Example 56 with AuthnRequest
use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestResolver method resolve.
<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request, BiConsumer<RelyingPartyRegistration, AuthnRequest> authnRequestConsumer) {
RequestMatcher.MatchResult result = this.requestMatcher.matcher(request);
if (!result.isMatch()) {
return null;
}
String registrationId = result.getVariables().get("registrationId");
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
if (registration == null) {
return null;
}
AuthnRequest authnRequest = this.authnRequestBuilder.buildObject();
authnRequest.setForceAuthn(Boolean.FALSE);
authnRequest.setIsPassive(Boolean.FALSE);
authnRequest.setProtocolBinding(registration.getAssertionConsumerServiceBinding().getUrn());
Issuer iss = this.issuerBuilder.buildObject();
iss.setValue(registration.getEntityId());
authnRequest.setIssuer(iss);
authnRequest.setDestination(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
authnRequest.setAssertionConsumerServiceURL(registration.getAssertionConsumerServiceLocation());
authnRequestConsumer.accept(registration, authnRequest);
if (authnRequest.getID() == null) {
authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
}
String relayState = UUID.randomUUID().toString();
Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleSignOnServiceBinding();
if (binding == Saml2MessageBinding.POST) {
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
OpenSamlSigningUtils.sign(authnRequest, registration);
}
String xml = serialize(authnRequest);
String encoded = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
return (T) Saml2PostAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(encoded).relayState(relayState).build();
} else {
String xml = serialize(authnRequest);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
Saml2RedirectAuthenticationRequest.Builder builder = Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(deflatedAndEncoded).relayState(relayState);
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
Map<String, String> parameters = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState).parameters();
builder.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE));
}
return (T) builder.build();
}
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
Example 57 with AuthnRequest
use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestFactoryTests method authnRequest.
private AuthnRequest authnRequest() {
AuthnRequest authnRequest = TestOpenSamlObjects.authnRequest();
authnRequest.setIssueInstant(DateTime.now());
return authnRequest;
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 58 with AuthnRequest
use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestFactoryTests method createAuthenticationRequestWhenSetUriThenReturnsCorrectBinding.
@Test
public void createAuthenticationRequestWhenSetUriThenReturnsCorrectBinding() {
this.factory.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
AuthnRequest authn = getAuthNRequest(Saml2MessageBinding.POST);
Assertions.assertEquals(SAMLConstants.SAML2_REDIRECT_BINDING_URI, authn.getProtocolBinding());
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Test(org.junit.jupiter.api.Test)
Example 59 with AuthnRequest
use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestFactoryTests method createAuthenticationRequestWhenDefaultThenReturnsPostBinding.
@Test
public void createAuthenticationRequestWhenDefaultThenReturnsPostBinding() {
AuthnRequest authn = getAuthNRequest(Saml2MessageBinding.POST);
Assertions.assertEquals(SAMLConstants.SAML2_POST_BINDING_URI, authn.getProtocolBinding());
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Test(org.junit.jupiter.api.Test)
Example 60 with AuthnRequest
use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.
the class OpenSaml4AuthenticationRequestFactory method createRedirectAuthenticationRequest.
/**
* {@inheritDoc}
*/
@Override
public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context) {
AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
RelyingPartyRegistration registration = context.getRelyingPartyRegistration();
String xml = OpenSamlSigningUtils.serialize(authnRequest);
Saml2RedirectAuthenticationRequest.Builder result = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
result.samlRequest(deflatedAndEncoded).relayState(context.getRelayState());
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded);
if (StringUtils.hasText(context.getRelayState())) {
partial.param(Saml2ParameterNames.RELAY_STATE, context.getRelayState());
}
Map<String, String> parameters = partial.parameters();
return result.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE)).build();
}
return result.build();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils.QueryParametersPartial)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)63
Test (org.junit.Test)11
Issuer (org.opensaml.saml.saml2.core.Issuer)10
Document (org.w3c.dom.Document)9
AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)9
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)8
DateTime (org.joda.time.DateTime)7
IOException (java.io.IOException)6
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)6
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)6
XMLObject (org.opensaml.core.xml.XMLObject)6
MessageContext (org.opensaml.messaging.context.MessageContext)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
Response (javax.ws.rs.core.Response)5
Assertion (org.jasig.cas.client.validation.Assertion)5
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)5
Element (org.w3c.dom.Element)5
QName (javax.xml.namespace.QName)4
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)4
