Example 16 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class IdpEndpoint method createCookie.
private NewCookie createCookie(HttpServletRequest request, org.opensaml.saml.saml2.core.Response response) {
LOGGER.debug("Creating cookie for user.");
if (response.getAssertions() != null && response.getAssertions().size() > 0) {
Assertion assertion = response.getAssertions().get(0);
if (assertion != null) {
UUID uuid = UUID.randomUUID();
cookieCache.cacheSamlAssertion(uuid.toString(), assertion.getDOM());
URL url;
try {
url = new URL(request.getRequestURL().toString());
LOGGER.debug("Returning new cookie for user.");
return new NewCookie(COOKIE, uuid.toString(), SERVICES_IDP_PATH, url.getHost(), NewCookie.DEFAULT_VERSION, null, -1, null, true, true);
} catch (MalformedURLException e) {
LOGGER.info("Unable to create session cookie. Client will need to log in again.", e);
}
}
}
return null;
}
Also used :
MalformedURLException(java.net.MalformedURLException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
UUID(java.util.UUID)
URL(java.net.URL)
NewCookie(javax.ws.rs.core.NewCookie)
Example 17 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.
@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
String signature = "signature";
String signatureAlgorithm = "sha1";
String relayState = UUID.randomUUID().toString();
String deflatedSamlRequest = RestSecurity.deflateAndBase64Encode("deflatedSamlRequest");
LogoutRequest logoutRequest = mock(LogoutRequest.class);
when(logoutMessage.extractSamlLogoutRequest(eq("deflatedSamlRequest"))).thenReturn(logoutRequest);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.init();
Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, signatureAlgorithm, signature);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Unable to validate".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 18 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class PostRequestDecoder method decodeRequest.
@Override
public AuthnRequest decodeRequest(String samlRequest) {
LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
if (StringUtils.isEmpty(samlRequest)) {
throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
}
String decodedRequest = new String(Base64.getMimeDecoder().decode(samlRequest), StandardCharsets.UTF_8);
ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
Document authnDoc;
try {
authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
} catch (Exception ex) {
throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
}
XMLObject authnXmlObj;
try {
authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
} catch (WSSecurityException ex) {
throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
}
LOGGER.debug("Created AuthnRequest object successfully.");
return (AuthnRequest) authnXmlObj;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Document(org.w3c.dom.Document)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 19 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class RedirectRequestDecoder method decodeRequest.
@Override
public AuthnRequest decodeRequest(String samlRequest) {
LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
if (StringUtils.isEmpty(samlRequest)) {
throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
}
String decodedRequest;
try {
decodedRequest = RestSecurity.inflateBase64(samlRequest);
} catch (IOException e) {
throw new IllegalArgumentException("Unable to decode SAMLRequest: base64/inflate.");
}
ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
Document authnDoc;
try {
authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
} catch (Exception ex) {
throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
}
XMLObject authnXmlObj;
try {
authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
} catch (WSSecurityException ex) {
throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
}
LOGGER.debug("Created AuthnRequest object successfully.");
return (AuthnRequest) authnXmlObj;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 20 with Request
use of org.opensaml.saml.saml2.ecp.Request in project ddf by codice.
the class LogoutRequestServiceTest method testSendLogoutRequestInvalidNumberOfParams.
@Test
public void testSendLogoutRequestInvalidNumberOfParams() throws Exception {
String encryptedNameIdWithTime = nameId + "\n" + time;
when(encryptionService.decrypt(any(String.class))).thenReturn(nameId);
Response response = logoutRequestService.sendLogoutRequest(encryptedNameIdWithTime);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Failed to decrypt logout request params. Invalid number of params.".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)16
IOException (java.io.IOException)13
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)13
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
ValidationException (ddf.security.samlp.ValidationException)9
Response (javax.ws.rs.core.Response)9
Document (org.w3c.dom.Document)9
XMLStreamException (javax.xml.stream.XMLStreamException)8
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)7
ByteArrayInputStream (java.io.ByteArrayInputStream)6
Test (org.junit.Test)6
Matchers.anyString (org.mockito.Matchers.anyString)6
Assertion (org.opensaml.saml.saml2.core.Assertion)6
Element (org.w3c.dom.Element)6
SimpleSign (ddf.security.samlp.SimpleSign)5
Path (javax.ws.rs.Path)5
NewCookie (javax.ws.rs.core.NewCookie)5
XMLObject (org.opensaml.core.xml.XMLObject)5
MessageContext (org.opensaml.messaging.context.MessageContext)5
ServletException (javax.servlet.ServletException)4
