use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project cas by apereo.
the class SamlSPUtils method newSamlServiceProviderService.
/**
* New saml service provider registration.
*
* @param sp the properties
* @param resolver the resolver
* @return the saml registered service
*/
public static SamlRegisteredService newSamlServiceProviderService(final AbstractSamlSPProperties sp, final SamlRegisteredServiceCachingMetadataResolver resolver) {
if (StringUtils.isBlank(sp.getMetadata())) {
LOGGER.debug("Skipped registration of [{}] since no metadata location is found", sp.getName());
return null;
}
try {
final SamlRegisteredService service = new SamlRegisteredService();
service.setName(sp.getName());
service.setDescription(sp.getDescription());
service.setEvaluationOrder(Integer.MIN_VALUE);
service.setMetadataLocation(sp.getMetadata());
final List<String> attributesToRelease = new ArrayList<>(sp.getAttributes());
if (StringUtils.isNotBlank(sp.getNameIdAttribute())) {
attributesToRelease.add(sp.getNameIdAttribute());
service.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider(sp.getNameIdAttribute()));
}
if (StringUtils.isNotBlank(sp.getNameIdFormat())) {
service.setRequiredNameIdFormat(sp.getNameIdFormat());
}
final Map<String, String> attributes = Beans.transformPrincipalAttributesListIntoMap(attributesToRelease);
service.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy(attributes));
service.setMetadataCriteriaRoles(SPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart());
service.setMetadataCriteriaRemoveEmptyEntitiesDescriptors(true);
service.setMetadataCriteriaRemoveRolelessEntityDescriptors(true);
if (StringUtils.isNotBlank(sp.getSignatureLocation())) {
service.setMetadataSignatureLocation(sp.getSignatureLocation());
}
final List<String> entityIDList = sp.getEntityIds();
if (entityIDList.isEmpty()) {
final ChainingMetadataResolver chainingResolver = resolver.resolve(service);
if (chainingResolver.getResolvers().isEmpty()) {
LOGGER.warn("Skipped registration of [{}] since no metadata resolver could be constructed", sp.getName());
return null;
}
chainingResolver.getResolvers().forEach(r -> {
if (r instanceof AbstractBatchMetadataResolver) {
final Iterator<EntityDescriptor> it = ((AbstractBatchMetadataResolver) r).iterator();
final Optional<EntityDescriptor> descriptor = StreamSupport.stream(Spliterators.spliteratorUnknownSize(it, Spliterator.ORDERED), false).filter(e -> e.getSPSSODescriptor(SAMLConstants.SAML20P_NS) != null).findFirst();
if (descriptor.isPresent()) {
entityIDList.add(descriptor.get().getEntityID());
} else {
LOGGER.warn("Skipped registration of [{}] since no entity id could be found", sp.getName());
}
}
});
}
if (entityIDList.isEmpty()) {
LOGGER.warn("Skipped registration of [{}] since no metadata entity ids could be found", sp.getName());
return null;
}
final String entityIds = org.springframework.util.StringUtils.collectionToDelimitedString(entityIDList, "|");
service.setMetadataCriteriaDirection(PredicateFilter.Direction.INCLUDE.name());
service.setMetadataCriteriaPattern(entityIds);
LOGGER.debug("Registering saml service [{}] by entity id [{}]", sp.getName(), entityIds);
service.setServiceId(entityIds);
return service;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project cas by apereo.
the class BaseSamlRegisteredServiceAttributeReleasePolicy method getAttributesInternal.
@Override
protected Map<String, Object> getAttributesInternal(final Map<String, Object> attrs, final RegisteredService service) {
if (service instanceof SamlRegisteredService) {
final SamlRegisteredService saml = (SamlRegisteredService) service;
final HttpServletRequest request = WebUtils.getHttpServletRequestFromRequestAttributes();
if (request == null) {
LOGGER.warn("Could not locate the request context to process attributes");
return super.getAttributesInternal(attrs, service);
}
String entityId = request.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
if (StringUtils.isBlank(entityId)) {
final String svcParam = request.getParameter(CasProtocolConstants.PARAMETER_SERVICE);
if (StringUtils.isNotBlank(svcParam)) {
try {
final URIBuilder builder = new URIBuilder(svcParam);
entityId = builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).map(NameValuePair::getValue).findFirst().orElse(StringUtils.EMPTY);
} catch (final Exception e) {
LOGGER.error(e.getMessage());
}
}
}
final ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
if (ctx == null) {
LOGGER.warn("Could not locate the application context to process attributes");
return super.getAttributesInternal(attrs, service);
}
final SamlRegisteredServiceCachingMetadataResolver resolver = ctx.getBean("defaultSamlRegisteredServiceCachingMetadataResolver", SamlRegisteredServiceCachingMetadataResolver.class);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> facade = SamlRegisteredServiceServiceProviderMetadataFacade.get(resolver, saml, entityId);
if (facade == null || !facade.isPresent()) {
LOGGER.warn("Could not locate metadata for [{}] to process attributes", entityId);
return super.getAttributesInternal(attrs, service);
}
final EntityDescriptor input = facade.get().getEntityDescriptor();
if (input == null) {
LOGGER.warn("Could not locate entity descriptor for [{}] to process attributes", entityId);
return super.getAttributesInternal(attrs, service);
}
return getAttributesForSamlRegisteredService(attrs, saml, ctx, resolver, facade.get(), input);
}
return super.getAttributesInternal(attrs, service);
}
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project cas by apereo.
the class MetadataUIUtils method locateMetadataUserInterfaceForEntityId.
/**
* Locate mdui for entity id simple metadata ui info.
*
* @param entityDescriptor the entity descriptor
* @param entityId the entity id
* @param registeredService the registered service
* @return the simple metadata ui info
*/
public static SamlMetadataUIInfo locateMetadataUserInterfaceForEntityId(final EntityDescriptor entityDescriptor, final String entityId, final RegisteredService registeredService) {
final SamlMetadataUIInfo mdui = new SamlMetadataUIInfo(registeredService);
if (entityDescriptor == null) {
LOGGER.debug("Entity descriptor not found for [{}]", entityId);
return mdui;
}
final SPSSODescriptor spssoDescriptor = getSPSsoDescriptor(entityDescriptor);
if (spssoDescriptor == null) {
LOGGER.debug("SP SSO descriptor not found for [{}]", entityId);
return mdui;
}
final Extensions extensions = spssoDescriptor.getExtensions();
if (extensions == null) {
LOGGER.debug("No extensions in the SP SSO descriptor are found for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
return mdui;
}
final List<XMLObject> spExtensions = extensions.getUnknownXMLObjects(UIInfo.DEFAULT_ELEMENT_NAME);
if (spExtensions.isEmpty()) {
LOGGER.debug("No extensions in the SP SSO descriptor are located for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
return mdui;
}
spExtensions.stream().filter(UIInfo.class::isInstance).forEach(obj -> {
final UIInfo uiInfo = (UIInfo) obj;
LOGGER.debug("Found MDUI info for [{}]", entityId);
mdui.setUIInfo(uiInfo);
});
return mdui;
}
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project cas by apereo.
the class MetadataUIUtils method getSPSsoDescriptor.
/**
* Gets SP SSO descriptor.
*
* @param entityDescriptor the entity descriptor
* @return the SP SSO descriptor
*/
public static SPSSODescriptor getSPSsoDescriptor(final EntityDescriptor entityDescriptor) {
LOGGER.debug("Locating SP SSO descriptor for SAML2 protocol...");
SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spssoDescriptor == null) {
LOGGER.debug("Locating SP SSO descriptor for SAML11 protocol...");
spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML11P_NS);
}
if (spssoDescriptor == null) {
LOGGER.debug("Locating SP SSO descriptor for SAML1 protocol...");
spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML10P_NS);
}
LOGGER.debug("SP SSO descriptor resolved to be [{}]", spssoDescriptor);
return spssoDescriptor;
}
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class IdpEndpoint method retrieveMetadata.
@GET
@Path("/login/metadata")
@Produces("application/xml")
public Response retrieveMetadata() throws WSSecurityException, CertificateEncodingException {
List<String> nameIdFormats = new ArrayList<>();
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_PERSISTENT);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_UNSPECIFIED);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getSignatureCrypto().getDefaultX509Identifier());
X509Certificate[] certs = systemCrypto.getSignatureCrypto().getX509Certificates(cryptoType);
X509Certificate issuerCert = null;
if (certs != null && certs.length > 0) {
issuerCert = certs[0];
}
cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getEncryptionCrypto().getDefaultX509Identifier());
certs = systemCrypto.getEncryptionCrypto().getX509Certificates(cryptoType);
X509Certificate encryptionCert = null;
if (certs != null && certs.length > 0) {
encryptionCert = certs[0];
}
EntityDescriptor entityDescriptor = SamlProtocol.createIdpMetadata(SystemBaseUrl.constructUrl("/idp/login", true), Base64.getEncoder().encodeToString(issuerCert != null ? issuerCert.getEncoded() : new byte[0]), Base64.getEncoder().encodeToString(encryptionCert != null ? encryptionCert.getEncoded() : new byte[0]), nameIdFormats, SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/logout", true));
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
return Response.ok(DOM2Writer.nodeToString(OpenSAMLUtil.toDom(entityDescriptor, doc, false))).build();
}
Aggregations