Example 41 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project cas by apereo.
the class SSOSamlProfileCallbackHandlerController method determineProfileBinding.
/**
* Determine profile binding.
*
* @param authenticationContext the authentication context
* @param assertion the assertion
* @return the string
*/
protected String determineProfileBinding(final Pair<AuthnRequest, MessageContext> authenticationContext, final Assertion assertion) {
final AuthnRequest authnRequest = authenticationContext.getKey();
final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> pair = getRegisteredServiceAndFacade(authnRequest);
final SamlRegisteredServiceServiceProviderMetadataFacade facade = pair.getValue();
final String binding = StringUtils.defaultIfBlank(authnRequest.getProtocolBinding(), SAMLConstants.SAML2_POST_BINDING_URI);
LOGGER.debug("Determined authentication request binding is [{}], issued by [{}]", binding, authnRequest.getIssuer().getValue());
LOGGER.debug("Checking metadata for [{}] to see if binding [{}] is supported", facade.getEntityId(), binding);
@NonNull final AssertionConsumerService svc = facade.getAssertionConsumerService(binding);
LOGGER.debug("Binding [{}] is supported by [{}]", svc.getBinding(), facade.getEntityId());
return binding;
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
NonNull(lombok.NonNull)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Example 42 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorResourceTest method assertThatDecryptedAssertionsAreTheSame.
private void assertThatDecryptedAssertionsAreTheSame(InboundResponseFromCountry response, org.opensaml.saml.saml2.core.Response originalResponse) {
AssertionDecrypter hubDecrypter = new AssertionDecrypter(TestCertificateStrings.HUB_TEST_PRIVATE_ENCRYPTION_KEY, TestCertificateStrings.HUB_TEST_PUBLIC_ENCRYPTION_CERT);
List<Assertion> originalAssertions = hubDecrypter.decryptAssertions(originalResponse);
AssertionDecrypter rpDecrypter = new AssertionDecrypter(TestCertificateStrings.TEST_RP_MS_PRIVATE_ENCRYPTION_KEY, TestCertificateStrings.TEST_RP_PUBLIC_ENCRYPTION_CERT);
Assertion returnedAssertion = rpDecrypter.decryptAssertion(response.getEncryptedIdentityAssertionBlob().get());
assertThat(originalAssertions).hasSize(1);
Assertion originalAssertion = originalAssertions.get(0);
assertEquals(returnedAssertion, originalAssertion);
}
Also used :
AssertionDecrypter(uk.gov.ida.integrationtest.hub.samlengine.support.AssertionDecrypter)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Example 43 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project verify-hub by alphagov.
the class SamlMessageReceiverApiTest method handleResponsePost_shouldReportPrincipalIpAddress.
@Test
public void handleResponsePost_shouldReportPrincipalIpAddress() throws Exception {
AuthnRequest authnRequest = anAuthnRequest().withIssuer(anIssuer().withIssuerId(ISSUER_ID).build()).build();
when(stringSamlAuthnRequestTransformer.apply(SAML_REQUEST)).thenReturn(authnRequest);
when(stringSamlResponseTransformer.apply(SAML_REQUEST)).thenReturn(aResponse().build());
when(samlMessageSignatureValidator.validate(any(org.opensaml.saml.saml2.core.Response.class), any(QName.class))).thenReturn(SamlValidationResponse.aValidResponse());
when(sessionProxy.createSession(any(SamlAuthnRequestContainerDto.class))).thenReturn(SESSION_ID);
when(responseTransformer.apply(anyString())).thenReturn(aResponse().build());
samlMessageReceiverApi.handleResponsePost(SAML_REQUEST_DTO);
ArgumentCaptor<SamlAuthnResponseContainerDto> samlAuthnResponseContainerDtoArgumentCaptor = ArgumentCaptor.forClass(SamlAuthnResponseContainerDto.class);
verify(sessionProxy).receiveAuthnResponseFromIdp(samlAuthnResponseContainerDtoArgumentCaptor.capture(), any(SessionId.class));
assertThat(samlAuthnResponseContainerDtoArgumentCaptor.getValue().getPrincipalIPAddressAsSeenByHub()).isEqualTo(SAML_REQUEST_DTO.getPrincipalIpAsSeenByFrontend());
}
Also used :
ResponseBuilder.aValidIdpResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aValidIdpResponse)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
Response(javax.ws.rs.core.Response)
SamlAuthnRequestContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnRequestContainerDto)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)
QName(javax.xml.namespace.QName)
SamlAuthnResponseContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)
SessionId(uk.gov.ida.common.SessionId)
Test(org.junit.Test)
Example 44 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project pac4j by pac4j.
the class SAML2WebSSOMessageReceiver method receiveMessage.
@Override
public Credentials receiveMessage(final SAML2MessageContext context) {
final SAMLPeerEntityContext peerContext = context.getSAMLPeerEntityContext();
peerContext.setRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
context.getSAMLSelfProtocolContext().setProtocol(SAMLConstants.SAML20P_NS);
final Pac4jHTTPPostDecoder decoder = new Pac4jHTTPPostDecoder(context.getWebContext());
try {
decoder.setParserPool(Configuration.getParserPool());
decoder.initialize();
decoder.decode();
} catch (final Exception e) {
throw new SAMLException("Error decoding saml message", e);
}
final SAML2MessageContext decodedCtx = new SAML2MessageContext(decoder.getMessageContext());
decodedCtx.setMessage(decoder.getMessageContext().getMessage());
decodedCtx.setSAMLMessageStorage(context.getSAMLMessageStorage());
final SAMLBindingContext bindingContext = decodedCtx.getParent().getSubcontext(SAMLBindingContext.class);
decodedCtx.getSAMLBindingContext().setBindingDescriptor(bindingContext.getBindingDescriptor());
decodedCtx.getSAMLBindingContext().setBindingUri(bindingContext.getBindingUri());
decodedCtx.getSAMLBindingContext().setHasBindingSignature(bindingContext.hasBindingSignature());
decodedCtx.getSAMLBindingContext().setIntendedDestinationEndpointURIRequired(bindingContext.isIntendedDestinationEndpointURIRequired());
decodedCtx.getSAMLBindingContext().setRelayState(bindingContext.getRelayState());
final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
decodedCtx.getSAMLEndpointContext().setEndpoint(acsService);
final EntityDescriptor metadata = context.getSAMLPeerMetadataContext().getEntityDescriptor();
if (metadata == null) {
throw new SAMLException("IDP Metadata cannot be null");
}
decodedCtx.getSAMLPeerEntityContext().setEntityId(metadata.getEntityID());
decodedCtx.getSAMLSelfEntityContext().setEntityId(context.getSAMLSelfEntityContext().getEntityId());
decodedCtx.getSAMLSelfEndpointContext().setEndpoint(context.getSAMLSelfEndpointContext().getEndpoint());
decodedCtx.getSAMLSelfEntityContext().setRole(context.getSAMLSelfEntityContext().getRole());
decodedCtx.getProfileRequestContext().setProfileId(SAML2_WEBSSO_PROFILE_URI);
decodedCtx.getSAMLSelfMetadataContext().setRoleDescriptor(context.getSPSSODescriptor());
return this.validator.validate(decodedCtx);
}
Also used :
SAMLBindingContext(org.opensaml.saml.common.messaging.context.SAMLBindingContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Pac4jHTTPPostDecoder(org.pac4j.saml.transport.Pac4jHTTPPostDecoder)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 45 with org.opensaml.saml.saml2.metadata
use of org.opensaml.saml.saml2.metadata in project pac4j by pac4j.
the class SAML2IdentityProviderMetadataResolver method resolve.
@Override
public final MetadataResolver resolve() {
// Usage of locks will adversly impact performance.
if (idpMetadataProvider != null) {
return idpMetadataProvider;
}
try {
if (this.idpMetadataResource == null) {
throw new XMLParserException("idp metadata cannot be resolved from " + this.idpMetadataResource);
}
try (final InputStream in = this.idpMetadataResource.getInputStream()) {
final Document inCommonMDDoc = Configuration.getParserPool().parse(in);
final Element metadataRoot = inCommonMDDoc.getDocumentElement();
idpMetadataProvider = new DOMMetadataResolver(metadataRoot);
idpMetadataProvider.setParserPool(Configuration.getParserPool());
idpMetadataProvider.setFailFastInitialization(true);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setId(idpMetadataProvider.getClass().getCanonicalName());
idpMetadataProvider.initialize();
} catch (final FileNotFoundException e) {
throw new TechnicalException("Error loading idp Metadata");
}
// If no idpEntityId declared, select first EntityDescriptor entityId as our IDP entityId
if (this.idpEntityId == null) {
final Iterator<EntityDescriptor> it = idpMetadataProvider.iterator();
while (it.hasNext()) {
final EntityDescriptor entityDescriptor = it.next();
if (this.idpEntityId == null) {
this.idpEntityId = entityDescriptor.getEntityID();
}
}
}
if (this.idpEntityId == null) {
throw new SAMLException("No idp entityId found");
}
} catch (final ComponentInitializationException e) {
throw new SAMLException("Error initializing idpMetadataProvider", e);
} catch (final XMLParserException e) {
throw new TechnicalException("Error parsing idp Metadata", e);
} catch (final IOException e) {
throw new TechnicalException("Error getting idp Metadata resource", e);
}
return idpMetadataProvider;
}
Also used :
DOMMetadataResolver(org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
TechnicalException(org.pac4j.core.exception.TechnicalException)
ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException)
XMLParserException(net.shibboleth.utilities.java.support.xml.XMLParserException)
InputStream(java.io.InputStream)
Element(org.w3c.dom.Element)
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)24
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)12
lombok.val (lombok.val)11
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)11
InputStream (java.io.InputStream)10
ArrayList (java.util.ArrayList)10
IOException (java.io.IOException)9
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)9
Document (org.w3c.dom.Document)9
Element (org.w3c.dom.Element)9
List (java.util.List)8
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)8
Map (java.util.Map)7
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)7
XMLObject (org.opensaml.core.xml.XMLObject)7
X509Certificate (java.security.cert.X509Certificate)6
HashMap (java.util.HashMap)6
Slf4j (lombok.extern.slf4j.Slf4j)6
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)6
