Example 16 with Assertion
use of org.opensaml.saml2.core.Assertion in project cas by apereo.
the class WsFederationAction method doExecute.
/**
* Executes the webflow action.
*
* @param context the context
* @return the event
* @throws Exception all unhandled exceptions
*/
@Override
protected Event doExecute(final RequestContext context) throws Exception {
try {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpSession session = request.getSession();
final String wa = request.getParameter(WA);
// it's an authentication
if (StringUtils.isNotBlank(wa) && wa.equalsIgnoreCase(WSIGNIN)) {
final String wResult = request.getParameter(WRESULT);
LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
if (StringUtils.isBlank(wResult)) {
LOGGER.error("No [{}] parameter is found", WRESULT);
return error();
}
// create credentials
LOGGER.debug("Attempting to create an assertion from the token parameter");
final Assertion assertion = this.wsFederationHelper.parseTokenFromString(wResult, configuration);
if (assertion == null) {
LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
return error();
}
LOGGER.debug("Attempting to validate the signature on the assertion");
if (!this.wsFederationHelper.validateSignature(assertion, this.configuration)) {
LOGGER.error("WS Requested Security Token is blank or the signature is not valid.");
return error();
}
try {
final Service service = (Service) session.getAttribute(SERVICE);
LOGGER.debug("Creating credential based on the provided assertion");
final WsFederationCredential credential = this.wsFederationHelper.createCredentialFromToken(assertion);
final String rpId = getRelyingPartyIdentifier(service);
if (credential != null && credential.isValid(rpId, this.configuration.getIdentityProviderIdentifier(), this.configuration.getTolerance())) {
LOGGER.debug("Validated assertion for the created credential successfully");
if (this.configuration.getAttributeMutator() != null) {
LOGGER.debug("Modifying credential attributes based on [{}]", this.configuration.getAttributeMutator().getClass().getSimpleName());
this.configuration.getAttributeMutator().modifyAttributes(credential.getAttributes());
}
} else {
LOGGER.warn("SAML assertions are blank or no longer valid based on RP identifier [{}] and IdP identifier [{}]", rpId, this.configuration.getIdentityProviderIdentifier());
final String url = authorizationUrl + rpId;
context.getFlowScope().put(PROVIDERURL, url);
LOGGER.warn("Created authentication url [{}] and returning error", url);
return error();
}
context.getFlowScope().put(SERVICE, service);
restoreRequestAttribute(request, session, THEME);
restoreRequestAttribute(request, session, LOCALE);
restoreRequestAttribute(request, session, METHOD);
LOGGER.debug("Creating final authentication result based on the given credential");
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
LOGGER.debug("Attempting to create a ticket-granting ticket for the authentication result");
WebUtils.putTicketGrantingTicketInScopes(context, this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult));
LOGGER.info("Token validated and new [{}] created: [{}]", credential.getClass().getName(), credential);
return success();
} catch (final AbstractTicketException e) {
LOGGER.error(e.getMessage(), e);
return error();
}
} else {
// no authentication : go to login page. save parameters in web session
final Service service = (Service) context.getFlowScope().get(SERVICE);
if (service != null) {
session.setAttribute(SERVICE, service);
}
saveRequestParameter(request, session, THEME);
saveRequestParameter(request, session, LOCALE);
saveRequestParameter(request, session, METHOD);
final String url = authorizationUrl + getRelyingPartyIdentifier(service);
LOGGER.info("Preparing to redirect to the IdP [{}]", url);
context.getFlowScope().put(PROVIDERURL, url);
}
LOGGER.debug("Returning error event");
return error();
} catch (final Exception ex) {
LOGGER.error(ex.getMessage(), ex);
return error();
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
Assertion(org.opensaml.saml.saml1.core.Assertion)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Example 17 with Assertion
use of org.opensaml.saml2.core.Assertion in project cas by apereo.
the class WsFederationHelperTests method verifyValidateSignatureGoodToken.
@Test
public void verifyValidateSignatureGoodToken() throws Exception {
final String wresult = testTokens.get(GOOD_TOKEN);
final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
assertTrue("testValidateSignatureGoodToken() - True", result);
}Example 18 with Assertion
use of org.opensaml.saml2.core.Assertion in project cas by apereo.
the class WsFederationHelperTests method verifyValidateSignatureModifiedSignature.
@Test
public void verifyValidateSignatureModifiedSignature() throws Exception {
final String wresult = testTokens.get("badTokenModifiedSignature");
final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
assertFalse("testValidateSignatureModifiedSignature() - False", result);
}Example 19 with Assertion
use of org.opensaml.saml2.core.Assertion in project cas by apereo.
the class WsFederationHelperTests method verifyParseTokenString.
@Test
public void verifyParseTokenString() throws Exception {
final String wresult = testTokens.get(GOOD_TOKEN);
final Assertion result = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
assertNotNull("testParseTokenString() - Not null", result);
}Example 20 with Assertion
use of org.opensaml.saml2.core.Assertion in project cas by apereo.
the class SamlProfileSamlAssertionBuilder method build.
@Override
public Assertion build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response, final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final List<Statement> statements = new ArrayList<>();
statements.add(this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
statements.add(this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor));
signAssertion(assertion, request, response, service, adaptor);
return assertion;
}
Also used :
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Statement(org.opensaml.saml.saml2.core.Statement)
ArrayList(java.util.ArrayList)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SecureRandom(java.security.SecureRandom)
Aggregations
Assertion (org.opensaml.saml.saml1.core.Assertion)11
Assertion (org.opensaml.saml.saml2.core.Assertion)10
Test (org.junit.Test)7
Assertion (org.opensaml.saml2.core.Assertion)6
WsFederationCredential (org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential)4
Element (org.w3c.dom.Element)4
SecureRandom (java.security.SecureRandom)3
ZonedDateTime (java.time.ZonedDateTime)3
ArrayList (java.util.ArrayList)3
RegisteredService (org.apereo.cas.services.RegisteredService)3
DateTime (org.joda.time.DateTime)3
SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)3
Unmarshaller (org.opensaml.core.xml.io.Unmarshaller)3
Response (org.opensaml.saml.saml2.core.Response)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
InputStream (java.io.InputStream)2
HashMap (java.util.HashMap)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Service (org.apereo.cas.authentication.principal.Service)2
