Example 6 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cas by apereo.
the class MetadataRequestedAttributesAttributeReleasePolicy method getAttributesForSamlRegisteredService.
@Override
protected Map<String, Object> getAttributesForSamlRegisteredService(final Map<String, Object> attributes, final SamlRegisteredService service, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor) {
final Map<String, Object> releaseAttributes = new LinkedHashMap<>();
final SPSSODescriptor sso = facade.getSsoDescriptor();
if (sso != null) {
sso.getAttributeConsumingServices().forEach(svc -> svc.getRequestAttributes().stream().filter(attr -> {
final String name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Checking for requested attribute [{}] in metadata for [{}]", name, service.getName());
return attributes.containsKey(name);
}).forEach(attr -> {
final String name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, service.getName());
releaseAttributes.put(name, attributes.get(name));
}));
}
return releaseAttributes;
}
Also used :
Setter(lombok.Setter)
Getter(lombok.Getter)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
EqualsAndHashCode(lombok.EqualsAndHashCode)
ApplicationContext(org.springframework.context.ApplicationContext)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
LinkedHashMap(java.util.LinkedHashMap)
Slf4j(lombok.extern.slf4j.Slf4j)
Map(java.util.Map)
ToString(lombok.ToString)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
AllArgsConstructor(lombok.AllArgsConstructor)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NoArgsConstructor(lombok.NoArgsConstructor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
ToString(lombok.ToString)
LinkedHashMap(java.util.LinkedHashMap)
Example 7 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class IdpHandler method doHttpPostBinding.
private void doHttpPostBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
try {
IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
if (idpssoDescriptor == null) {
throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
}
response.getWriter().printf(postBindingTemplate, idpMetadata.getSingleSignOnLocation(), encodeAuthnRequest(createAndSignAuthnRequest(true, idpssoDescriptor.getWantAuthnRequestsSigned()), true), createRelayState(request));
response.setStatus(200);
response.flushBuffer();
} catch (IOException e) {
LOGGER.info("Unable to post AuthnRequest to IdP", e);
throw new ServletException("Unable to post to IdP");
}
}
Also used :
ServletException(javax.servlet.ServletException)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
IOException(java.io.IOException)
Example 8 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class IdpHandler method doHttpRedirectBinding.
private void doHttpRedirectBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
String redirectUrl;
String idpRequest = null;
String relayState = createRelayState(request);
try {
IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
if (idpssoDescriptor == null) {
throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
}
String queryParams = String.format("SAMLRequest=%s&RelayState=%s", encodeAuthnRequest(createAndSignAuthnRequest(false, idpssoDescriptor.getWantAuthnRequestsSigned()), false), URLEncoder.encode(relayState, "UTF-8"));
idpRequest = idpMetadata.getSingleSignOnLocation() + "?" + queryParams;
UriBuilder idpUri = new UriBuilderImpl(new URI(idpRequest));
simpleSign.signUriString(queryParams, idpUri);
redirectUrl = idpUri.build().toString();
} catch (UnsupportedEncodingException e) {
LOGGER.info("Unable to encode relay state: {}", relayState, e);
throw new ServletException("Unable to create return location");
} catch (SimpleSign.SignatureException e) {
String msg = "Unable to sign request";
LOGGER.info(msg, e);
throw new ServletException(msg);
} catch (URISyntaxException e) {
LOGGER.info("Unable to parse IDP request location: {}", idpRequest, e);
throw new ServletException("Unable to determine IDP location.");
}
try {
response.sendRedirect(redirectUrl);
response.flushBuffer();
} catch (IOException e) {
LOGGER.info("Unable to redirect AuthnRequest to {}", redirectUrl, e);
throw new ServletException("Unable to redirect to IdP");
}
}
Also used :
ServletException(javax.servlet.ServletException)
SimpleSign(ddf.security.samlp.SimpleSign)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
UriBuilder(javax.ws.rs.core.UriBuilder)
UriBuilderImpl(org.apache.cxf.jaxrs.impl.UriBuilderImpl)
URI(java.net.URI)
Example 9 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class MetadataConfigurationParser method parseEntityDescriptions.
private void parseEntityDescriptions(List<String> entityDescriptions) throws IOException {
String ddfHome = System.getProperty("ddf.home");
for (String entityDescription : entityDescriptions) {
buildEntityDescriptor(entityDescription);
}
Path metadataFolder = Paths.get(ddfHome, ETC_FOLDER, METADATA_ROOT_FOLDER);
try (DirectoryStream<Path> directoryStream = Files.newDirectoryStream(metadataFolder)) {
for (Path path : directoryStream) {
if (Files.isReadable(path)) {
try (InputStream fileInputStream = Files.newInputStream(path)) {
EntityDescriptor entityDescriptor = readEntityDescriptor(new InputStreamReader(fileInputStream, "UTF-8"));
LOGGER.info("entityId = {}", entityDescriptor.getEntityID());
entityDescriptorMap.put(entityDescriptor.getEntityID(), entityDescriptor);
if (updateCallback != null) {
updateCallback.accept(entityDescriptor);
}
}
}
}
} catch (NoSuchFileException e) {
LOGGER.debug("IDP metadata directory is not configured.", e);
}
}
Also used :
Path(java.nio.file.Path)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
InputStreamReader(java.io.InputStreamReader)
InputStream(java.io.InputStream)
NoSuchFileException(java.nio.file.NoSuchFileException)
Example 10 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class MetadataConfigurationParser method buildEntityDescriptor.
private void buildEntityDescriptor(String entityDescription) throws IOException {
EntityDescriptor entityDescriptor = null;
entityDescription = entityDescription.trim();
if (entityDescription.startsWith(HTTPS) || entityDescription.startsWith(HTTP)) {
if (entityDescription.startsWith(HTTP)) {
LOGGER.warn("Retrieving metadata via HTTP instead of HTTPS. The metadata configuration is unsafe!!!");
}
PropertyResolver propertyResolver = new PropertyResolver(entityDescription);
HttpTransport httpTransport = new NetHttpTransport();
HttpRequest httpRequest = httpTransport.createRequestFactory().buildGetRequest(new GenericUrl(propertyResolver.getResolvedString()));
httpRequest.setUnsuccessfulResponseHandler(new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff()).setBackOffRequired(HttpBackOffUnsuccessfulResponseHandler.BackOffRequired.ALWAYS));
httpRequest.setIOExceptionHandler(new HttpBackOffIOExceptionHandler(new ExponentialBackOff()));
ListeningExecutorService service = MoreExecutors.listeningDecorator(Executors.newSingleThreadExecutor());
ListenableFuture<HttpResponse> httpResponseFuture = service.submit(httpRequest::execute);
Futures.addCallback(httpResponseFuture, new FutureCallback<HttpResponse>() {
@Override
public void onSuccess(HttpResponse httpResponse) {
if (httpResponse != null) {
try {
String parsedResponse = httpResponse.parseAsString();
buildEntityDescriptor(parsedResponse);
} catch (IOException e) {
LOGGER.info("Unable to parse metadata from: {}", httpResponse.getRequest().getUrl().toString(), e);
}
}
}
@Override
public void onFailure(Throwable throwable) {
LOGGER.info("Unable to retrieve metadata.", throwable);
}
});
service.shutdown();
} else if (entityDescription.startsWith(FILE + System.getProperty("ddf.home"))) {
String pathStr = StringUtils.substringAfter(entityDescription, FILE);
Path path = Paths.get(pathStr);
if (Files.isReadable(path)) {
try (InputStream fileInputStream = Files.newInputStream(path)) {
entityDescriptor = readEntityDescriptor(new InputStreamReader(fileInputStream, "UTF-8"));
}
}
} else if (entityDescription.startsWith("<") && entityDescription.endsWith(">")) {
entityDescriptor = readEntityDescriptor(new StringReader(entityDescription));
} else {
LOGGER.info("Skipping unknown metadata configuration value: {}", entityDescription);
}
if (entityDescriptor != null) {
entityDescriptorMap.put(entityDescriptor.getEntityID(), entityDescriptor);
if (updateCallback != null) {
updateCallback.accept(entityDescriptor);
}
}
}
Also used :
HttpRequest(com.google.api.client.http.HttpRequest)
Path(java.nio.file.Path)
HttpBackOffIOExceptionHandler(com.google.api.client.http.HttpBackOffIOExceptionHandler)
HttpBackOffUnsuccessfulResponseHandler(com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler)
InputStreamReader(java.io.InputStreamReader)
InputStream(java.io.InputStream)
HttpResponse(com.google.api.client.http.HttpResponse)
GenericUrl(com.google.api.client.http.GenericUrl)
IOException(java.io.IOException)
PropertyResolver(org.codice.ddf.configuration.PropertyResolver)
ExponentialBackOff(com.google.api.client.util.ExponentialBackOff)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NetHttpTransport(com.google.api.client.http.javanet.NetHttpTransport)
HttpTransport(com.google.api.client.http.HttpTransport)
NetHttpTransport(com.google.api.client.http.javanet.NetHttpTransport)
StringReader(java.io.StringReader)
ListeningExecutorService(com.google.common.util.concurrent.ListeningExecutorService)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)22
IOException (java.io.IOException)11
InputStream (java.io.InputStream)9
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)9
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)9
Document (org.w3c.dom.Document)9
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)8
Element (org.w3c.dom.Element)8
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)7
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7
XMLObject (org.opensaml.core.xml.XMLObject)7
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)7
X509Certificate (java.security.cert.X509Certificate)6
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)6
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)6
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)6
Test (org.junit.Test)6
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)6
SimpleSign (ddf.security.samlp.SimpleSign)5
