use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project pac4j by pac4j.
the class SAML2AuthnRequestBuilder method build.
@Override
public AuthnRequest build(final SAML2MessageContext context) {
final SingleSignOnService ssoService = context.getIDPSingleSignOnService(this.bindingType);
final String idx = this.assertionConsumerServiceIndex > 0 ? String.valueOf(assertionConsumerServiceIndex) : null;
final AssertionConsumerService assertionConsumerService = context.getSPAssertionConsumerService(idx);
return buildAuthnRequest(context, assertionConsumerService, ssoService);
}
use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project pac4j by pac4j.
the class SAML2WebSSOMessageSender method sendMessage.
@Override
public void sendMessage(final SAML2MessageContext context, final AuthnRequest authnRequest, final Object relayState) {
final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
final SingleSignOnService ssoService = context.getIDPSingleSignOnService(destinationBindingType);
final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
final MessageEncoder encoder = getMessageEncoder(context);
final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
outboundContext.setMessage(authnRequest);
outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoService);
outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
if (relayState != null) {
outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
}
try {
invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
encoder.setMessageContext(outboundContext);
encoder.initialize();
encoder.prepareContext();
encoder.encode();
final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
if (messageStorage != null) {
messageStorage.storeMessage(authnRequest.getID(), authnRequest);
}
} catch (final MessageEncodingException e) {
throw new SAMLException("Error encoding saml message", e);
} catch (final ComponentInitializationException e) {
throw new SAMLException("Error initializing saml encoder", e);
}
}
use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project OpenUnison by TremoloSecurity.
the class OpenUnisonUtils method importMetaData.
private static void importMetaData(KeyStore ks, EntityDescriptor ed, IDPSSODescriptor idp, AuthMechType currentMechanism, HashMap<String, ParamWithValueType> params) throws Base64DecodingException, CertificateException, KeyStoreException {
setProperty("entityID", ed.getEntityID(), params, currentMechanism);
setProperty("entityID", ed.getEntityID(), params, currentMechanism);
for (SingleSignOnService sso : idp.getSingleSignOnServices()) {
if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
setProperty("idpURL", sso.getLocation(), params, currentMechanism);
} else if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
setProperty("idpRedirURL", sso.getLocation(), params, currentMechanism);
}
}
for (SingleLogoutService slo : idp.getSingleLogoutServices()) {
if (slo.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
setProperty("idpRedirLogoutURL", slo.getLocation(), params, currentMechanism);
}
}
for (KeyDescriptor kd : idp.getKeyDescriptors()) {
if (kd.getUse().equals(UsageType.SIGNING)) {
String base64 = kd.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
String name = "verify-" + ed.getEntityID() + "-idp-sig";
ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decode(base64));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> c = cf.generateCertificates(bais);
if (c.size() > 1) {
int j = 0;
Iterator<? extends Certificate> i = c.iterator();
while (i.hasNext()) {
Certificate certificate = (Certificate) i.next();
ks.setCertificateEntry(name + "-" + j, certificate);
}
} else {
ks.setCertificateEntry(name, c.iterator().next());
}
setProperty("idpSigKeyName", name, params, currentMechanism);
}
}
}
use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project MaxKey by dromara.
the class MetadataGenerator method getSingleSignOnService.
public SingleSignOnService getSingleSignOnService(String location, String binding) {
SingleSignOnService singleSignOnService = (SingleSignOnService) buildXMLObject(SingleSignOnService.DEFAULT_ELEMENT_NAME);
if (binding == null) {
binding = SAMLConstants.SAML2_POST_BINDING_URI;
}
singleSignOnService.setBinding(binding);
singleSignOnService.setLocation(location);
return singleSignOnService;
}
use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project cloud-pipeline by epam.
the class CustomSamlClient method fromMetadata.
/**
* Constructs an SAML client using XML metadata obtained from the identity provider. <p> When
* using Okta as an identity provider, it is possible to pass null to relyingPartyIdentifier and
* assertionConsumerServiceUrl; they will be inferred from the metadata provider XML.
*
* @param relyingPartyIdentifier the identifier for the relying party.
* @param metadata the XML metadata obtained from the identity provider.
* @param samlBinding the HTTP method to use for binding to the IdP.
* @return The created {@link CustomSamlClient}.
* @throws SamlException thrown if any error occur while loading the metadata information.
*/
public static CustomSamlClient fromMetadata(String relyingPartyIdentifier, Reader metadata, CustomSamlClient.SamlIdpBinding samlBinding, int responseSkew) throws SAMLException {
MetadataProvider metadataProvider = createMetadataProvider(metadata);
EntityDescriptor entityDescriptor = getEntityDescriptor(metadataProvider);
IDPSSODescriptor idpSsoDescriptor = getIDPSSODescriptor(entityDescriptor);
SingleSignOnService idpBinding = getIdpBinding(idpSsoDescriptor, samlBinding);
List<X509Certificate> x509Certificates = getCertificates(idpSsoDescriptor);
boolean isOkta = entityDescriptor.getEntityID().contains(".okta.com");
if (relyingPartyIdentifier == null) {
// detect that the IDP is Okta let's tolerate a null value for this parameter.
if (isOkta) {
relyingPartyIdentifier = entityDescriptor.getEntityID();
} else {
throw new IllegalArgumentException("relyingPartyIdentifier");
}
}
String identityProviderUrl = idpBinding.getLocation();
String responseIssuer = entityDescriptor.getEntityID();
return new CustomSamlClient(relyingPartyIdentifier, identityProviderUrl, responseIssuer, x509Certificates, responseSkew);
}
Aggregations