Examples with Endpoint org.opensaml.saml.saml2.metadata.Endpoint used on opensource projects

Search in sources :

Example 21 with Endpoint

use of org.opensaml.saml.saml2.metadata.Endpoint in project verify-hub by alphagov.

the class HubMetadataIntegrationTests method getIdpMetadataFromApi_shouldWork.

@Test
public void getIdpMetadataFromApi_shouldWork() {
    SamlDto samlDto = client.getTargetMain(UriBuilder.fromPath("/API/metadata/idp").build(), SamlDto.class);
    EntityDescriptor entityDescriptor = getEntityDescriptor(samlDto);
    assertThat(entityDescriptor.getEntityID()).isEqualTo(HUB_ENTITY_ID);
    assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS)).isNull();
    assertThat(entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)).isNotNull();
    List<KeyDescriptor> keyDescriptors = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
    // this is a bit fragile and dependent on the ordering of IDPs and in federation metadata
    // this endpoint should be removed soon though...
    assertThat(keyDescriptors).hasSize(7);
    // signing certificates
    validateKeyDescriptor(keyDescriptors, 0, HUB_ENTITY_ID);
    validateKeyDescriptor(keyDescriptors, 1, HUB_ENTITY_ID, TestCertificateStrings.PUBLIC_SIGNING_CERTS.get(HUB_SECONDARY_ENTITY_ID));
    validateKeyDescriptor(keyDescriptors, 2, STUB_IDP_ONE);
    validateKeyDescriptor(keyDescriptors, 3, STUB_IDP_TWO);
    validateKeyDescriptor(keyDescriptors, 4, STUB_IDP_THREE);
    validateKeyDescriptor(keyDescriptors, 5, STUB_IDP_FOUR);
    // encryption certificate
    assertThat(getKeyName(keyDescriptors, 6)).isEqualTo(HUB_ENTITY_ID);
    assertThat(getCertificateData(keyDescriptors, 6)).isEqualTo(TestCertificateStrings.getPrimaryPublicEncryptionCert(HUB_ENTITY_ID));
    assertThat(entityDescriptor.getValidUntil()).isEqualTo(DateTime.now(DateTimeZone.UTC).plusHours(1));
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SamlDto(uk.gov.ida.hub.samlproxy.domain.SamlDto) Test(org.junit.jupiter.api.Test)

Example 22 with Endpoint

use of org.opensaml.saml.saml2.metadata.Endpoint in project cas by apereo.

the class SamlIdPUtils method preparePeerEntitySamlEndpointContext.

/**
 * Prepare peer entity saml endpoint.
 *
 * @param outboundContext the outbound context
 * @param adaptor         the adaptor
 * @param binding         the binding
 * @throws SamlException the saml exception
 */
public static void preparePeerEntitySamlEndpointContext(final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    if (!adaptor.containsAssertionConsumerServices()) {
        throw new SamlException("No assertion consumer service could be found for entity " + adaptor.getEntityId());
    }
    final SAMLPeerEntityContext peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true);
    if (peerEntityContext == null) {
        throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + adaptor.getEntityId());
    }
    peerEntityContext.setEntityId(adaptor.getEntityId());
    final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
    if (endpointContext == null) {
        throw new SamlException("SAMLEndpointContext could not be defined for entity " + adaptor.getEntityId());
    }
    final Endpoint endpoint = adaptor.getAssertionConsumerService(binding);
    if (StringUtils.isBlank(endpoint.getBinding()) || StringUtils.isBlank(endpoint.getLocation())) {
        throw new SamlException("Assertion consumer service does not define a binding or location for " + adaptor.getEntityId());
    }
    LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding());
    endpointContext.setEndpoint(endpoint);
}
Also used : SAMLEndpointContext(org.opensaml.saml.common.messaging.context.SAMLEndpointContext) Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)

Example 23 with Endpoint

use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method isValidBearerSubjectConfirmationData.

/**
 * Validate Bearer subject confirmation data
 * - notBefore
 * - NotOnOrAfter
 * - recipient
 *
 * @param data    the data
 * @param context the context
 * @return true if all Bearer subject checks are passing
 */
protected final boolean isValidBearerSubjectConfirmationData(final SubjectConfirmationData data, final SAML2MessageContext context) {
    if (data == null) {
        logger.debug("SubjectConfirmationData cannot be null for Bearer confirmation");
        return false;
    }
    if (data.getNotBefore() != null) {
        logger.debug("SubjectConfirmationData notBefore must be null for Bearer confirmation");
        return false;
    }
    if (data.getNotOnOrAfter() == null) {
        logger.debug("SubjectConfirmationData notOnOrAfter cannot be null for Bearer confirmation");
        return false;
    }
    if (data.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) {
        logger.debug("SubjectConfirmationData notOnOrAfter is too old");
        return false;
    }
    try {
        if (data.getRecipient() == null) {
            logger.debug("SubjectConfirmationData recipient cannot be null for Bearer confirmation");
            return false;
        } else {
            final Endpoint endpoint = context.getSAMLEndpointContext().getEndpoint();
            if (endpoint == null) {
                logger.warn("No endpoint was found in the SAML endpoint context");
                return false;
            }
            final URI recipientUri = new URI(data.getRecipient());
            final URI appEndpointUri = new URI(endpoint.getLocation());
            if (!UriUtils.urisEqualAfterPortNormalization(recipientUri, appEndpointUri)) {
                logger.debug("SubjectConfirmationData recipient {} does not match SP assertion consumer URL, found. " + "SP ACS URL from context: {}", recipientUri, appEndpointUri);
                return false;
            }
        }
    } catch (URISyntaxException use) {
        logger.error("Unable to check SubjectConfirmationData recipient, a URI has invalid syntax.", use);
        return false;
    }
    return true;
}
Also used : Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI)

Example 24 with Endpoint

use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.

the class Pac4jHTTPRedirectDeflateEncoder method buildRedirectURL.

/**
 * Builds the URL to redirect the client to.
 *
 * @param messageContext current message context
 * @param endpoint endpoint URL to send encoded message to
 * @param message Deflated and Base64 encoded message
 *
 * @return URL to redirect client to
 *
 * @throws MessageEncodingException thrown if the SAML message is neither a RequestAbstractType or Response
 */
protected String buildRedirectURL(MessageContext<SAMLObject> messageContext, String endpoint, String message) throws MessageEncodingException {
    log.debug("Building URL to redirect client to");
    URLBuilder urlBuilder = null;
    try {
        urlBuilder = new URLBuilder(endpoint);
    } catch (MalformedURLException e) {
        throw new MessageEncodingException("Endpoint URL " + endpoint + " is not a valid URL", e);
    }
    List<Pair<String, String>> queryParams = urlBuilder.getQueryParams();
    queryParams.clear();
    SAMLObject outboundMessage = messageContext.getMessage();
    if (outboundMessage instanceof RequestAbstractType) {
        queryParams.add(new Pair<>("SAMLRequest", message));
    } else if (outboundMessage instanceof StatusResponseType) {
        queryParams.add(new Pair<>("SAMLResponse", message));
    } else {
        throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
    }
    String relayState = SAMLBindingSupport.getRelayState(messageContext);
    if (SAMLBindingSupport.checkRelayState(relayState)) {
        queryParams.add(new Pair<>("RelayState", relayState));
    }
    SignatureSigningParameters signingParameters = SAMLMessageSecuritySupport.getContextSigningParameters(messageContext);
    if (signingParameters != null && signingParameters.getSigningCredential() != null) {
        String sigAlgURI = getSignatureAlgorithmURI(signingParameters);
        Pair<String, String> sigAlg = new Pair<>("SigAlg", sigAlgURI);
        queryParams.add(sigAlg);
        String sigMaterial = urlBuilder.buildQueryString();
        queryParams.add(new Pair<>("Signature", generateSignature(signingParameters.getSigningCredential(), sigAlgURI, sigMaterial)));
    } else {
        log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing");
    }
    return urlBuilder.buildURL();
}
Also used : MalformedURLException(java.net.MalformedURLException) SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) SAMLObject(org.opensaml.saml.common.SAMLObject) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException) StatusResponseType(org.opensaml.saml.saml2.core.StatusResponseType) URLBuilder(net.shibboleth.utilities.java.support.net.URLBuilder) Pair(net.shibboleth.utilities.java.support.collection.Pair)

Example 25 with Endpoint

use of org.opensaml.saml.saml2.metadata.Endpoint in project pac4j by pac4j.

the class Pac4jHTTPArtifactDecoder method resolveArtifactEndpoint.

/**
 * Resolve the artifact resolution endpoint of the peer who issued the artifact.
 *
 * @param artifact           the artifact
 * @param peerRoleDescriptor the peer RoleDescriptor
 * @return the peer artifact resolution service endpoint
 * @throws MessageDecodingException if there is a fatal error resolving the endpoint,
 *                                  or the endpoint could not be resolved
 */
@Nonnull
private ArtifactResolutionService resolveArtifactEndpoint(@Nonnull final SAML2Artifact artifact, @Nonnull final RoleDescriptor peerRoleDescriptor) throws MessageDecodingException {
    final var roleDescriptorCriterion = new RoleDescriptorCriterion(peerRoleDescriptor);
    final var arsTemplate = (ArtifactResolutionService) XMLObjectSupport.buildXMLObject(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
    arsTemplate.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
    if (artifact instanceof SAMLSourceLocationArtifact) {
        arsTemplate.setLocation(((SAMLSourceLocationArtifact) artifact).getSourceLocation());
    }
    final Integer endpointIndex = SAMLBindingSupport.convertSAML2ArtifactEndpointIndex(artifact.getEndpointIndex());
    arsTemplate.setIndex(endpointIndex);
    final var endpointCriterion = new EndpointCriterion<ArtifactResolutionService>(arsTemplate, false);
    final var criteriaSet = new CriteriaSet(roleDescriptorCriterion, endpointCriterion);
    try {
        final var ars = artifactEndpointResolver.resolveSingle(criteriaSet);
        if (ars != null) {
            return ars;
        } else {
            throw new MessageDecodingException("Unable to resolve ArtifactResolutionService endpoint");
        }
    } catch (final ResolverException e) {
        throw new MessageDecodingException("Unable to resolve ArtifactResolutionService endpoint");
    }
}
Also used : MessageDecodingException(org.opensaml.messaging.decoder.MessageDecodingException) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) RoleDescriptorCriterion(org.opensaml.saml.criterion.RoleDescriptorCriterion) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) ArtifactResolutionService(org.opensaml.saml.saml2.metadata.ArtifactResolutionService) EndpointCriterion(org.opensaml.saml.criterion.EndpointCriterion) SAMLSourceLocationArtifact(org.opensaml.saml.common.binding.artifact.SAMLSourceLocationArtifact) Nonnull(javax.annotation.Nonnull)

Aggregations

Endpoint (org.opensaml.saml.saml2.metadata.Endpoint)6 SAMLObject (org.opensaml.saml.common.SAMLObject)5 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)5 RequestAbstractType (org.opensaml.saml.saml2.core.RequestAbstractType)5 lombok.val (lombok.val)4 MessageDecodingException (org.opensaml.messaging.decoder.MessageDecodingException)4 MessageEncodingException (org.opensaml.messaging.encoder.MessageEncodingException)4 StatusResponseType (org.opensaml.saml.saml2.core.StatusResponseType)4 ArrayList (java.util.ArrayList)3 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)3 DateTime (org.joda.time.DateTime)3 SignableSAMLObject (org.opensaml.saml.common.SignableSAMLObject)3 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)3 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)3 Endpoint (org.opensaml.saml2.metadata.Endpoint)3 MalformedURLException (java.net.MalformedURLException)2 URI (java.net.URI)2 URISyntaxException (java.net.URISyntaxException)2 HashMap (java.util.HashMap)2 Nonnull (javax.annotation.Nonnull)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial