Search in sources :

Example 16 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestFactoryTests method getAuthNRequest.

private AuthnRequest getAuthNRequest(Saml2MessageBinding binding) {
    AbstractSaml2AuthenticationRequest result = (binding == Saml2MessageBinding.REDIRECT) ? this.factory.createRedirectAuthenticationRequest(this.context) : this.factory.createPostAuthenticationRequest(this.context);
    String samlRequest = result.getSamlRequest();
    assertThat(samlRequest).isNotEmpty();
    if (result.getBinding() == Saml2MessageBinding.REDIRECT) {
        samlRequest = Saml2Utils.samlInflate(Saml2Utils.samlDecode(samlRequest));
    } else {
        samlRequest = new String(Saml2Utils.samlDecode(samlRequest), StandardCharsets.UTF_8);
    }
    try {
        Document document = XMLObjectProviderRegistrySupport.getParserPool().parse(new ByteArrayInputStream(samlRequest.getBytes(StandardCharsets.UTF_8)));
        Element element = document.getDocumentElement();
        return (AuthnRequest) this.unmarshaller.unmarshall(element);
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)

Example 17 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactory method createAuthnRequest.

private AuthnRequest createAuthnRequest(Saml2AuthenticationRequestContext context) {
    String issuer = context.getIssuer();
    String destination = context.getDestination();
    String assertionConsumerServiceUrl = context.getAssertionConsumerServiceUrl();
    String protocolBinding = context.getRelyingPartyRegistration().getAssertionConsumerServiceBinding().getUrn();
    AuthnRequest auth = this.authnRequestBuilder.buildObject();
    if (auth.getID() == null) {
        auth.setID("ARQ" + UUID.randomUUID().toString().substring(1));
    }
    if (auth.getIssueInstant() == null) {
        auth.setIssueInstant(Instant.now(this.clock));
    }
    if (auth.isForceAuthn() == null) {
        auth.setForceAuthn(Boolean.FALSE);
    }
    if (auth.isPassive() == null) {
        auth.setIsPassive(Boolean.FALSE);
    }
    if (auth.getProtocolBinding() == null) {
        auth.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
    }
    auth.setProtocolBinding(protocolBinding);
    if (auth.getNameIDPolicy() == null) {
        setNameIdPolicy(auth, context.getRelyingPartyRegistration());
    }
    Issuer iss = this.issuerBuilder.buildObject();
    iss.setValue(issuer);
    auth.setIssuer(iss);
    auth.setDestination(destination);
    auth.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
    return auth;
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml.saml2.core.Issuer)

Example 18 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactory method createAuthenticationRequest.

/**
 * {@inheritDoc}
 */
@Override
@Deprecated
public String createAuthenticationRequest(Saml2AuthenticationRequest request) {
    RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("noId").assertionConsumerServiceBinding(Saml2MessageBinding.POST).assertionConsumerServiceLocation(request.getAssertionConsumerServiceUrl()).entityId(request.getIssuer()).remoteIdpEntityId("noIssuer").idpWebSsoUrl("noUrl").credentials((credentials) -> credentials.addAll(request.getCredentials())).build();
    Saml2AuthenticationRequestContext context = Saml2AuthenticationRequestContext.builder().relyingPartyRegistration(registration).issuer(request.getIssuer()).assertionConsumerServiceUrl(request.getAssertionConsumerServiceUrl()).build();
    AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
    return OpenSamlSigningUtils.serialize(OpenSamlSigningUtils.sign(authnRequest, registration));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Converter(org.springframework.core.convert.converter.Converter) OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ConfigurationService(org.opensaml.core.config.ConfigurationService) NameIDPolicyBuilder(org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder) UUID(java.util.UUID) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) AuthnRequestBuilder(org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Issuer(org.opensaml.saml.saml2.core.Issuer) Map(java.util.Map) Clock(java.time.Clock) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils.QueryParametersPartial) Assert(org.springframework.util.Assert) StringUtils(org.springframework.util.StringUtils) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Example 19 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactory method createPostAuthenticationRequest.

/**
 * {@inheritDoc}
 */
@Override
public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
    AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
    RelyingPartyRegistration registration = context.getRelyingPartyRegistration();
    if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
        OpenSamlSigningUtils.sign(authnRequest, registration);
    }
    String xml = OpenSamlSigningUtils.serialize(authnRequest);
    return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8))).build();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Example 20 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cloudstack by apache.

the class SAMLUtils method buildAuthnRequestObject.

public static AuthnRequest buildAuthnRequestObject(final String authnId, final String spId, final String idpUrl, final String consumerUrl) {
    // Issuer object
    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(spId);
    // AuthnContextClass
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(SAMLConstants.SAML20_NS, "AuthnContextClassRef", "saml");
    authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
    // AuthnContext
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
    // Creation of AuthRequestObject
    AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    AuthnRequest authnRequest = authRequestBuilder.buildObject();
    authnRequest.setID(authnId);
    authnRequest.setDestination(idpUrl);
    authnRequest.setVersion(SAMLVersion.VERSION_20);
    authnRequest.setForceAuthn(false);
    authnRequest.setIsPassive(false);
    authnRequest.setIssueInstant(new DateTime());
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
    authnRequest.setAssertionConsumerServiceURL(consumerUrl);
    authnRequest.setProviderName(spId);
    authnRequest.setIssuer(issuer);
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);
    return authnRequest;
}
Also used : RequestedAuthnContextBuilder(org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder) RequestedAuthnContext(org.opensaml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml2.core.Issuer) AuthnContextClassRef(org.opensaml.saml2.core.AuthnContextClassRef) IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder) AuthnRequestBuilder(org.opensaml.saml2.core.impl.AuthnRequestBuilder) AuthnContextClassRefBuilder(org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder) DateTime(org.joda.time.DateTime)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)113 Test (org.junit.jupiter.api.Test)35 lombok.val (lombok.val)26 Issuer (org.opensaml.saml.saml2.core.Issuer)21 AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)15 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)12 IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)12 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)11 DateTime (org.joda.time.DateTime)10 MessageContext (org.opensaml.messaging.context.MessageContext)9 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)9 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)9 Document (org.w3c.dom.Document)9 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)8 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)8 XMLObject (org.opensaml.core.xml.XMLObject)7 IOException (java.io.IOException)6 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 AuthnRequestBuilder (org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder)6 IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)6