Example 11 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class SoapResponseCreator method createEcpResponse.
private String createEcpResponse(AuthnRequest authnRequest) throws WSSecurityException {
ResponseBuilder responseBuilder = new ResponseBuilder();
org.opensaml.saml.saml2.ecp.Response response = responseBuilder.buildObject();
response.setSOAP11Actor(HTTP_SCHEMAS_XMLSOAP_ORG_SOAP_ACTOR_NEXT);
response.setSOAP11MustUnderstand(true);
response.setAssertionConsumerServiceURL(getAssertionConsumerServiceURL(authnRequest));
return convertXmlObjectToString(response);
}
Also used :
ResponseBuilder(org.opensaml.saml.saml2.ecp.impl.ResponseBuilder)
Example 12 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class IdpEndpoint method doSoapLogin.
@POST
@Path("/login")
@Consumes({ "text/xml", "application/soap+xml" })
public Response doSoapLogin(InputStream body, @Context HttpServletRequest request) {
if (!request.isSecure()) {
throw new IllegalArgumentException("Authn Request must use TLS.");
}
SoapBinding soapBinding = new SoapBinding(systemCrypto, serviceProviders);
try {
String bodyStr = IOUtils.toString(body);
AuthnRequest authnRequest = soapBinding.decoder().decodeRequest(bodyStr);
String relayState = ((SoapRequestDecoder) soapBinding.decoder()).decodeRelayState(bodyStr);
soapBinding.validator().validateRelayState(relayState);
soapBinding.validator().validateAuthnRequest(authnRequest, bodyStr, null, null, null, strictSignature);
boolean hasCookie = hasValidCookie(request, authnRequest.isForceAuthn());
AuthObj authObj = determineAuthMethod(bodyStr, authnRequest);
org.opensaml.saml.saml2.core.Response response = handleLogin(authnRequest, authObj.method, request, authObj, authnRequest.isPassive(), hasCookie);
Response samlpResponse = soapBinding.creator().getSamlpResponse(relayState, authnRequest, response, null, soapMessage);
samlpResponse.getHeaders().put("SOAPAction", Collections.singletonList("http://www.oasis-open.org/committees/security"));
return samlpResponse;
} catch (IOException e) {
LOGGER.debug("Unable to decode SOAP AuthN Request", e);
} catch (SimpleSign.SignatureException e) {
LOGGER.debug("Unable to validate signature.", e);
} catch (ValidationException e) {
LOGGER.debug("Unable to validate request.", e);
} catch (SecurityServiceException e) {
LOGGER.debug("Unable to authenticate user.", e);
} catch (WSSecurityException | IllegalArgumentException e) {
LOGGER.debug("Bad request.", e);
}
return null;
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
ValidationException(ddf.security.samlp.ValidationException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SoapRequestDecoder(org.codice.ddf.security.idp.binding.soap.SoapRequestDecoder)
IOException(java.io.IOException)
SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
SimpleSign(ddf.security.samlp.SimpleSign)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 13 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class IdpEndpoint method createCookie.
private NewCookie createCookie(HttpServletRequest request, org.opensaml.saml.saml2.core.Response response) {
LOGGER.debug("Creating cookie for user.");
if (response.getAssertions() != null && response.getAssertions().size() > 0) {
Assertion assertion = response.getAssertions().get(0);
if (assertion != null) {
UUID uuid = UUID.randomUUID();
cookieCache.cacheSamlAssertion(uuid.toString(), assertion.getDOM());
URL url;
try {
url = new URL(request.getRequestURL().toString());
LOGGER.debug("Returning new cookie for user.");
return new NewCookie(COOKIE, uuid.toString(), SERVICES_IDP_PATH, url.getHost(), NewCookie.DEFAULT_VERSION, null, -1, null, true, true);
} catch (MalformedURLException e) {
LOGGER.info("Unable to create session cookie. Client will need to log in again.", e);
}
}
}
return null;
}
Also used :
MalformedURLException(java.net.MalformedURLException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
UUID(java.util.UUID)
URL(java.net.URL)
NewCookie(javax.ws.rs.core.NewCookie)
Example 14 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project ddf by codice.
the class IdpEndpoint method retrieveMetadata.
@GET
@Path("/login/metadata")
@Produces("application/xml")
public Response retrieveMetadata() throws WSSecurityException, CertificateEncodingException {
List<String> nameIdFormats = new ArrayList<>();
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_PERSISTENT);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_UNSPECIFIED);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getSignatureCrypto().getDefaultX509Identifier());
X509Certificate[] certs = systemCrypto.getSignatureCrypto().getX509Certificates(cryptoType);
X509Certificate issuerCert = null;
if (certs != null && certs.length > 0) {
issuerCert = certs[0];
}
cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getEncryptionCrypto().getDefaultX509Identifier());
certs = systemCrypto.getEncryptionCrypto().getX509Certificates(cryptoType);
X509Certificate encryptionCert = null;
if (certs != null && certs.length > 0) {
encryptionCert = certs[0];
}
EntityDescriptor entityDescriptor = SamlProtocol.createIdpMetadata(SystemBaseUrl.constructUrl("/idp/login", true), Base64.getEncoder().encodeToString(issuerCert != null ? issuerCert.getEncoded() : new byte[0]), Base64.getEncoder().encodeToString(encryptionCert != null ? encryptionCert.getEncoded() : new byte[0]), nameIdFormats, SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/logout", true));
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
return Response.ok(DOM2Writer.nodeToString(OpenSAMLUtil.toDom(entityDescriptor, doc, false))).build();
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ArrayList(java.util.ArrayList)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
Document(org.w3c.dom.Document)
X509Certificate(java.security.cert.X509Certificate)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 15 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project verify-hub by alphagov.
the class HubMetadataIntegrationTests method getSpMetadataFromApi_shouldReturnTheHubFromNewMetadataAsAnSp.
@Test
public void getSpMetadataFromApi_shouldReturnTheHubFromNewMetadataAsAnSp() throws Exception {
SamlDto samlDto = client.target(UriBuilder.fromUri(samlProxyAppRule.getUri("/API/metadata/sp"))).request().get(SamlDto.class);
EntityDescriptor entityDescriptor = getEntityDescriptor(samlDto);
assertThat(entityDescriptor.getEntityID()).isEqualTo(HUB_ENTITY_ID);
assertThat(entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)).isNull();
assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS)).isNotNull();
assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getAssertionConsumerServices().get(0).getLocation()).isEqualTo("http://foo.com/bar");
assertThat(entityDescriptor.getValidUntil()).isEqualTo(DateTime.now(DateTimeZone.UTC).plusHours(1));
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SamlDto(uk.gov.ida.hub.samlproxy.domain.SamlDto)
Test(org.junit.Test)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)22
IOException (java.io.IOException)11
InputStream (java.io.InputStream)9
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)9
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)9
Document (org.w3c.dom.Document)9
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)8
Element (org.w3c.dom.Element)8
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)7
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7
XMLObject (org.opensaml.core.xml.XMLObject)7
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)7
X509Certificate (java.security.cert.X509Certificate)6
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)6
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)6
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)6
Test (org.junit.Test)6
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)6
SimpleSign (ddf.security.samlp.SimpleSign)5
