Examples with Request org.opensaml.saml.saml2.ecp.Request used on opensource projects

Example 41 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method encryptAssertion.

/**
 * Encrypt assertion.
 *
 * @param assertion the assertion
 * @param request   the request
 * @param response  the response
 * @param service   the service
 * @param adaptor   the adaptor
 * @return the saml object
 * @throws SamlException the saml exception
 */
protected SAMLObject encryptAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    if (service.isEncryptAssertions()) {
        LOGGER.debug("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
        final EncryptedAssertion encryptedAssertion = this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
        return encryptedAssertion;
    }
    LOGGER.debug("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
    return assertion;
}

Example 42 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
public Response buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    if (casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
        storeAttributeQueryTicketInRegistry(assertion, request, adaptor);
    }
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, null);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request, binding);
        SamlUtils.logSamlObject(configBean, samlResponse);
    }
    return samlResponse;
}

Example 43 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class ECPProfileHandlerController method handleEcpRequest.

/**
 * Handle ecp request.
 *
 * @param response    the response
 * @param request     the request
 * @param soapContext the soap context
 * @param credential  the credential
 * @param binding     the binding
 */
protected void handleEcpRequest(final HttpServletResponse response, final HttpServletRequest request, final MessageContext soapContext, final Credential credential, final String binding) {
    LOGGER.debug("Handling ECP request for SOAP context [{}]", soapContext);
    final Envelope envelope = soapContext.getSubcontext(SOAP11Context.class).getEnvelope();
    SamlUtils.logSamlObject(configBean, envelope);
    final AuthnRequest authnRequest = (AuthnRequest) soapContext.getMessage();
    final Pair<AuthnRequest, MessageContext> authenticationContext = Pair.of(authnRequest, soapContext);
    try {
        LOGGER.debug("Verifying ECP authentication request [{}]", authnRequest);
        final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> serviceRequest = verifySamlAuthenticationRequest(authenticationContext, request);
        LOGGER.debug("Attempting to authenticate ECP request for credential id [{}]", credential.getId());
        final Authentication authentication = authenticateEcpRequest(credential, authenticationContext);
        LOGGER.debug("Authenticated [{}] successfully with authenticated principal [{}]", credential.getId(), authentication.getPrincipal());
        LOGGER.debug("Building ECP SAML response for [{}]", credential.getId());
        final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
        final Service service = webApplicationServiceFactory.createService(issuer);
        final Assertion casAssertion = buildCasAssertion(authentication, service, serviceRequest.getKey(), new LinkedHashMap<>());
        LOGGER.debug("CAS assertion to use for building ECP SAML response is [{}]", casAssertion);
        buildSamlResponse(response, request, authenticationContext, casAssertion, binding);
    } catch (final AuthenticationException e) {
        LOGGER.error(e.getMessage(), e);
        final String error = e.getHandlerErrors().values().stream().map(Throwable::getMessage).filter(Objects::nonNull).collect(Collectors.joining(","));
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, error));
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, e.getMessage()));
    }
}

Example 44 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cxf by apache.

the class SamlRequestComponentBuilder method createAuthzDecisionQuery.

@SuppressWarnings("unchecked")
public static XACMLAuthzDecisionQueryType createAuthzDecisionQuery(boolean inputContextOnly, boolean returnContext, String issuerValue, RequestType request, String namespace) {
    if (xacmlAuthzDecisionQueryTypeBuilder == null) {
        xacmlAuthzDecisionQueryTypeBuilder = (XACMLObjectBuilder<XACMLAuthzDecisionQueryType>) builderFactory.getBuilder(XACMLAuthzDecisionQueryType.DEFAULT_ELEMENT_NAME_XACML20);
    }
    XACMLAuthzDecisionQueryType authzQuery = xacmlAuthzDecisionQueryTypeBuilder.buildObject(namespace, XACMLAuthzDecisionQueryType.DEFAULT_ELEMENT_LOCAL_NAME, SAMLProfileConstants.SAML20XACMLPROTOCOL_PREFIX);
    authzQuery.setID("_" + UUID.randomUUID().toString());
    authzQuery.setVersion(SAMLVersion.VERSION_20);
    authzQuery.setIssueInstant(new DateTime());
    authzQuery.setInputContextOnly(Boolean.valueOf(inputContextOnly));
    authzQuery.setReturnContext(Boolean.valueOf(returnContext));
    if (issuerValue != null) {
        Issuer issuer = createIssuer(issuerValue);
        authzQuery.setIssuer(issuer);
    }
    authzQuery.setRequest(request);
    return authzQuery;
}

Example 45 with Request

use of org.opensaml.saml.saml2.ecp.Request in project cas by apereo.

the class BaseSamlRegisteredServiceAttributeReleasePolicy method getAttributesInternal.

@Override
public Map<String, Object> getAttributesInternal(final Principal principal, final Map<String, Object> attributes, final RegisteredService service) {
    if (service instanceof SamlRegisteredService) {
        final SamlRegisteredService saml = (SamlRegisteredService) service;
        final HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
        if (request == null) {
            LOGGER.warn("Could not locate the request context to process attributes");
            return super.getAttributesInternal(principal, attributes, service);
        }
        String entityId = request.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
        if (StringUtils.isBlank(entityId)) {
            final String svcParam = request.getParameter(CasProtocolConstants.PARAMETER_SERVICE);
            if (StringUtils.isNotBlank(svcParam)) {
                try {
                    final URIBuilder builder = new URIBuilder(svcParam);
                    entityId = builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).map(NameValuePair::getValue).findFirst().orElse(StringUtils.EMPTY);
                } catch (final Exception e) {
                    LOGGER.error(e.getMessage());
                }
            }
        }
        final ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
        if (ctx == null) {
            LOGGER.warn("Could not locate the application context to process attributes");
            return super.getAttributesInternal(principal, attributes, service);
        }
        final SamlRegisteredServiceCachingMetadataResolver resolver = ctx.getBean("defaultSamlRegisteredServiceCachingMetadataResolver", SamlRegisteredServiceCachingMetadataResolver.class);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> facade = SamlRegisteredServiceServiceProviderMetadataFacade.get(resolver, saml, entityId);
        if (facade == null || !facade.isPresent()) {
            LOGGER.warn("Could not locate metadata for [{}] to process attributes", entityId);
            return super.getAttributesInternal(principal, attributes, service);
        }
        final EntityDescriptor input = facade.get().getEntityDescriptor();
        if (input == null) {
            LOGGER.warn("Could not locate entity descriptor for [{}] to process attributes", entityId);
            return super.getAttributesInternal(principal, attributes, service);
        }
        return getAttributesForSamlRegisteredService(attributes, saml, ctx, resolver, facade.get(), input);
    }
    return super.getAttributesInternal(principal, attributes, service);
}