Example 6 with EntityDescriptor
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class MetadataConfigurationParser method parseEntityDescriptions.
private void parseEntityDescriptions(List<String> entityDescriptions) throws IOException {
String ddfHome = System.getProperty("ddf.home");
for (String entityDescription : entityDescriptions) {
buildEntityDescriptor(entityDescription);
}
Path metadataFolder = Paths.get(ddfHome, ETC_FOLDER, METADATA_ROOT_FOLDER);
try (DirectoryStream<Path> directoryStream = Files.newDirectoryStream(metadataFolder)) {
for (Path path : directoryStream) {
if (Files.isReadable(path)) {
try (InputStream fileInputStream = Files.newInputStream(path)) {
EntityDescriptor entityDescriptor = readEntityDescriptor(new InputStreamReader(fileInputStream, "UTF-8"));
LOGGER.info("entityId = {}", entityDescriptor.getEntityID());
entityDescriptorMap.put(entityDescriptor.getEntityID(), entityDescriptor);
if (updateCallback != null) {
updateCallback.accept(entityDescriptor);
}
}
}
}
} catch (NoSuchFileException e) {
LOGGER.debug("IDP metadata directory is not configured.", e);
}
}
Also used :
Path(java.nio.file.Path)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
InputStreamReader(java.io.InputStreamReader)
InputStream(java.io.InputStream)
NoSuchFileException(java.nio.file.NoSuchFileException)
Example 7 with EntityDescriptor
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class MetadataConfigurationParser method buildEntityDescriptor.
private void buildEntityDescriptor(String entityDescription) throws IOException {
EntityDescriptor entityDescriptor = null;
entityDescription = entityDescription.trim();
if (entityDescription.startsWith(HTTPS) || entityDescription.startsWith(HTTP)) {
if (entityDescription.startsWith(HTTP)) {
LOGGER.warn("Retrieving metadata via HTTP instead of HTTPS. The metadata configuration is unsafe!!!");
}
PropertyResolver propertyResolver = new PropertyResolver(entityDescription);
HttpTransport httpTransport = new NetHttpTransport();
HttpRequest httpRequest = httpTransport.createRequestFactory().buildGetRequest(new GenericUrl(propertyResolver.getResolvedString()));
httpRequest.setUnsuccessfulResponseHandler(new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff()).setBackOffRequired(HttpBackOffUnsuccessfulResponseHandler.BackOffRequired.ALWAYS));
httpRequest.setIOExceptionHandler(new HttpBackOffIOExceptionHandler(new ExponentialBackOff()));
ListeningExecutorService service = MoreExecutors.listeningDecorator(Executors.newSingleThreadExecutor());
ListenableFuture<HttpResponse> httpResponseFuture = service.submit(httpRequest::execute);
Futures.addCallback(httpResponseFuture, new FutureCallback<HttpResponse>() {
@Override
public void onSuccess(HttpResponse httpResponse) {
if (httpResponse != null) {
try {
String parsedResponse = httpResponse.parseAsString();
buildEntityDescriptor(parsedResponse);
} catch (IOException e) {
LOGGER.info("Unable to parse metadata from: {}", httpResponse.getRequest().getUrl().toString(), e);
}
}
}
@Override
public void onFailure(Throwable throwable) {
LOGGER.info("Unable to retrieve metadata.", throwable);
}
});
service.shutdown();
} else if (entityDescription.startsWith(FILE + System.getProperty("ddf.home"))) {
String pathStr = StringUtils.substringAfter(entityDescription, FILE);
Path path = Paths.get(pathStr);
if (Files.isReadable(path)) {
try (InputStream fileInputStream = Files.newInputStream(path)) {
entityDescriptor = readEntityDescriptor(new InputStreamReader(fileInputStream, "UTF-8"));
}
}
} else if (entityDescription.startsWith("<") && entityDescription.endsWith(">")) {
entityDescriptor = readEntityDescriptor(new StringReader(entityDescription));
} else {
LOGGER.info("Skipping unknown metadata configuration value: {}", entityDescription);
}
if (entityDescriptor != null) {
entityDescriptorMap.put(entityDescriptor.getEntityID(), entityDescriptor);
if (updateCallback != null) {
updateCallback.accept(entityDescriptor);
}
}
}
Also used :
HttpRequest(com.google.api.client.http.HttpRequest)
Path(java.nio.file.Path)
HttpBackOffIOExceptionHandler(com.google.api.client.http.HttpBackOffIOExceptionHandler)
HttpBackOffUnsuccessfulResponseHandler(com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler)
InputStreamReader(java.io.InputStreamReader)
InputStream(java.io.InputStream)
HttpResponse(com.google.api.client.http.HttpResponse)
GenericUrl(com.google.api.client.http.GenericUrl)
IOException(java.io.IOException)
PropertyResolver(org.codice.ddf.configuration.PropertyResolver)
ExponentialBackOff(com.google.api.client.util.ExponentialBackOff)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NetHttpTransport(com.google.api.client.http.javanet.NetHttpTransport)
HttpTransport(com.google.api.client.http.HttpTransport)
NetHttpTransport(com.google.api.client.http.javanet.NetHttpTransport)
StringReader(java.io.StringReader)
ListeningExecutorService(com.google.common.util.concurrent.ListeningExecutorService)
Example 8 with EntityDescriptor
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class SamlProtocolTest method testCreateSpMetadata.
@Test
public void testCreateSpMetadata() {
EntityDescriptor entityDescriptor = SamlProtocol.createSpMetadata("myid", "mysigningcert", "myencryptioncert", "logoutlocation", "redirectlocation", "postlocation");
assertEquals("myid", entityDescriptor.getEntityID());
assertEquals("mysigningcert", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue());
assertEquals("myencryptioncert", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getKeyDescriptors().get(1).getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue());
assertEquals("redirectlocation", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getAssertionConsumerServices().get(0).getLocation());
assertEquals("postlocation", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getAssertionConsumerServices().get(1).getLocation());
assertEquals("logoutlocation", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getSingleLogoutServices().get(0).getLocation());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Test(org.junit.Test)
Example 9 with EntityDescriptor
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project cas by apereo.
the class SamlIdPUtils method getAssertionConsumerServiceFor.
/**
* Gets assertion consumer service for.
*
* @param authnRequest the authn request
* @param servicesManager the services manager
* @param resolver the resolver
* @return the assertion consumer service for
*/
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
try {
final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
if (authnRequest.getAssertionConsumerServiceIndex() != null) {
final String issuer = getIssuerFromSamlRequest(authnRequest);
final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion(issuer));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new BindingCriterion(Arrays.asList(SAMLConstants.SAML2_POST_BINDING_URI)));
final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
it.forEach(entityDescriptor -> {
final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
if (acsEndpoints.isEmpty()) {
throw new RuntimeException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
}
final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (acsIndex + 1 > acsEndpoints.size()) {
throw new RuntimeException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
}
final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
acs.setBinding(foundAcs.getBinding());
acs.setLocation(foundAcs.getLocation());
acs.setResponseLocation(foundAcs.getResponseLocation());
acs.setIndex(acsIndex);
});
} else {
acs.setBinding(authnRequest.getProtocolBinding());
acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setIndex(0);
acs.setIsDefault(Boolean.TRUE);
}
LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
if (StringUtils.isBlank(acs.getBinding())) {
throw new SamlException("AssertionConsumerService has no protocol binding defined");
}
if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
throw new SamlException("AssertionConsumerService has no location or response location defined");
}
return acs;
} catch (final Exception e) {
throw new RuntimeException(new SamlException(e.getMessage(), e));
}
}
Also used :
AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
BindingCriterion(org.opensaml.saml.criterion.BindingCriterion)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
Endpoint(org.opensaml.saml.saml2.metadata.Endpoint)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Example 10 with EntityDescriptor
use of org.opensaml.saml.saml2.metadata.EntityDescriptor in project cas by apereo.
the class SamlRegisteredServiceServiceProviderMetadataFacade method get.
private static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredService registeredService, final String entityID, final CriteriaSet criterions) {
LOGGER.info("Adapting SAML metadata for CAS service [{}] issued by [{}]", registeredService.getName(), entityID);
try {
criterions.add(new BindingCriterion(Collections.singletonList(SAMLConstants.SAML2_POST_BINDING_URI)));
criterions.add(new EntityIdCriterion(entityID));
LOGGER.info("Locating metadata for entityID [{}] with binding [{}] by attempting to run through the metadata chain...", entityID, SAMLConstants.SAML2_POST_BINDING_URI);
final ChainingMetadataResolver chainingMetadataResolver = resolver.resolve(registeredService);
LOGGER.info("Resolved metadata chain for service [{}]. Filtering the chain by entity ID [{}] and binding [{}]", registeredService, entityID, SAMLConstants.SAML2_POST_BINDING_URI);
final EntityDescriptor entityDescriptor = chainingMetadataResolver.resolveSingle(criterions);
if (entityDescriptor == null) {
LOGGER.debug("Cannot find entity [{}] in metadata provider.", entityID);
return Optional.empty();
}
LOGGER.debug("Located EntityDescriptor in metadata for [{}]", entityID);
final SPSSODescriptor ssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (ssoDescriptor != null) {
LOGGER.debug("Located SPSSODescriptor in metadata for [{}]. Metadata is valid until [{}]", entityID, ssoDescriptor.getValidUntil());
return Optional.of(new SamlRegisteredServiceServiceProviderMetadataFacade(ssoDescriptor, entityDescriptor, chainingMetadataResolver));
}
LOGGER.warn("Could not locate SPSSODescriptor in the metadata for [{}]", entityID);
return Optional.empty();
} catch (final Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
BindingCriterion(org.opensaml.saml.criterion.BindingCriterion)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)13
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6
IOException (java.io.IOException)3
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)3
Document (org.w3c.dom.Document)3
InputStream (java.io.InputStream)2
InputStreamReader (java.io.InputStreamReader)2
NoSuchFileException (java.nio.file.NoSuchFileException)2
Path (java.nio.file.Path)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
GET (javax.ws.rs.GET)2
Path (javax.ws.rs.Path)2
Produces (javax.ws.rs.Produces)2
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)2
BindingCriterion (org.opensaml.saml.criterion.BindingCriterion)2
ChainingMetadataResolver (org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)2
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)2
SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)2
