Examples with SingleSignOnService - org.opensaml.saml.saml2.metadata.SingleSignOnService

Example 6 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project pac4j by pac4j.

the class SAML2AuthnRequestBuilder method build.

@Override
public AuthnRequest build(final SAML2MessageContext context) {
    final SingleSignOnService ssoService = context.getIDPSingleSignOnService(this.bindingType);
    final String idx = this.assertionConsumerServiceIndex > 0 ? String.valueOf(assertionConsumerServiceIndex) : null;
    final AssertionConsumerService assertionConsumerService = context.getSPAssertionConsumerService(idx);
    return buildAuthnRequest(context, assertionConsumerService, ssoService);
}

Also used : SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)

Example 7 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project pac4j by pac4j.

the class SAML2WebSSOMessageSender method sendMessage.

@Override
public void sendMessage(final SAML2MessageContext context, final AuthnRequest authnRequest, final Object relayState) {
    final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
    final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
    final SingleSignOnService ssoService = context.getIDPSingleSignOnService(destinationBindingType);
    final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
    final MessageEncoder encoder = getMessageEncoder(context);
    final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
    outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
    outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
    outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
    outboundContext.setMessage(authnRequest);
    outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
    outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoService);
    outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
    outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
    outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
    outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
    if (relayState != null) {
        outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
    }
    try {
        invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
        encoder.setMessageContext(outboundContext);
        encoder.initialize();
        encoder.prepareContext();
        encoder.encode();
        final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
        if (messageStorage != null) {
            messageStorage.storeMessage(authnRequest.getID(), authnRequest);
        }
    } catch (final MessageEncodingException e) {
        throw new SAMLException("Error encoding saml message", e);
    } catch (final ComponentInitializationException e) {
        throw new SAMLException("Error initializing saml encoder", e);
    }
}

Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) MessageEncoder(org.opensaml.messaging.encoder.MessageEncoder) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Example 8 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project OpenUnison by TremoloSecurity.

the class OpenUnisonUtils method importMetaData.

private static void importMetaData(KeyStore ks, EntityDescriptor ed, IDPSSODescriptor idp, AuthMechType currentMechanism, HashMap<String, ParamWithValueType> params) throws Base64DecodingException, CertificateException, KeyStoreException {
    setProperty("entityID", ed.getEntityID(), params, currentMechanism);
    setProperty("entityID", ed.getEntityID(), params, currentMechanism);
    for (SingleSignOnService sso : idp.getSingleSignOnServices()) {
        if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
            setProperty("idpURL", sso.getLocation(), params, currentMechanism);
        } else if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
            setProperty("idpRedirURL", sso.getLocation(), params, currentMechanism);
        }
    }
    for (SingleLogoutService slo : idp.getSingleLogoutServices()) {
        if (slo.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
            setProperty("idpRedirLogoutURL", slo.getLocation(), params, currentMechanism);
        }
    }
    for (KeyDescriptor kd : idp.getKeyDescriptors()) {
        if (kd.getUse().equals(UsageType.SIGNING)) {
            String base64 = kd.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
            String name = "verify-" + ed.getEntityID() + "-idp-sig";
            ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decode(base64));
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            Collection<? extends Certificate> c = cf.generateCertificates(bais);
            if (c.size() > 1) {
                int j = 0;
                Iterator<? extends Certificate> i = c.iterator();
                while (i.hasNext()) {
                    Certificate certificate = (Certificate) i.next();
                    ks.setCertificateEntry(name + "-" + j, certificate);
                }
            } else {
                ks.setCertificateEntry(name, c.iterator().next());
            }
            setProperty("idpSigKeyName", name, params, currentMechanism);
        }
    }
}

Also used : SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) ByteArrayInputStream(java.io.ByteArrayInputStream) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 9 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project MaxKey by dromara.

the class MetadataGenerator method getSingleSignOnService.

public SingleSignOnService getSingleSignOnService(String location, String binding) {
    SingleSignOnService singleSignOnService = (SingleSignOnService) buildXMLObject(SingleSignOnService.DEFAULT_ELEMENT_NAME);
    if (binding == null) {
        binding = SAMLConstants.SAML2_POST_BINDING_URI;
    }
    singleSignOnService.setBinding(binding);
    singleSignOnService.setLocation(location);
    return singleSignOnService;
}

Also used : SingleSignOnService(org.opensaml.saml2.metadata.SingleSignOnService)

Example 10 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project cloud-pipeline by epam.

the class CustomSamlClient method fromMetadata.

/**
 * Constructs an SAML client using XML metadata obtained from the identity provider. <p> When
 * using Okta as an identity provider, it is possible to pass null to relyingPartyIdentifier and
 * assertionConsumerServiceUrl; they will be inferred from the metadata provider XML.
 *
 * @param relyingPartyIdentifier      the identifier for the relying party.
 * @param metadata                    the XML metadata obtained from the identity provider.
 * @param samlBinding                 the HTTP method to use for binding to the IdP.
 * @return The created {@link CustomSamlClient}.
 * @throws SamlException thrown if any error occur while loading the metadata information.
 */
public static CustomSamlClient fromMetadata(String relyingPartyIdentifier, Reader metadata, CustomSamlClient.SamlIdpBinding samlBinding, int responseSkew) throws SAMLException {
    MetadataProvider metadataProvider = createMetadataProvider(metadata);
    EntityDescriptor entityDescriptor = getEntityDescriptor(metadataProvider);
    IDPSSODescriptor idpSsoDescriptor = getIDPSSODescriptor(entityDescriptor);
    SingleSignOnService idpBinding = getIdpBinding(idpSsoDescriptor, samlBinding);
    List<X509Certificate> x509Certificates = getCertificates(idpSsoDescriptor);
    boolean isOkta = entityDescriptor.getEntityID().contains(".okta.com");
    if (relyingPartyIdentifier == null) {
        // detect that the IDP is Okta let's tolerate a null value for this parameter.
        if (isOkta) {
            relyingPartyIdentifier = entityDescriptor.getEntityID();
        } else {
            throw new IllegalArgumentException("relyingPartyIdentifier");
        }
    }
    String identityProviderUrl = idpBinding.getLocation();
    String responseIssuer = entityDescriptor.getEntityID();
    return new CustomSamlClient(relyingPartyIdentifier, identityProviderUrl, responseIssuer, x509Certificates, responseSkew);
}

Also used : EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor) IDPSSODescriptor(org.opensaml.saml2.metadata.IDPSSODescriptor) MetadataProvider(org.opensaml.saml2.metadata.provider.MetadataProvider) DOMMetadataProvider(org.opensaml.saml2.metadata.provider.DOMMetadataProvider) SingleSignOnService(org.opensaml.saml2.metadata.SingleSignOnService) X509Certificate(java.security.cert.X509Certificate)

Aggregations

SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)14 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)9 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)9 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)6 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)5 X509Certificate (java.security.cert.X509Certificate)4 SingleSignOnService (org.opensaml.saml2.metadata.SingleSignOnService)4 CertificateException (java.security.cert.CertificateException)3 List (java.util.List)3 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)3 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)3 ArrayList (java.util.ArrayList)2 Arrays (java.util.Arrays)2 HashMap (java.util.HashMap)2 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)2 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)2 EntityDescriptorBuilder (org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder)2 IDPSSODescriptorBuilder (org.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorBuilder)2 SingleSignOnServiceBuilder (org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder)2 IDPSSODescriptor (org.opensaml.saml2.metadata.IDPSSODescriptor)2