Example 51 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cas by apereo.
the class SamlIdPUtils method determineEndpointForRequest.
private static AssertionConsumerService determineEndpointForRequest(final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding, final AssertionConsumerService acsFromRequest, final AssertionConsumerService acsFromMetadata, final MessageContext authenticationContext) {
LOGGER.trace("ACS from authentication request is [{}], ACS from metadata is [{}] with binding [{}]", acsFromRequest, acsFromMetadata, binding);
if (acsFromRequest != null) {
if (!authnRequest.isSigned() && !SAMLBindingSupport.isMessageSigned(authenticationContext)) {
val locations = StringUtils.isNotBlank(binding) ? adaptor.getAssertionConsumerServiceLocations(binding) : adaptor.getAssertionConsumerServiceLocations();
val acsUrl = StringUtils.defaultIfBlank(acsFromRequest.getResponseLocation(), acsFromRequest.getLocation());
val acsIndex = authnRequest instanceof AuthnRequest ? AuthnRequest.class.cast(authnRequest).getAssertionConsumerServiceIndex() : null;
if (StringUtils.isNotBlank(acsUrl) && locations.contains(acsUrl)) {
return buildAssertionConsumerService(binding, acsUrl, acsIndex);
}
if (acsIndex != null) {
val result = adaptor.getAssertionConsumerServiceFor(binding, acsIndex);
if (result.isPresent()) {
return buildAssertionConsumerService(binding, result.get(), acsIndex);
}
}
val message = String.format("Assertion consumer service [%s] cannot be located in metadata [%s]", acsUrl, locations);
throw new SamlException(message);
}
return acsFromRequest;
}
return acsFromMetadata;
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 52 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cas by apereo.
the class MetadataRequestedAttributesAttributeReleasePolicy method fetchRequestedAttributes.
private Map<String, List<Object>> fetchRequestedAttributes(final Map<String, List<Object>> attributes, final RegisteredServiceAttributeReleasePolicyContext context, final SamlRegisteredServiceServiceProviderMetadataFacade facade) {
val releaseAttributes = new HashMap<String, List<Object>>();
Optional.ofNullable(facade.getSsoDescriptor()).ifPresent(sso -> sso.getAttributeConsumingServices().forEach(svc -> svc.getRequestedAttributes().stream().filter(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Checking for requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
return attributes.containsKey(name);
}).forEach(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
releaseAttributes.put(name, attributes.get(name));
})));
return releaseAttributes;
}
Also used :
lombok.val(lombok.val)
Setter(lombok.Setter)
RegisteredServiceAttributeReleasePolicyContext(org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext)
Getter(lombok.Getter)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
lombok.val(lombok.val)
HashMap(java.util.HashMap)
EqualsAndHashCode(lombok.EqualsAndHashCode)
ApplicationContext(org.springframework.context.ApplicationContext)
Collectors(java.util.stream.Collectors)
ArrayList(java.util.ArrayList)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
Map(java.util.Map)
ToString(lombok.ToString)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
Optional(java.util.Optional)
AllArgsConstructor(lombok.AllArgsConstructor)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NoArgsConstructor(lombok.NoArgsConstructor)
HashMap(java.util.HashMap)
Example 53 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicy method determineRequestedAttributeDefinitions.
@Override
protected List<String> determineRequestedAttributeDefinitions(final RegisteredServiceAttributeReleasePolicyContext context) {
val definitions = new ArrayList<String>();
val applicationContext = ApplicationContextProvider.getApplicationContext();
getSamlAuthnRequest(applicationContext).ifPresent(authnRequest -> {
if (authnRequest.getExtensions() != null) {
authnRequest.getExtensions().getUnknownXMLObjects().stream().filter(object -> object instanceof RequestedAttribute).map(object -> (RequestedAttribute) object).forEach(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
definitions.add(name);
});
}
});
return definitions;
}
Also used :
lombok.val(lombok.val)
Setter(lombok.Setter)
RegisteredServiceAttributeReleasePolicyContext(org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext)
Getter(lombok.Getter)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
lombok.val(lombok.val)
HashMap(java.util.HashMap)
EqualsAndHashCode(lombok.EqualsAndHashCode)
ApplicationContext(org.springframework.context.ApplicationContext)
ArrayList(java.util.ArrayList)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
Map(java.util.Map)
ToString(lombok.ToString)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
AllArgsConstructor(lombok.AllArgsConstructor)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ApplicationContextProvider(org.apereo.cas.util.spring.ApplicationContextProvider)
RequestedAttribute(org.opensaml.saml.saml2.metadata.RequestedAttribute)
NoArgsConstructor(lombok.NoArgsConstructor)
RequestedAttribute(org.opensaml.saml.saml2.metadata.RequestedAttribute)
ArrayList(java.util.ArrayList)
Example 54 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cxf by apache.
the class AbstractSTSClient method configureViaEPR.
public void configureViaEPR(EndpointReferenceType ref, boolean useEPRWSAAddrAsMEXLocation) {
if (client != null) {
return;
}
location = EndpointReferenceUtils.getAddress(ref);
if (location != null) {
location = location.trim();
}
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("EPR address: " + location);
}
final QName sName = EndpointReferenceUtils.getServiceName(ref, bus);
if (sName != null) {
serviceName = sName;
final QName epName = EndpointReferenceUtils.getPortQName(ref, bus);
if (epName != null) {
endpointName = epName;
}
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("EPR endpoint: " + serviceName + " " + endpointName);
}
}
final String wsdlLoc = EndpointReferenceUtils.getWSDLLocation(ref);
if (wsdlLoc != null) {
wsdlLocation = wsdlLoc;
}
String mexLoc = findMEXLocation(ref, useEPRWSAAddrAsMEXLocation);
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("WS-MEX location: " + mexLoc);
}
if (mexLoc != null) {
try {
JaxWsProxyFactoryBean proxyFac = new JaxWsProxyFactoryBean();
proxyFac.setBindingId(soapVersion);
proxyFac.setAddress(mexLoc);
MetadataExchange exc = proxyFac.create(MetadataExchange.class);
Metadata metadata = exc.get2004();
Definition definition = null;
List<Schema> schemas = new ArrayList<>();
// Parse the MetadataSections into WSDL definition + associated schemas
for (MetadataSection s : metadata.getMetadataSection()) {
if ("http://schemas.xmlsoap.org/wsdl/".equals(s.getDialect())) {
definition = bus.getExtension(WSDLManager.class).getDefinition((Element) s.getAny());
} else if ("http://www.w3.org/2001/XMLSchema".equals(s.getDialect())) {
Element schemaElement = (Element) s.getAny();
if (schemaElement == null) {
String schemaLocation = s.getLocation();
LOG.info("XSD schema location: " + schemaLocation);
schemaElement = downloadSchema(schemaLocation);
}
QName schemaName = new QName(schemaElement.getNamespaceURI(), schemaElement.getLocalName());
WSDLManager wsdlManager = bus.getExtension(WSDLManager.class);
ExtensibilityElement exElement = wsdlManager.getExtensionRegistry().createExtension(Types.class, schemaName);
((Schema) exElement).setElement(schemaElement);
schemas.add((Schema) exElement);
}
}
if (definition != null) {
// Add any extra schemas to the WSDL definition
for (Schema schema : schemas) {
definition.getTypes().addExtensibilityElement(schema);
}
WSDLServiceFactory factory = new WSDLServiceFactory(bus, definition);
SourceDataBinding dataBinding = new SourceDataBinding();
factory.setDataBinding(dataBinding);
Service service = factory.create();
service.setDataBinding(dataBinding);
// Get the endpoint + service names by matching the 'location' to the
// address in the WSDL. If the 'location' is 'anonymous' then just fall
// back to the first service + endpoint name in the WSDL, if the endpoint
// name is not defined in the Metadata
List<ServiceInfo> services = service.getServiceInfos();
String anonymousAddress = "http://www.w3.org/2005/08/addressing/anonymous";
if (!anonymousAddress.equals(location)) {
for (ServiceInfo serv : services) {
for (EndpointInfo ei : serv.getEndpoints()) {
if (ei.getAddress().equals(location)) {
endpointName = ei.getName();
serviceName = serv.getName();
LOG.fine("Matched endpoint to location");
}
}
}
}
EndpointInfo ei = service.getEndpointInfo(endpointName);
if (ei == null && anonymousAddress.equals(location) && !services.isEmpty() && !services.get(0).getEndpoints().isEmpty()) {
LOG.fine("Anonymous location so taking first endpoint");
serviceName = services.get(0).getName();
endpointName = services.get(0).getEndpoints().iterator().next().getName();
ei = service.getEndpointInfo(endpointName);
}
if (ei == null) {
throw new TrustException(LOG, "ADDRESS_NOT_MATCHED", location);
}
if (location != null && !anonymousAddress.equals(location)) {
ei.setAddress(location);
}
Endpoint endpoint = new EndpointImpl(bus, service, ei);
client = new ClientImpl(bus, endpoint);
}
} catch (Exception ex) {
throw new TrustException("WS_MEX_ERROR", ex, LOG);
}
}
}
Also used :
Types(javax.wsdl.Types)
MetadataSection(org.apache.cxf.ws.mex.model._2004_09.MetadataSection)
Schema(javax.wsdl.extensions.schema.Schema)
ExtensibilityElement(javax.wsdl.extensions.ExtensibilityElement)
Element(org.w3c.dom.Element)
JaxWsProxyFactoryBean(org.apache.cxf.jaxws.JaxWsProxyFactoryBean)
Metadata(org.apache.cxf.ws.mex.model._2004_09.Metadata)
ArrayList(java.util.ArrayList)
ModCountCopyOnWriteArrayList(org.apache.cxf.common.util.ModCountCopyOnWriteArrayList)
SourceDataBinding(org.apache.cxf.databinding.source.SourceDataBinding)
ExtensibilityElement(javax.wsdl.extensions.ExtensibilityElement)
ServiceInfo(org.apache.cxf.service.model.ServiceInfo)
EndpointInfo(org.apache.cxf.service.model.EndpointInfo)
Endpoint(org.apache.cxf.endpoint.Endpoint)
MetadataExchange(org.apache.cxf.ws.mex.MetadataExchange)
WSDLServiceFactory(org.apache.cxf.wsdl11.WSDLServiceFactory)
QName(javax.xml.namespace.QName)
EndpointImpl(org.apache.cxf.endpoint.EndpointImpl)
Definition(javax.wsdl.Definition)
Service(org.apache.cxf.service.Service)
ClientImpl(org.apache.cxf.endpoint.ClientImpl)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
IOException(java.io.IOException)
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
EndpointException(org.apache.cxf.endpoint.EndpointException)
BusException(org.apache.cxf.BusException)
WSDLManager(org.apache.cxf.wsdl.WSDLManager)
Example 55 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cxf by apache.
the class SamlOAuthValidator method validateAuthenticationSubject.
private boolean validateAuthenticationSubject(Message m, Conditions cs, org.opensaml.saml.saml2.core.Subject subject) {
// We need to find a Bearer Subject Confirmation method
boolean bearerSubjectConfFound = false;
if (subject.getSubjectConfirmations() != null) {
for (SubjectConfirmation subjectConf : subject.getSubjectConfirmations()) {
if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
validateSubjectConfirmation(m, cs, subjectConf.getSubjectConfirmationData());
bearerSubjectConfFound = true;
}
}
}
return bearerSubjectConfFound;
}
Also used :
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)24
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)12
lombok.val (lombok.val)11
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)11
InputStream (java.io.InputStream)10
ArrayList (java.util.ArrayList)10
IOException (java.io.IOException)9
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)9
Document (org.w3c.dom.Document)9
Element (org.w3c.dom.Element)9
List (java.util.List)8
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)8
Map (java.util.Map)7
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)7
XMLObject (org.opensaml.core.xml.XMLObject)7
X509Certificate (java.security.cert.X509Certificate)6
HashMap (java.util.HashMap)6
Slf4j (lombok.extern.slf4j.Slf4j)6
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)6
