Example 1 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class GoogleAccountsServiceResponseBuilder method constructSamlResponse.
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
*
* @param service the service
* @return the SAML response
*/
protected String constructSamlResponse(final GoogleAccountsService service) {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService registeredService = servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}
final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service);
final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, service.getId(), service);
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix, notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant, currentDateTime.plusSeconds(this.skewAllowance), service.getId());
assertion.setConditions(conditions);
final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId, service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final StringWriter writer = new StringWriter();
this.samlObjectBuilder.marshalSamlXmlObject(response, writer);
final String result = writer.toString();
LOGGER.debug("Generated Google SAML response: [{}]", result);
return result;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Assertion(org.opensaml.saml.saml2.core.Assertion)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
SecureRandom(java.security.SecureRandom)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Subject(org.opensaml.saml.saml2.core.Subject)
StringWriter(java.io.StringWriter)
ZonedDateTime(java.time.ZonedDateTime)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
Example 2 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method build.
@Override
public T build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response, final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor);
final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response);
return encodeFinalResponse(request, response, service, adaptor, finalResponse);
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Example 3 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method encryptAssertion.
/**
* Encrypt assertion.
*
* @param assertion the assertion
* @param request the request
* @param response the response
* @param service the service
* @param adaptor the adaptor
* @return the saml object
* @throws SamlException the saml exception
*/
protected SAMLObject encryptAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
try {
if (service.isEncryptAssertions()) {
LOGGER.info("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
final EncryptedAssertion encryptedAssertion = this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
return encryptedAssertion;
}
LOGGER.info("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
return assertion;
} catch (final Exception e) {
throw new SamlException("Unable to marshall assertion for encryption", e);
}
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
SamlException(org.apereo.cas.support.saml.SamlException)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 4 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
}
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Status(org.opensaml.saml.saml2.core.Status)
SAMLObject(org.opensaml.saml.common.SAMLObject)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SecureRandom(java.security.SecureRandom)
Example 5 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SSOPostProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.
private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
final AuthnRequest authnRequest = pair.getKey();
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(this.serverPrefix);
validator.setRenew(authnRequest.isForceAuthn());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url for validation: [{}]", serviceUrl);
final Assertion assertion = validator.validate(ticket, serviceUrl);
logCasValidationAssertion(assertion);
return assertion;
}
Also used :
Cas30ServiceTicketValidator(org.jasig.cas.client.validation.Cas30ServiceTicketValidator)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Assertion(org.jasig.cas.client.validation.Assertion)
Aggregations
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)25
Response (javax.ws.rs.core.Response)19
Test (org.junit.Test)16
Matchers.anyString (org.mockito.Matchers.anyString)15
IOException (java.io.IOException)13
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)11
Document (org.w3c.dom.Document)10
ValidationException (ddf.security.samlp.ValidationException)9
Assertion (org.opensaml.saml.saml2.core.Assertion)9
Response (org.opensaml.saml.saml2.core.Response)9
Path (javax.ws.rs.Path)7
XMLStreamException (javax.xml.stream.XMLStreamException)7
GET (javax.ws.rs.GET)6
DateTime (org.joda.time.DateTime)6
MessageContext (org.opensaml.messaging.context.MessageContext)6
SimpleSign (ddf.security.samlp.SimpleSign)5
NewCookie (javax.ws.rs.core.NewCookie)5
Element (org.w3c.dom.Element)5
