Examples with AuthnRequest org.opensaml.saml2.core.AuthnRequest used on opensource projects

Example 31 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlIdPDelegatedClientAuthenticationRequestCustomizer method customize.

@Override
public void customize(final IndirectClient client, final WebContext webContext) {
    val authnRequestResult = SamlIdPUtils.retrieveSamlRequest(webContext, sessionStore, openSamlConfigBean, AuthnRequest.class).map(Pair::getLeft).map(AuthnRequest.class::cast);
    authnRequestResult.ifPresent(authnRequest -> {
        LOGGER.debug("Retrieved the SAML2 authentication request from [{}]", SamlIdPUtils.getIssuerFromSamlObject(authnRequest));
        if (authnRequest.isForceAuthn()) {
            webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
        }
        if (authnRequest.isPassive()) {
            webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
        }
        val requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext != null && requestedAuthnContext.getAuthnContextClassRefs() != null && !requestedAuthnContext.getAuthnContextClassRefs().isEmpty()) {
            val refs = requestedAuthnContext.getAuthnContextClassRefs().stream().map(XSURI::getURI).collect(Collectors.toList());
            webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_AUTHN_CONTEXT_CLASS_REFS, refs);
            webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_COMPARISON_TYPE, requestedAuthnContext.getComparison().name());
        }
    });
}

Example 32 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class BaseSamlRegisteredServiceAttributeReleasePolicy method getSamlAuthnRequest.

/**
 * Gets saml authn request.
 *
 * @param applicationContext the application context
 * @return the saml authn request
 */
protected static Optional<AuthnRequest> getSamlAuthnRequest(final ApplicationContext applicationContext) {
    val openSamlConfigBean = applicationContext.getBean(OpenSamlConfigBean.DEFAULT_BEAN_NAME, OpenSamlConfigBean.class);
    val sessionStore = applicationContext.getBean(DistributedJEESessionStore.DEFAULT_BEAN_NAME, SessionStore.class);
    val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
    val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
    val context = new JEEContext(request, response);
    val result = SamlIdPUtils.retrieveSamlRequest(context, sessionStore, openSamlConfigBean, AuthnRequest.class);
    val authnRequest = (AuthnRequest) result.orElseThrow(() -> new IllegalArgumentException("SAML request could not be determined from session store")).getLeft();
    return Optional.of(authnRequest);
}

Example 33 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class BaseSamlRegisteredServiceAttributeReleasePolicy method getEntityIdFromRequest.

/**
 * Gets entity id from request.
 *
 * @param selectedService the selected service
 * @return the entity id from request
 */
protected static String getEntityIdFromRequest(final Service selectedService) {
    val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
    if (request == null || selectedService == null) {
        LOGGER.debug("No http request could be identified to locate the entity id");
        return null;
    }
    LOGGER.debug("Attempting to determine entity id for service [{}]", selectedService);
    val entityIdAttribute = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_ENTITY_ID);
    if (entityIdAttribute != null && !entityIdAttribute.isEmpty()) {
        LOGGER.debug("Found entity id [{}] as a service attribute", entityIdAttribute);
        return CollectionUtils.firstElement(entityIdAttribute).map(Object::toString).orElseThrow();
    }
    val providerIdAttribute = selectedService.getAttributes().get(SamlIdPConstants.PROVIDER_ID);
    if (providerIdAttribute != null && !providerIdAttribute.isEmpty()) {
        LOGGER.debug("Found provider entity id [{}] as a service attribute", providerIdAttribute);
        return CollectionUtils.firstElement(providerIdAttribute).map(Object::toString).orElseThrow();
    }
    val samlRequest = selectedService.getAttributes().get(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
    if (samlRequest != null && !samlRequest.isEmpty()) {
        val applicationContext = ApplicationContextProvider.getApplicationContext();
        val resolver = applicationContext.getBean(SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME, SamlRegisteredServiceCachingMetadataResolver.class);
        val attributeValue = CollectionUtils.firstElement(samlRequest).map(Object::toString).orElseThrow();
        val openSamlConfigBean = resolver.getOpenSamlConfigBean();
        val authnRequest = SamlIdPUtils.retrieveSamlRequest(openSamlConfigBean, RequestAbstractType.class, attributeValue);
        SamlUtils.logSamlObject(openSamlConfigBean, authnRequest);
        val issuer = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
        LOGGER.debug("Found entity id [{}] from SAML request issuer", issuer);
        return issuer;
    }
    val entityId = request.getParameter(SamlProtocolConstants.PARAMETER_ENTITY_ID);
    if (StringUtils.isNotBlank(entityId)) {
        LOGGER.debug("Found entity id [{}] as a request parameter", entityId);
        return entityId;
    }
    val svcParam = request.getParameter(CasProtocolConstants.PARAMETER_SERVICE);
    return FunctionUtils.doIf(StringUtils.isNotBlank(svcParam), () -> FunctionUtils.doAndHandle(o -> {
        val builder = new URIBuilder(svcParam);
        return builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).map(NameValuePair::getValue).findFirst().orElse(StringUtils.EMPTY);
    }, throwable -> {
        LoggingUtils.error(LOGGER, throwable);
        return null;
    }).apply(svcParam), () -> null).get();
}

Example 34 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlIdPUtils method retrieveSamlRequest.

/**
 * Retrieve authn request authn request.
 *
 * @param context            the context
 * @param sessionStore       the session store
 * @param openSamlConfigBean the open saml config bean
 * @param clazz              the clazz
 * @return the request
 */
public static Optional<Pair<? extends RequestAbstractType, MessageContext>> retrieveSamlRequest(final WebContext context, final SessionStore sessionStore, final OpenSamlConfigBean openSamlConfigBean, final Class<? extends RequestAbstractType> clazz) {
    LOGGER.trace("Retrieving authentication request from scope");
    val authnContext = sessionStore.get(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST).map(String.class::cast).map(value -> retrieveSamlRequest(openSamlConfigBean, clazz, value)).flatMap(authnRequest -> sessionStore.get(context, MessageContext.class.getName()).map(String.class::cast).map(result -> SamlIdPAuthenticationContext.decode(result).toMessageContext(authnRequest)));
    return authnContext.map(ctx -> Pair.of((AuthnRequest) ctx.getMessage(), ctx));
}

Example 35 with AuthnRequest

use of org.opensaml.saml2.core.AuthnRequest in project cas by apereo.

the class SamlIdPUtils method getAssertionConsumerServiceFromRequest.

private static AssertionConsumerService getAssertionConsumerServiceFromRequest(final RequestAbstractType request, final String binding, final SamlRegisteredServiceServiceProviderMetadataFacade adapter) {
    if (request instanceof AuthnRequest) {
        val authnRequest = AuthnRequest.class.cast(request);
        var acsUrl = authnRequest.getAssertionConsumerServiceURL();
        val acsIndex = authnRequest.getAssertionConsumerServiceIndex();
        if (StringUtils.isBlank(acsUrl) && acsIndex == null) {
            LOGGER.debug("No assertion consumer service url or index is supplied in the authentication request");
            return null;
        }
        if (StringUtils.isBlank(acsUrl) && acsIndex != null) {
            LOGGER.debug("Locating assertion consumer service url for binding [{}] and index [{}]", acsUrl, acsIndex);
            acsUrl = adapter.getAssertionConsumerServiceFor(binding, acsIndex).orElseGet(() -> {
                LOGGER.warn("Unable to locate acs url in for entity [{}] and binding [{}] with index [{}]", adapter.getEntityId(), binding, acsIndex);
                return null;
            });
        }
        if (StringUtils.isNotBlank(acsUrl)) {
            LOGGER.debug("Fetched assertion consumer service url [{}] with binding [{}] from authentication request", acsUrl, binding);
            val builder = new AssertionConsumerServiceBuilder();
            val endpoint = builder.buildObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
            endpoint.setBinding(binding);
            endpoint.setResponseLocation(acsUrl);
            endpoint.setLocation(acsUrl);
            endpoint.setIndex(acsIndex);
            return endpoint;
        }
    }
    return null;
}