Search in sources :

Example 21 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project ddf by codice.

the class PaosInInterceptor method checkAuthnRequest.

private void checkAuthnRequest(SOAPPart soapRequest) throws IOException {
    XMLObject authnXmlObj = null;
    try {
        Node node = soapRequest.getEnvelope().getBody().getFirstChild();
        authnXmlObj = SamlProtocol.getXmlObjectFromNode(node);
    } catch (WSSecurityException | SOAPException | XMLStreamException ex) {
        throw new IOException("Unable to convert AuthnRequest document to XMLObject.");
    }
    if (authnXmlObj == null) {
        throw new IOException("AuthnRequest object is not Found.");
    }
    if (!(authnXmlObj instanceof AuthnRequest)) {
        throw new IOException("SAMLRequest object is not AuthnRequest.");
    }
}
Also used : XMLStreamException(javax.xml.stream.XMLStreamException) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Node(org.w3c.dom.Node) SOAPException(javax.xml.soap.SOAPException) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException)

Example 22 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class ECPSamlIdPProfileHandlerControllerTests method getAuthnRequest.

private AuthnRequest getAuthnRequest(final String entityId) {
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    var authnRequest = (AuthnRequest) builder.buildObject();
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_PAOS_BINDING_URI);
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    val issuer = (Issuer) builder.buildObject();
    issuer.setValue(entityId);
    authnRequest.setIssuer(issuer);
    return authnRequest;
}
Also used : lombok.val(lombok.val) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) Issuer(org.opensaml.saml.saml2.core.Issuer)

Example 23 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class DefaultAuthnContextClassRefBuilder method build.

@Override
public String build(final SamlProfileBuilderContext context) {
    if (StringUtils.isNotBlank(context.getRegisteredService().getRequiredAuthenticationContextClass())) {
        LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", context.getRegisteredService().getRequiredAuthenticationContextClass(), context.getRegisteredService().getName());
        return context.getRegisteredService().getRequiredAuthenticationContextClass();
    }
    val defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
    val requestedAuthnContext = context.getSamlRequest() instanceof AuthnRequest ? AuthnRequest.class.cast(context.getSamlRequest()).getRequestedAuthnContext() : null;
    if (requestedAuthnContext == null) {
        LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
        return defClass;
    }
    val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
    if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
        LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
        return defClass;
    }
    val contextInAssertion = getAuthenticationContextByAssertion(context, requestedAuthnContext, authnContextClassRefs);
    val finalCtx = StringUtils.defaultIfBlank(contextInAssertion, defClass);
    LOGGER.debug("Returning authN context [{}]", finalCtx);
    return finalCtx;
}
Also used : lombok.val(lombok.val) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Example 24 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class ECPSamlIdPProfileHandlerController method handleEcpRequest.

/**
 * Handle ecp request.
 *
 * @param context    the context
 * @param credential the credential
 * @throws Exception the exception
 */
protected void handleEcpRequest(final SamlProfileBuilderContext context, final Credential credential) throws Exception {
    LOGGER.debug("Handling ECP request for SOAP context [{}]", context.getMessageContext());
    val envelope = context.getMessageContext().getSubcontext(SOAP11Context.class).getEnvelope();
    SamlUtils.logSamlObject(getConfigurationContext().getOpenSamlConfigBean(), envelope);
    val authnRequest = (AuthnRequest) context.getMessageContext().getMessage();
    val authenticationContext = Pair.of(authnRequest, context.getMessageContext());
    try {
        LOGGER.trace("Verifying ECP authentication request [{}]", authnRequest);
        val serviceRequest = verifySamlAuthenticationRequest(authenticationContext, context.getHttpRequest());
        LOGGER.trace("Attempting to authenticate ECP request for credential id [{}]", credential.getId());
        val authentication = authenticateEcpRequest(credential, authenticationContext);
        LOGGER.debug("Authenticated [{}] successfully with authenticated principal [{}]", credential.getId(), authentication.getPrincipal());
        LOGGER.trace("Building ECP SAML response for [{}]", credential.getId());
        val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
        val service = getConfigurationContext().getWebApplicationServiceFactory().createService(issuer);
        val casAssertion = buildCasAssertion(authentication, service, serviceRequest.getKey(), new LinkedHashMap<>(0));
        LOGGER.trace("CAS assertion to use for building ECP SAML2 response is [{}]", casAssertion);
        buildSamlResponse(context.getHttpResponse(), context.getHttpRequest(), authenticationContext, casAssertion, context.getBinding());
    } catch (final AuthenticationException e) {
        LoggingUtils.error(LOGGER, e);
        val error = e.getHandlerErrors().values().stream().map(Throwable::getMessage).filter(Objects::nonNull).collect(Collectors.joining(","));
        buildEcpFaultResponse(context, error);
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        buildEcpFaultResponse(context, e.getMessage());
    }
}
Also used : lombok.val(lombok.val) SOAP11Context(org.opensaml.soap.messaging.context.SOAP11Context) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Objects(java.util.Objects) AuthenticationException(org.apereo.cas.authentication.AuthenticationException)

Example 25 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlIdPMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
    val context = new JEEContext(request, response);
    val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
    val mappings = getAuthenticationContextMappings();
    return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
        val clazz = ref.getURI();
        return mappings.containsKey(clazz);
    }).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
        val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
        return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
    });
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider) MultifactorAuthenticationTrigger(org.apereo.cas.authentication.MultifactorAuthenticationTrigger) StringUtils(org.apache.commons.lang3.StringUtils) SessionStore(org.pac4j.core.context.session.SessionStore) ApplicationContext(org.springframework.context.ApplicationContext) RegisteredService(org.apereo.cas.services.RegisteredService) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) HttpRequestUtils(org.apereo.cas.util.HttpRequestUtils) Objects(java.util.Objects) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Service(org.apereo.cas.authentication.principal.Service) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) Optional(java.util.Optional) MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils) JEEContext(org.pac4j.core.context.JEEContext) JEEContext(org.pac4j.core.context.JEEContext) Objects(java.util.Objects)

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)113 Test (org.junit.jupiter.api.Test)35 lombok.val (lombok.val)26 Issuer (org.opensaml.saml.saml2.core.Issuer)21 AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)15 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)12 IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)12 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)11 DateTime (org.joda.time.DateTime)10 MessageContext (org.opensaml.messaging.context.MessageContext)9 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)9 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)9 Document (org.w3c.dom.Document)9 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)8 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)8 XMLObject (org.opensaml.core.xml.XMLObject)7 IOException (java.io.IOException)6 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 AuthnRequestBuilder (org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder)6 IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)6