use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.
the class Pac4jHTTPPostEncoder method populateVelocityContext.
/**
* Populate the Velocity context instance which will be used to render the POST body.
*
* @param velocityContext the Velocity context instance to populate with data
* @param messageContext the SAML message context source of data
* @param endpointURL endpoint URL to which to encode message
* @throws MessageEncodingException thrown if there is a problem encoding the message
*/
protected void populateVelocityContext(VelocityContext velocityContext, MessageContext<SAMLObject> messageContext, String endpointURL) throws MessageEncodingException {
String encodedEndpointURL = HTMLEncoder.encodeForHTMLAttribute(endpointURL);
log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
velocityContext.put("action", encodedEndpointURL);
velocityContext.put("binding", getBindingURI());
SAMLObject outboundMessage = messageContext.getMessage();
log.debug("Marshalling and Base64 encoding SAML message");
Element domMessage = marshallMessage(outboundMessage);
String messageXML = SerializeSupport.nodeToString(domMessage);
log.trace("Output XML message: {}", messageXML);
String encodedMessage = Base64Support.encode(messageXML.getBytes(StandardCharsets.UTF_8), Base64Support.UNCHUNKED);
if (outboundMessage instanceof RequestAbstractType) {
velocityContext.put("SAMLRequest", encodedMessage);
} else if (outboundMessage instanceof StatusResponseType) {
velocityContext.put("SAMLResponse", encodedMessage);
} else {
throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
String relayState = SAMLBindingSupport.getRelayState(messageContext);
if (SAMLBindingSupport.checkRelayState(relayState)) {
String encodedRelayState = HTMLEncoder.encodeForHTMLAttribute(relayState);
log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodedRelayState);
velocityContext.put("RelayState", encodedRelayState);
}
}
use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.
the class Pac4jHTTPRedirectDeflateEncoder method buildRedirectURL.
/**
* Builds the URL to redirect the client to.
*
* @param messageContext current message context
* @param endpoint endpoint URL to send encoded message to
* @param message Deflated and Base64 encoded message
*
* @return URL to redirect client to
*
* @throws MessageEncodingException thrown if the SAML message is neither a RequestAbstractType or Response
*/
protected String buildRedirectURL(final MessageContext messageContext, final String endpoint, final String message) throws MessageEncodingException {
log.debug("Building URL to redirect client to");
final URLBuilder urlBuilder;
try {
urlBuilder = new URLBuilder(endpoint);
} catch (final MalformedURLException e) {
throw new MessageEncodingException("Endpoint URL " + endpoint + " is not a valid URL", e);
}
final var queryParams = urlBuilder.getQueryParams();
// remove the query parameters set below
queryParams.removeIf(p -> p.getFirst().equals("SAMLRequest") || p.getFirst().equals("SAMLResponse") || p.getFirst().equals("RelayState") || p.getFirst().equals("SigAlg") || p.getFirst().equals("Signature"));
final var outboundMessage = (SAMLObject) messageContext.getMessage();
if (outboundMessage instanceof RequestAbstractType) {
queryParams.add(new Pair<>("SAMLRequest", message));
} else if (outboundMessage instanceof StatusResponseType) {
queryParams.add(new Pair<>("SAMLResponse", message));
} else {
throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
final var relayState = SAMLBindingSupport.getRelayState(messageContext);
if (SAMLBindingSupport.checkRelayState(relayState)) {
queryParams.add(new Pair<>("RelayState", relayState));
}
if (isAuthnRequestSigned) {
final var signingParameters = SAMLMessageSecuritySupport.getContextSigningParameters(messageContext);
if (signingParameters != null && signingParameters.getSigningCredential() != null) {
final var sigAlgURI = getSignatureAlgorithmURI(signingParameters);
final var sigAlg = new Pair<String, String>("SigAlg", sigAlgURI);
queryParams.add(sigAlg);
final var sigMaterial = urlBuilder.buildQueryString();
queryParams.add(new Pair<>("Signature", generateSignature(signingParameters.getSigningCredential(), sigAlgURI, sigMaterial)));
} else {
log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing");
}
}
return urlBuilder.buildURL();
}
use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.
the class Pac4jHTTPArtifactDecoder method dereferenceArtifact.
/**
* De-reference the supplied artifact into the corresponding SAML protocol message.
*
* @param artifact the artifact to de-reference
* @param peerRoleDescriptor the peer RoleDescriptor
* @param ars the peer's artifact resolution service endpoint
* @return the de-referenced artifact
* @throws MessageDecodingException if there is fatal error, or if the artifact was not successfully resolved
*/
@Nonnull
private SAMLObject dereferenceArtifact(@Nonnull final SAML2Artifact artifact, @Nonnull final RoleDescriptor peerRoleDescriptor, @Nonnull final ArtifactResolutionService ars) throws MessageDecodingException {
try {
final var selfEntityID = resolveSelfEntityID(peerRoleDescriptor);
// TODO can assume/enforce response as ArtifactResponse here?
final var opContext = new SAMLSOAPClientContextBuilder().setOutboundMessage(buildArtifactResolveRequestMessage(artifact, ars.getLocation(), selfEntityID)).setProtocol(SAMLConstants.SAML20P_NS).setPipelineName(getSOAPPipelineName()).setSecurityConfigurationProfileId(getSOAPClientSecurityConfigurationProfileId()).setPeerRoleDescriptor(peerRoleDescriptor).setSelfEntityID(selfEntityID).build();
log.trace("Executing ArtifactResolve over SOAP 1.1 binding to endpoint: {}", ars.getLocation());
soapClient.send(ars.getLocation(), opContext);
final var response = (SAMLObject) opContext.getInboundMessageContext().getMessage();
if (response instanceof ArtifactResponse) {
return validateAndExtractResponseMessage((ArtifactResponse) response);
} else {
throw new MessageDecodingException("SOAP message payload was not an instance of ArtifactResponse: " + response.getClass().getName());
}
} catch (final MessageException | SOAPException | SecurityException e) {
throw new MessageDecodingException("Error dereferencing artifact", e);
}
}
use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.
the class Pac4jHTTPPostEncoder method populateVelocityContext.
/**
* Populate the Velocity context instance which will be used to render the POST body.
*
* @param velocityContext the Velocity context instance to populate with data
* @param messageContext the SAML message context source of data
* @param endpointURL endpoint URL to which to encode message
* @throws MessageEncodingException thrown if there is a problem encoding the message
*/
protected void populateVelocityContext(final VelocityContext velocityContext, final MessageContext messageContext, final String endpointURL) throws MessageEncodingException {
final var encodedEndpointURL = HTMLEncoder.encodeForHTMLAttribute(endpointURL);
log.debug("Encoding action url of '{}' with encoded value '{}'", endpointURL, encodedEndpointURL);
velocityContext.put("action", encodedEndpointURL);
velocityContext.put("binding", getBindingURI());
final var outboundMessage = (SAMLObject) messageContext.getMessage();
log.debug("Marshalling and Base64 encoding SAML message");
final var domMessage = marshallMessage(outboundMessage);
final var messageXML = SerializeSupport.nodeToString(domMessage);
log.trace("Output XML message: {}", messageXML);
final String encodedMessage;
try {
encodedMessage = Base64Support.encode(messageXML.getBytes(StandardCharsets.UTF_8), Base64Support.UNCHUNKED);
} catch (final Exception e) {
throw new MessageEncodingException(e);
}
if (outboundMessage instanceof RequestAbstractType) {
velocityContext.put("SAMLRequest", encodedMessage);
} else if (outboundMessage instanceof StatusResponseType) {
velocityContext.put("SAMLResponse", encodedMessage);
} else {
throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
final var relayState = SAMLBindingSupport.getRelayState(messageContext);
if (SAMLBindingSupport.checkRelayState(relayState)) {
final var encodedRelayState = HTMLEncoder.encodeForHTMLAttribute(relayState);
log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodedRelayState);
velocityContext.put("RelayState", encodedRelayState);
}
}
use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.
the class SAML2LogoutValidator method validateDestinationEndpoint.
protected void validateDestinationEndpoint(final LogoutResponse logoutResponse, final SAML2MessageContext context) {
final List<String> expected = new ArrayList<>();
if (StringUtils.isBlank(this.expectedDestination)) {
final Endpoint endpoint = Objects.requireNonNull(context.getSPSSODescriptor().getSingleLogoutServices().get(0));
if (endpoint.getLocation() != null) {
expected.add(endpoint.getLocation());
}
if (endpoint.getResponseLocation() != null) {
expected.add(endpoint.getResponseLocation());
}
} else {
expected.add(this.expectedDestination);
}
final boolean isDestinationMandatory = context.getSAML2Configuration().isResponseDestinationAttributeMandatory();
verifyEndpoint(expected, logoutResponse.getDestination(), isDestinationMandatory);
}
Aggregations