Examples with AuthnRequest org.opensaml.saml2.core.AuthnRequest used on opensource projects

Example 1 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class ECPProfileHandlerController method handleEcpRequest.

/**
     * Handle ecp request.
     *
     * @param response    the response
     * @param request     the request
     * @param soapContext the soap context
     * @param credential  the credential
     */
protected void handleEcpRequest(final HttpServletResponse response, final HttpServletRequest request, final MessageContext soapContext, final Credential credential) {
    final Envelope envelope = soapContext.getSubcontext(SOAP11Context.class).getEnvelope();
    SamlUtils.logSamlObject(configBean, envelope);
    final AuthnRequest authnRequest = (AuthnRequest) soapContext.getMessage();
    final Pair<AuthnRequest, MessageContext> authenticationContext = Pair.of(authnRequest, soapContext);
    try {
        final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> serviceRequest = verifySamlAuthenticationRequest(authenticationContext, request);
        final Authentication authentication = authenticateEcpRequest(credential, authenticationContext);
        buildSamlResponse(response, request, authenticationContext, buildEcpCasAssertion(authentication, serviceRequest.getKey()));
    } catch (final AuthenticationException e) {
        LOGGER.error(e.getMessage(), e);
        final String error = e.getHandlerErrors().values().stream().map(Class::getSimpleName).collect(Collectors.joining(","));
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, error));
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, e.getMessage()));
    }
}

Example 2 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class SSOPostProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.

private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
    final AuthnRequest authnRequest = pair.getKey();
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(this.serverPrefix);
    validator.setRenew(authnRequest.isForceAuthn());
    final String serviceUrl = constructServiceUrl(request, response, pair);
    LOGGER.debug("Created service url for validation: [{}]", serviceUrl);
    final Assertion assertion = validator.validate(ticket, serviceUrl);
    logCasValidationAssertion(assertion);
    return assertion;
}

Example 3 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project ddf by codice.

the class IdpEndpoint method doSoapLogin.

@POST
@Path("/login")
@Consumes({ "text/xml", "application/soap+xml" })
public Response doSoapLogin(InputStream body, @Context HttpServletRequest request) {
    if (!request.isSecure()) {
        throw new IllegalArgumentException("Authn Request must use TLS.");
    }
    SoapBinding soapBinding = new SoapBinding(systemCrypto, serviceProviders);
    try {
        String bodyStr = IOUtils.toString(body);
        AuthnRequest authnRequest = soapBinding.decoder().decodeRequest(bodyStr);
        String relayState = ((SoapRequestDecoder) soapBinding.decoder()).decodeRelayState(bodyStr);
        soapBinding.validator().validateRelayState(relayState);
        soapBinding.validator().validateAuthnRequest(authnRequest, bodyStr, null, null, null, strictSignature);
        boolean hasCookie = hasValidCookie(request, authnRequest.isForceAuthn());
        AuthObj authObj = determineAuthMethod(bodyStr, authnRequest);
        org.opensaml.saml.saml2.core.Response response = handleLogin(authnRequest, authObj.method, request, authObj, authnRequest.isPassive(), hasCookie);
        Response samlpResponse = soapBinding.creator().getSamlpResponse(relayState, authnRequest, response, null, soapMessage);
        samlpResponse.getHeaders().put("SOAPAction", Collections.singletonList("http://www.oasis-open.org/committees/security"));
        return samlpResponse;
    } catch (IOException e) {
        LOGGER.debug("Unable to decode SOAP AuthN Request", e);
    } catch (SimpleSign.SignatureException e) {
        LOGGER.debug("Unable to validate signature.", e);
    } catch (ValidationException e) {
        LOGGER.debug("Unable to validate request.", e);
    } catch (SecurityServiceException e) {
        LOGGER.debug("Unable to authenticate user.", e);
    } catch (WSSecurityException | IllegalArgumentException e) {
        LOGGER.debug("Bad request.", e);
    }
    return null;
}

Example 4 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project ddf by codice.

the class PostRequestDecoder method decodeRequest.

@Override
public AuthnRequest decodeRequest(String samlRequest) {
    LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
    if (StringUtils.isEmpty(samlRequest)) {
        throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
    }
    String decodedRequest = new String(Base64.getMimeDecoder().decode(samlRequest), StandardCharsets.UTF_8);
    ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
    Document authnDoc;
    try {
        authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
    } catch (Exception ex) {
        throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
    }
    XMLObject authnXmlObj;
    try {
        authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
    }
    if (!(authnXmlObj instanceof AuthnRequest)) {
        throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
    }
    LOGGER.debug("Created AuthnRequest object successfully.");
    return (AuthnRequest) authnXmlObj;
}

Example 5 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project ddf by codice.

the class RedirectRequestDecoder method decodeRequest.

@Override
public AuthnRequest decodeRequest(String samlRequest) {
    LOGGER.debug("Creating AuthnRequest object from SAMLRequest string.");
    if (StringUtils.isEmpty(samlRequest)) {
        throw new IllegalArgumentException("Missing SAMLRequest on IdP request.");
    }
    String decodedRequest;
    try {
        decodedRequest = RestSecurity.inflateBase64(samlRequest);
    } catch (IOException e) {
        throw new IllegalArgumentException("Unable to decode SAMLRequest: base64/inflate.");
    }
    ByteArrayInputStream tokenStream = new ByteArrayInputStream(decodedRequest.getBytes(StandardCharsets.UTF_8));
    Document authnDoc;
    try {
        authnDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
    } catch (Exception ex) {
        throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
    }
    XMLObject authnXmlObj;
    try {
        authnXmlObj = OpenSAMLUtil.fromDom(authnDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw new IllegalArgumentException("Unable to convert AuthnRequest document to XMLObject.");
    }
    if (!(authnXmlObj instanceof AuthnRequest)) {
        throw new IllegalArgumentException("SAMLRequest object is not AuthnRequest.");
    }
    LOGGER.debug("Created AuthnRequest object successfully.");
    return (AuthnRequest) authnXmlObj;
}