use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SamlProfileSamlSubjectBuilder method buildSubject.
private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response, assertion, service, adaptor);
final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(), authnRequest.getAssertionConsumerServiceURL(), validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
subject.setNameID(nameID);
return subject;
}
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method encode.
@Override
protected Response encode(final SamlRegisteredService service, final Response samlResponse, final HttpServletResponse httpResponse, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String relayState) throws SamlException {
try {
final HTTPPostEncoder encoder = new HTTPPostEncoder();
encoder.setHttpServletResponse(httpResponse);
encoder.setVelocityEngine(this.velocityEngineFactory.createVelocityEngine());
final MessageContext outboundMessageContext = new MessageContext<>();
SamlIdPUtils.preparePeerEntitySamlEndpointContext(outboundMessageContext, adaptor);
outboundMessageContext.setMessage(samlResponse);
SAMLBindingSupport.setRelayState(outboundMessageContext, relayState);
encoder.setMessageContext(outboundMessageContext);
encoder.initialize();
encoder.encode();
return samlResponse;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.
@Override
protected Envelope buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final Response ecpResponse = newEcpResponse(adaptor.getAssertionConsumerService().getLocation());
final Header header = newSoapObject(Header.class);
header.getUnknownXMLObjects().add(ecpResponse);
final Body body = newSoapObject(Body.class);
final org.opensaml.saml.saml2.core.Response saml2Response = (org.opensaml.saml.saml2.core.Response) saml2ResponseBuilder.build(authnRequest, request, response, casAssertion, service, adaptor);
body.getUnknownXMLObjects().add(saml2Response);
final Envelope envelope = newSoapObject(Envelope.class);
envelope.setHeader(header);
envelope.setBody(body);
return envelope;
}
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SSOPostProfileCallbackHandlerController method handleCallbackProfileRequest.
/**
* Handle callback profile request.
*
* @param response the response
* @param request the request
* @throws Exception the exception
*/
@GetMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK)
protected void handleCallbackProfileRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
final AuthnRequest authnRequest = retrieveSamlAuthenticationRequestFromHttpRequest(request);
if (authnRequest == null) {
LOGGER.error("Can not validate the request because the original Authn request can not be found.");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
if (StringUtils.isBlank(ticket)) {
LOGGER.error("Can not validate the request because no [{}] is provided via the request", CasProtocolConstants.PARAMETER_TICKET);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
final Pair<AuthnRequest, MessageContext> authenticationContext = buildAuthenticationContextPair(request, authnRequest);
final Assertion assertion = validateRequestAndBuildCasAssertion(response, request, authenticationContext);
buildSamlResponse(response, request, authenticationContext, assertion);
}
use of org.opensaml.saml.saml2.ecp.Response in project ddf by codice.
the class LogoutRequestService method getLogoutRequest.
@GET
public Response getLogoutRequest(@QueryParam(SAML_REQUEST) String deflatedSamlRequest, @QueryParam(SAML_RESPONSE) String deflatedSamlResponse, @QueryParam(RELAY_STATE) String relayState, @QueryParam(SIG_ALG) String signatureAlgorithm, @QueryParam(SIGNATURE) String signature) {
if (deflatedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(deflatedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlRequest, relayState, signatureAlgorithm, signature, logoutRequest);
logout();
String entityId = getEntityId();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(entityId, StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (IOException e) {
String msg = "Unable to decode and inflate logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(deflatedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlResponse, relayState, signatureAlgorithm, signature, logoutResponse);
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
} catch (IOException e) {
String msg = "Unable to decode and inflate logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
}
}
Aggregations