Example 6 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class SSOPostProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.
private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
final AuthnRequest authnRequest = pair.getKey();
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(this.serverPrefix);
validator.setRenew(authnRequest.isForceAuthn());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url for validation: [{}]", serviceUrl);
final Assertion assertion = validator.validate(ticket, serviceUrl);
logCasValidationAssertion(assertion);
return assertion;
}
Also used :
Cas30ServiceTicketValidator(org.jasig.cas.client.validation.Cas30ServiceTicketValidator)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Assertion(org.jasig.cas.client.validation.Assertion)
Example 7 with Response
use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newSubject.
/**
* New subject element.
*
* @param nameIdFormat the name id format
* @param nameIdValue the name id value
* @param recipient the recipient
* @param notOnOrAfter the not on or after
* @param inResponseTo the in response to
* @return the subject
*/
public Subject newSubject(final String nameIdFormat, final String nameIdValue, final String recipient, final ZonedDateTime notOnOrAfter, final String inResponseTo) {
final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class);
confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
final SubjectConfirmationData data = newSamlObject(SubjectConfirmationData.class);
data.setRecipient(recipient);
data.setNotOnOrAfter(DateTimeUtils.dateTimeOf(notOnOrAfter));
data.setInResponseTo(inResponseTo);
confirmation.setSubjectConfirmationData(data);
final Subject subject = newSamlObject(Subject.class);
subject.setNameID(getNameID(nameIdFormat, nameIdValue));
subject.getSubjectConfirmations().add(confirmation);
return subject;
}
Also used :
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData)
Subject(org.opensaml.saml.saml2.core.Subject)
Example 8 with Response
use of org.opensaml.saml.saml2.ecp.Response in project ddf by codice.
the class IdpHandler method doHttpPostBinding.
private void doHttpPostBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
try {
IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
if (idpssoDescriptor == null) {
throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
}
response.getWriter().printf(postBindingTemplate, idpMetadata.getSingleSignOnLocation(), encodeAuthnRequest(createAndSignAuthnRequest(true, idpssoDescriptor.getWantAuthnRequestsSigned()), true), createRelayState(request));
response.setStatus(200);
response.flushBuffer();
} catch (IOException e) {
LOGGER.info("Unable to post AuthnRequest to IdP", e);
throw new ServletException("Unable to post to IdP");
}
}
Also used :
ServletException(javax.servlet.ServletException)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
IOException(java.io.IOException)
Example 9 with Response
use of org.opensaml.saml.saml2.ecp.Response in project ddf by codice.
the class IdpHandler method doHttpRedirectBinding.
private void doHttpRedirectBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
String redirectUrl;
String idpRequest = null;
String relayState = createRelayState(request);
try {
IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
if (idpssoDescriptor == null) {
throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
}
String queryParams = String.format("SAMLRequest=%s&RelayState=%s", encodeAuthnRequest(createAndSignAuthnRequest(false, idpssoDescriptor.getWantAuthnRequestsSigned()), false), URLEncoder.encode(relayState, "UTF-8"));
idpRequest = idpMetadata.getSingleSignOnLocation() + "?" + queryParams;
UriBuilder idpUri = new UriBuilderImpl(new URI(idpRequest));
simpleSign.signUriString(queryParams, idpUri);
redirectUrl = idpUri.build().toString();
} catch (UnsupportedEncodingException e) {
LOGGER.info("Unable to encode relay state: {}", relayState, e);
throw new ServletException("Unable to create return location");
} catch (SimpleSign.SignatureException e) {
String msg = "Unable to sign request";
LOGGER.info(msg, e);
throw new ServletException(msg);
} catch (URISyntaxException e) {
LOGGER.info("Unable to parse IDP request location: {}", idpRequest, e);
throw new ServletException("Unable to determine IDP location.");
}
try {
response.sendRedirect(redirectUrl);
response.flushBuffer();
} catch (IOException e) {
LOGGER.info("Unable to redirect AuthnRequest to {}", redirectUrl, e);
throw new ServletException("Unable to redirect to IdP");
}
}
Also used :
ServletException(javax.servlet.ServletException)
SimpleSign(ddf.security.samlp.SimpleSign)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
UriBuilder(javax.ws.rs.core.UriBuilder)
UriBuilderImpl(org.apache.cxf.jaxrs.impl.UriBuilderImpl)
URI(java.net.URI)
Example 10 with Response
use of org.opensaml.saml.saml2.ecp.Response in project ddf by codice.
the class LogoutRequestServiceTest method testSendLogoutRequestGetRedirectRequest.
@Test
public void testSendLogoutRequestGetRedirectRequest() throws Exception {
String encryptedNameIdWithTime = nameId + "\n" + time;
when(encryptionService.decrypt(any(String.class))).thenReturn(nameId + "\n" + time);
when(logoutMessage.signSamlGetRequest(any(LogoutRequest.class), any(URI.class), anyString())).thenReturn(new URI(logoutUrl));
Response response = logoutRequestService.sendLogoutRequest(encryptedNameIdWithTime);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertTrue("Expected logout url of " + logoutUrl, response.getEntity().toString().contains(logoutUrl));
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Matchers.anyString(org.mockito.Matchers.anyString)
URI(java.net.URI)
Test(org.junit.Test)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)82
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)41
Test (org.junit.Test)41
Element (org.w3c.dom.Element)35
Document (org.w3c.dom.Document)31
DateTime (org.joda.time.DateTime)30
Status (org.opensaml.saml.saml2.core.Status)30
Response (javax.ws.rs.core.Response)29
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)27
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)25
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)23
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)21
Matchers.anyString (org.mockito.Matchers.anyString)20
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)18
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)18
Assertion (org.opensaml.saml.saml2.core.Assertion)18
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)18
InputStream (java.io.InputStream)15
IOException (java.io.IOException)13
Crypto (org.apache.wss4j.common.crypto.Crypto)13
