery query = (AttributeQuery) authnRequest;
    final Header header = newSoapObject(Header.class);
    final Body body = newSoapObject(Body.class);
    final Response saml2Response = buildSaml2Response(casAssertion, query, service, adaptor, request, SAMLConstants.SAML2_POST_BINDING_URI);
    body.getUnknownXMLObjects().add(saml2Response);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.configBean, envelope);
    return encodeFinalResponse(request, response, service, adaptor, envelope, binding, authnRequest, casAssertion);
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(org.opensaml.saml.saml2.core.Response) Header(org.opensaml.soap.soap11.Header) AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Example 79 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
    @NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    LOGGER.debug("Located assertion consumer service url [{}]", acs);
    final Response ecpResponse = newEcpResponse(acs.getLocation());
    final Header header = newSoapObject(Header.class);
    header.getUnknownXMLObjects().add(ecpResponse);
    final Body body = newSoapObject(Body.class);
    final org.opensaml.saml.saml2.core.Response saml2Response = buildSaml2Response(casAssertion, authnRequest, service, adaptor, request, binding);
    body.getUnknownXMLObjects().add(saml2Response);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.configBean, envelope);
    return envelope;
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(org.opensaml.saml.saml2.ecp.Response) Header(org.opensaml.soap.soap11.Header) NonNull(lombok.NonNull) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Example 80 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileSamlSubjectBuilder method buildSubject.

private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final RequestAbstractType authnRequest, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = Assertion.class.cast(casAssertion);
    final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
    LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
    @NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
    if (StringUtils.isBlank(location)) {
        LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
    }
    final NameID nameId = getNameIdForService(request, response, authnRequest, service, adaptor, binding, assertion);
    final Subject subject = newSubject(nameId, service.isSkipGeneratingSubjectConfirmationRecipient() ? null : location, service.isSkipGeneratingSubjectConfirmationNotOnOrAfter() ? null : validFromDate.plusSeconds(this.skewAllowance), service.isSkipGeneratingSubjectConfirmationInResponseTo() ? null : authnRequest.getID(), service.isSkipGeneratingSubjectConfirmationNotBefore() ? null : ZonedDateTime.now());
    LOGGER.debug("Created SAML subject [{}]", subject);
    return subject;
}
Also used : ZonedDateTime(java.time.ZonedDateTime) NameID(org.opensaml.saml.saml2.core.NameID) NonNull(lombok.NonNull) Assertion(org.jasig.cas.client.validation.Assertion) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) Subject(org.opensaml.saml.saml2.core.Subject)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)24 IOException (java.io.IOException)13 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)13 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)11 Test (org.junit.Test)10 ValidationException (ddf.security.samlp.ValidationException)9 Response (javax.ws.rs.core.Response)9 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)9 Assertion (org.jasig.cas.client.validation.Assertion)9 MessageContext (org.opensaml.messaging.context.MessageContext)9 Assertion (org.opensaml.saml.saml2.core.Assertion)9 Document (org.w3c.dom.Document)9 XMLStreamException (javax.xml.stream.XMLStreamException)8 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)8 NameID (org.opensaml.saml.saml2.core.NameID)7 ByteArrayInputStream (java.io.ByteArrayInputStream)6 SimpleSign (ddf.security.samlp.SimpleSign)5 ZonedDateTime (java.time.ZonedDateTime)5 Path (javax.ws.rs.Path)5