Example 1 with ArtifactResolutionService
use of org.opensaml.saml.saml2.metadata.ArtifactResolutionService in project pac4j by pac4j.
the class Pac4jHTTPArtifactDecoder method dereferenceArtifact.
/**
* De-reference the supplied artifact into the corresponding SAML protocol message.
*
* @param artifact the artifact to de-reference
* @param peerRoleDescriptor the peer RoleDescriptor
* @param ars the peer's artifact resolution service endpoint
* @return the de-referenced artifact
* @throws MessageDecodingException if there is fatal error, or if the artifact was not successfully resolved
*/
@Nonnull
private SAMLObject dereferenceArtifact(@Nonnull final SAML2Artifact artifact, @Nonnull final RoleDescriptor peerRoleDescriptor, @Nonnull final ArtifactResolutionService ars) throws MessageDecodingException {
try {
final var selfEntityID = resolveSelfEntityID(peerRoleDescriptor);
// TODO can assume/enforce response as ArtifactResponse here?
final var opContext = new SAMLSOAPClientContextBuilder().setOutboundMessage(buildArtifactResolveRequestMessage(artifact, ars.getLocation(), selfEntityID)).setProtocol(SAMLConstants.SAML20P_NS).setPipelineName(getSOAPPipelineName()).setSecurityConfigurationProfileId(getSOAPClientSecurityConfigurationProfileId()).setPeerRoleDescriptor(peerRoleDescriptor).setSelfEntityID(selfEntityID).build();
log.trace("Executing ArtifactResolve over SOAP 1.1 binding to endpoint: {}", ars.getLocation());
soapClient.send(ars.getLocation(), opContext);
final var response = (SAMLObject) opContext.getInboundMessageContext().getMessage();
if (response instanceof ArtifactResponse) {
return validateAndExtractResponseMessage((ArtifactResponse) response);
} else {
throw new MessageDecodingException("SOAP message payload was not an instance of ArtifactResponse: " + response.getClass().getName());
}
} catch (final MessageException | SOAPException | SecurityException e) {
throw new MessageDecodingException("Error dereferencing artifact", e);
}
}
Also used :
MessageDecodingException(org.opensaml.messaging.decoder.MessageDecodingException)
SAMLObject(org.opensaml.saml.common.SAMLObject)
MessageException(org.opensaml.messaging.MessageException)
ArtifactResponse(org.opensaml.saml.saml2.core.ArtifactResponse)
SOAPException(org.opensaml.soap.common.SOAPException)
SecurityException(org.opensaml.security.SecurityException)
SAMLSOAPClientContextBuilder(org.opensaml.saml.common.messaging.soap.SAMLSOAPClientContextBuilder)
Nonnull(javax.annotation.Nonnull)
Example 2 with ArtifactResolutionService
use of org.opensaml.saml.saml2.metadata.ArtifactResolutionService in project pac4j by pac4j.
the class Pac4jHTTPArtifactDecoder method resolveArtifactEndpoint.
/**
* Resolve the artifact resolution endpoint of the peer who issued the artifact.
*
* @param artifact the artifact
* @param peerRoleDescriptor the peer RoleDescriptor
* @return the peer artifact resolution service endpoint
* @throws MessageDecodingException if there is a fatal error resolving the endpoint,
* or the endpoint could not be resolved
*/
@Nonnull
private ArtifactResolutionService resolveArtifactEndpoint(@Nonnull final SAML2Artifact artifact, @Nonnull final RoleDescriptor peerRoleDescriptor) throws MessageDecodingException {
final var roleDescriptorCriterion = new RoleDescriptorCriterion(peerRoleDescriptor);
final var arsTemplate = (ArtifactResolutionService) XMLObjectSupport.buildXMLObject(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
arsTemplate.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
if (artifact instanceof SAMLSourceLocationArtifact) {
arsTemplate.setLocation(((SAMLSourceLocationArtifact) artifact).getSourceLocation());
}
final Integer endpointIndex = SAMLBindingSupport.convertSAML2ArtifactEndpointIndex(artifact.getEndpointIndex());
arsTemplate.setIndex(endpointIndex);
final var endpointCriterion = new EndpointCriterion<ArtifactResolutionService>(arsTemplate, false);
final var criteriaSet = new CriteriaSet(roleDescriptorCriterion, endpointCriterion);
try {
final var ars = artifactEndpointResolver.resolveSingle(criteriaSet);
if (ars != null) {
return ars;
} else {
throw new MessageDecodingException("Unable to resolve ArtifactResolutionService endpoint");
}
} catch (final ResolverException e) {
throw new MessageDecodingException("Unable to resolve ArtifactResolutionService endpoint");
}
}
Also used :
MessageDecodingException(org.opensaml.messaging.decoder.MessageDecodingException)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
RoleDescriptorCriterion(org.opensaml.saml.criterion.RoleDescriptorCriterion)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
ArtifactResolutionService(org.opensaml.saml.saml2.metadata.ArtifactResolutionService)
EndpointCriterion(org.opensaml.saml.criterion.EndpointCriterion)
SAMLSourceLocationArtifact(org.opensaml.saml.common.binding.artifact.SAMLSourceLocationArtifact)
Nonnull(javax.annotation.Nonnull)
Aggregations
Nonnull (javax.annotation.Nonnull)2
MessageDecodingException (org.opensaml.messaging.decoder.MessageDecodingException)2
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1
MessageException (org.opensaml.messaging.MessageException)1
SAMLObject (org.opensaml.saml.common.SAMLObject)1
SAMLSourceLocationArtifact (org.opensaml.saml.common.binding.artifact.SAMLSourceLocationArtifact)1
SAMLSOAPClientContextBuilder (org.opensaml.saml.common.messaging.soap.SAMLSOAPClientContextBuilder)1
EndpointCriterion (org.opensaml.saml.criterion.EndpointCriterion)1
RoleDescriptorCriterion (org.opensaml.saml.criterion.RoleDescriptorCriterion)1
ArtifactResponse (org.opensaml.saml.saml2.core.ArtifactResponse)1
ArtifactResolutionService (org.opensaml.saml.saml2.metadata.ArtifactResolutionService)1
SecurityException (org.opensaml.security.SecurityException)1
SOAPException (org.opensaml.soap.common.SOAPException)1
