use of org.opensaml.saml2.core.AuthnRequest in project ddf by codice.
the class PaosInInterceptor method checkAuthnRequest.
private void checkAuthnRequest(SOAPPart soapRequest) throws IOException {
XMLObject authnXmlObj = null;
try {
Node node = soapRequest.getEnvelope().getBody().getFirstChild();
authnXmlObj = SamlProtocol.getXmlObjectFromNode(node);
} catch (WSSecurityException | SOAPException | XMLStreamException ex) {
throw new IOException("Unable to convert AuthnRequest document to XMLObject.");
}
if (authnXmlObj == null) {
throw new IOException("AuthnRequest object is not Found.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IOException("SAMLRequest object is not AuthnRequest.");
}
}
use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.
the class ECPSamlIdPProfileHandlerControllerTests method getAuthnRequest.
private AuthnRequest getAuthnRequest(final String entityId) {
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
var authnRequest = (AuthnRequest) builder.buildObject();
authnRequest.setProtocolBinding(SAMLConstants.SAML2_PAOS_BINDING_URI);
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
val issuer = (Issuer) builder.buildObject();
issuer.setValue(entityId);
authnRequest.setIssuer(issuer);
return authnRequest;
}
use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method build.
@Override
public String build(final SamlProfileBuilderContext context) {
if (StringUtils.isNotBlank(context.getRegisteredService().getRequiredAuthenticationContextClass())) {
LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", context.getRegisteredService().getRequiredAuthenticationContextClass(), context.getRegisteredService().getName());
return context.getRegisteredService().getRequiredAuthenticationContextClass();
}
val defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
val requestedAuthnContext = context.getSamlRequest() instanceof AuthnRequest ? AuthnRequest.class.cast(context.getSamlRequest()).getRequestedAuthnContext() : null;
if (requestedAuthnContext == null) {
LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
return defClass;
}
val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
return defClass;
}
val contextInAssertion = getAuthenticationContextByAssertion(context, requestedAuthnContext, authnContextClassRefs);
val finalCtx = StringUtils.defaultIfBlank(contextInAssertion, defClass);
LOGGER.debug("Returning authN context [{}]", finalCtx);
return finalCtx;
}
use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.
the class ECPSamlIdPProfileHandlerController method handleEcpRequest.
/**
* Handle ecp request.
*
* @param context the context
* @param credential the credential
* @throws Exception the exception
*/
protected void handleEcpRequest(final SamlProfileBuilderContext context, final Credential credential) throws Exception {
LOGGER.debug("Handling ECP request for SOAP context [{}]", context.getMessageContext());
val envelope = context.getMessageContext().getSubcontext(SOAP11Context.class).getEnvelope();
SamlUtils.logSamlObject(getConfigurationContext().getOpenSamlConfigBean(), envelope);
val authnRequest = (AuthnRequest) context.getMessageContext().getMessage();
val authenticationContext = Pair.of(authnRequest, context.getMessageContext());
try {
LOGGER.trace("Verifying ECP authentication request [{}]", authnRequest);
val serviceRequest = verifySamlAuthenticationRequest(authenticationContext, context.getHttpRequest());
LOGGER.trace("Attempting to authenticate ECP request for credential id [{}]", credential.getId());
val authentication = authenticateEcpRequest(credential, authenticationContext);
LOGGER.debug("Authenticated [{}] successfully with authenticated principal [{}]", credential.getId(), authentication.getPrincipal());
LOGGER.trace("Building ECP SAML response for [{}]", credential.getId());
val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
val service = getConfigurationContext().getWebApplicationServiceFactory().createService(issuer);
val casAssertion = buildCasAssertion(authentication, service, serviceRequest.getKey(), new LinkedHashMap<>(0));
LOGGER.trace("CAS assertion to use for building ECP SAML2 response is [{}]", casAssertion);
buildSamlResponse(context.getHttpResponse(), context.getHttpRequest(), authenticationContext, casAssertion, context.getBinding());
} catch (final AuthenticationException e) {
LoggingUtils.error(LOGGER, e);
val error = e.getHandlerErrors().values().stream().map(Throwable::getMessage).filter(Objects::nonNull).collect(Collectors.joining(","));
buildEcpFaultResponse(context, error);
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
buildEcpFaultResponse(context, e.getMessage());
}
}
use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
val mappings = getAuthenticationContextMappings();
return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
val clazz = ref.getURI();
return mappings.containsKey(clazz);
}).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
});
}
Aggregations