Examples with SingleSignOnService org.opensaml.saml.saml2.metadata.SingleSignOnService used on opensource projects

Search in sources :

Example 11 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project security by opensearch-project.

the class Saml2SettingsProvider method initIdpEndpoints.

private void initIdpEndpoints(IDPSSODescriptor idpSsoDescriptor, HashMap<String, Object> configProperties) throws SamlConfigException {
    SingleSignOnService singleSignOnService = this.findSingleSignOnService(idpSsoDescriptor, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
    configProperties.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY, singleSignOnService.getLocation());
    configProperties.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY, singleSignOnService.getBinding());
    configProperties.put(SettingsBuilder.IDP_ENTITYID_PROPERTY_KEY, this.opensearchSettings.get("idp.entity_id"));
    SingleLogoutService singleLogoutService = this.findSingleLogoutService(idpSsoDescriptor, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
    if (singleLogoutService != null) {
        configProperties.put(SettingsBuilder.IDP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY, singleLogoutService.getLocation());
        configProperties.put(SettingsBuilder.IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, singleLogoutService.getBinding());
    } else {
        log.warn("The IdP does not provide a Single Logout Service. In order to ensure that users have to re-enter their password after logging out, OpenSearch Security will issue all SAML authentication requests with a mandatory password input (ForceAuthn=true)");
    }
}
Also used : SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)

Example 12 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project security by opensearch-project.

the class MockSamlIdpServer method createMetadata.

private String createMetadata() {
    try {
        EntityDescriptor idpEntityDescriptor = createSamlElement(EntityDescriptor.class);
        idpEntityDescriptor.setEntityID(idpEntityId);
        IDPSSODescriptor idpSsoDescriptor = createSamlElement(IDPSSODescriptor.class);
        idpEntityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);
        idpSsoDescriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
        idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
        SingleLogoutService redirectSingleLogoutService = createSamlElement(SingleLogoutService.class);
        idpSsoDescriptor.getSingleLogoutServices().add(redirectSingleLogoutService);
        redirectSingleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        redirectSingleLogoutService.setLocation(getSamlSloUri());
        idpSsoDescriptor.getNameIDFormats().add(createNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
        SingleSignOnService redirectSingleSignOnService = createSamlElement(SingleSignOnService.class);
        idpSsoDescriptor.getSingleSignOnServices().add(redirectSingleSignOnService);
        redirectSingleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        redirectSingleSignOnService.setLocation(getSamlSsoUri());
        X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        keyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
        KeyDescriptor signingKeyDescriptor = createSamlElement(KeyDescriptor.class);
        idpSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
        signingKeyDescriptor.setUse(UsageType.SIGNING);
        signingKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(new BasicX509Credential(this.signingCertificate)));
        return marshallSamlXml(idpEntityDescriptor);
    } catch (org.opensaml.security.SecurityException e) {
        throw new RuntimeException(e);
    }
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) KeyInfoGenerator(org.opensaml.xmlsec.keyinfo.KeyInfoGenerator) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 13 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project verify-hub by alphagov.

the class IdpSingleSignOnServiceHelper method getSingleSignOn.

public URI getSingleSignOn(String entityId) {
    EntityDescriptor idpEntityDescriptor;
    try {
        CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(entityId));
        idpEntityDescriptor = metadataProvider.resolveSingle(criteria);
    } catch (ResolverException e) {
        LOG.log(Level.SEVERE, format("Exception when accessing metadata: {0}", e));
        throw new RuntimeException(e);
    }
    if (idpEntityDescriptor != null) {
        final IDPSSODescriptor idpssoDescriptor = idpEntityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        final List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices();
        if (singleSignOnServices.isEmpty()) {
            LOG.log(Level.SEVERE, format("No singleSignOnServices present for IDP entityId: {0}", entityId));
        } else {
            if (singleSignOnServices.size() > 1) {
                LOG.log(Level.WARNING, format("More than one singleSignOnService present: {0} for {1}", singleSignOnServices.size(), entityId));
            }
            return URI.create(singleSignOnServices.get(0).getLocation());
        }
    }
    throw ApplicationException.createUnauditedException(ExceptionType.NOT_FOUND, UUID.randomUUID(), new RuntimeException(format("no entity descriptor for IDP: {0}", entityId)));
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)

Example 14 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project ddf by codice.

the class SamlProtocol method createIdpMetadata.

public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleLogOutLocation) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    //signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    //encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    for (String nameId : nameIds) {
        NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
        nameIDFormat.setFormat(nameId);
        idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
        SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
        singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
        singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
        SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
        singleSignOnServicePost.setBinding(POST_BINDING);
        singleSignOnServicePost.setLocation(singleSignOnLocationPost);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
    }
    if (StringUtils.isNotBlank(singleLogOutLocation)) {
        SingleLogoutService singleLogoutServiceRedir = singleLogOutServiceBuilder.buildObject();
        singleLogoutServiceRedir.setBinding(REDIRECT_BINDING);
        singleLogoutServiceRedir.setLocation(singleLogOutLocation);
        idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedir);
        SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
        singleLogoutServicePost.setBinding(POST_BINDING);
        singleLogoutServicePost.setLocation(singleLogOutLocation);
        idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
    }
    idpssoDescriptor.setWantAuthnRequestsSigned(true);
    idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 15 with SingleSignOnService

use of org.opensaml.saml.saml2.metadata.SingleSignOnService in project verify-hub by alphagov.

the class CountrySingleSignOnServiceHelperTest method getSingleSignOn.

@Test
public void getSingleSignOn() throws Exception {
    // Given
    SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder();
    SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject();
    singleSignOnService.setLocation("http://the-sso-location");
    IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder();
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
    idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
    EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID("the-entity-id");
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    when(metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(entityDescriptor.getEntityID())))).thenReturn(entityDescriptor);
    // When
    URI singleSignOnUri = service.getSingleSignOn(entityDescriptor.getEntityID());
    // Then
    assertThat(singleSignOnUri.toString(), equalTo(singleSignOnService.getLocation()));
    verify(metadataResolver).resolveSingle(any(CriteriaSet.class));
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) SingleSignOnServiceBuilder(org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder) URI(java.net.URI) EntityDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder) IDPSSODescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorBuilder) Test(org.junit.Test)

Aggregations

SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)13 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)9 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)9 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)6 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)5 X509Certificate (java.security.cert.X509Certificate)4 CertificateException (java.security.cert.CertificateException)3 List (java.util.List)3 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)3 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)3 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)3 SingleSignOnService (org.opensaml.saml2.metadata.SingleSignOnService)3 ArrayList (java.util.ArrayList)2 Arrays (java.util.Arrays)2 HashMap (java.util.HashMap)2 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)2 EntityDescriptorBuilder (org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder)2 IDPSSODescriptorBuilder (org.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorBuilder)2 SingleSignOnServiceBuilder (org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder)2 IDPSSODescriptor (org.opensaml.saml2.metadata.IDPSSODescriptor)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial