Examples with AuthnRequest org.opensaml.saml2.core.AuthnRequest used on opensource projects

Example 46 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cxf by apache.

the class SamlpRequestComponentBuilder method createAuthnRequest.

@SuppressWarnings("unchecked")
public static // CHECKSTYLE:OFF
AuthnRequest createAuthnRequest(String serviceURL, boolean forceAuthn, boolean isPassive, String protocolBinding, SAMLVersion version, Issuer issuer, NameIDPolicy nameIDPolicy, RequestedAuthnContext requestedAuthnCtx) {
    // CHECKSTYLE:ON
    if (authnRequestBuilder == null) {
        authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>) builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    }
    AuthnRequest authnRequest = authnRequestBuilder.buildObject();
    authnRequest.setAssertionConsumerServiceURL(serviceURL);
    authnRequest.setForceAuthn(forceAuthn);
    authnRequest.setID("_" + UUID.randomUUID());
    authnRequest.setIsPassive(isPassive);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setProtocolBinding(protocolBinding);
    authnRequest.setVersion(version);
    authnRequest.setIssuer(issuer);
    authnRequest.setNameIDPolicy(nameIDPolicy);
    authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
    return authnRequest;
}

Example 47 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cxf by apache.

the class AuthnRequestBuilderTest method testCreateAuthnRequest.

@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
    Document doc = DOMUtils.createDocument();
    Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
    NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
    AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
    AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
    Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
    doc.appendChild(policyElement);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}

Example 48 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cxf by apache.

the class AuthnRequestBuilderTest method testAuthnRequestBuilder.

@org.junit.Test
public void testAuthnRequestBuilder() throws Exception {
    Document doc = DOMUtils.createDocument();
    AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder();
    Message message = new MessageImpl();
    AuthnRequest authnRequest = authnRequestBuilder.createAuthnRequest(message, "http://localhost:9001/app", "http://localhost:9001/sso");
    Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
    doc.appendChild(policyElement);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}

Example 49 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project oxCore by GluuFederation.

the class AuthRequest method getEnvelopedSignatureRequest.

/**
 * This will generate an Enveloped Digital Signature xml String that you can use
 * for a POST SAML AuthnRequest.
 *
 * @param assertionConsumerServiceUrl
 * @param relayState
 *            optional
 * @return
 * @throws WSSecurityException
 * @throws SecurityException
 * @throws MarshallingException
 * @throws org.opensaml.xml.signature.SignatureException
 * @throws IOException
 * @throws TransformerException
 * @throws XMLStreamException
 * @throws ParserConfigurationException
 */
public String getEnvelopedSignatureRequest(String assertionConsumerServiceUrl, String relayState) throws WSSecurityException, SecurityException, MarshallingException, org.opensaml.xml.signature.SignatureException, IOException, TransformerException, XMLStreamException, ParserConfigurationException {
    String samlRequest = getRequest(false, assertionConsumerServiceUrl);
    AuthnRequest authReq = (AuthnRequest) string2XMLObject(samlRequest);
    Credential credential = this.samlSettings.getCredential();
    org.opensaml.xml.signature.Signature signature = (org.opensaml.xml.signature.Signature) Configuration.getBuilderFactory().getBuilder(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME).buildObject(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(credential);
    signature.setSignatureAlgorithm(this.samlSettings.getSigAlgUrl());
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    SecurityConfiguration secConfig = Configuration.getGlobalSecurityConfiguration();
    SecurityHelper.prepareSignatureParams(signature, credential, secConfig, null);
    authReq.setSignature(signature);
    Configuration.getMarshallerFactory().getMarshaller(authReq).marshall(authReq);
    Signer.signObject(signature);
    String signedRequest = convertDocumentToString(authReq.getDOM().getOwnerDocument());
    LOG.info("\n\n**************************\nSigned Post AuthnRequest:\n" + signedRequest + "\n**************************\n\n");
    return signedRequest;
}

Example 50 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project pac4j by pac4j.

the class SAML2AuthnRequestBuilder method buildAuthnRequest.

@SuppressWarnings("unchecked")
protected final AuthnRequest buildAuthnRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleSignOnService ssoService) {
    final SAMLObjectBuilder<AuthnRequest> builder = (SAMLObjectBuilder<AuthnRequest>) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    final AuthnRequest request = builder.buildObject();
    if (comparisonType != null) {
        final RequestedAuthnContext authnContext = new RequestedAuthnContextBuilder().buildObject();
        authnContext.setComparison(comparisonType);
        if (authnContextClassRef != null) {
            final AuthnContextClassRef classRef = new AuthnContextClassRefBuilder().buildObject();
            classRef.setAuthnContextClassRef(authnContextClassRef);
            authnContext.getAuthnContextClassRefs().add(classRef);
        }
        request.setRequestedAuthnContext(authnContext);
    }
    final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
    request.setID(generateID());
    request.setIssuer(getIssuer(selfContext.getEntityId()));
    request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
    request.setVersion(SAMLVersion.VERSION_20);
    request.setIsPassive(this.passive);
    request.setForceAuthn(this.forceAuth);
    request.setProviderName("pac4j-saml");
    if (nameIdPolicyFormat != null) {
        final NameIDPolicy nameIdPolicy = new NameIDPolicyBuilder().buildObject();
        nameIdPolicy.setAllowCreate(true);
        nameIdPolicy.setFormat(nameIdPolicyFormat);
        request.setNameIDPolicy(nameIdPolicy);
    }
    request.setDestination(ssoService.getLocation());
    if (assertionConsumerServiceIndex >= 0) {
        request.setAssertionConsumerServiceIndex(assertionConsumerServiceIndex);
    } else {
        request.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
    }
    request.setProtocolBinding(assertionConsumerService.getBinding());
    if (attributeConsumingServiceIndex >= 0) {
        request.setAttributeConsumingServiceIndex(attributeConsumingServiceIndex);
    }
    return request;
}