Example 11 with RequestedAuthnContext
use of org.opensaml.saml2.core.RequestedAuthnContext in project cxf by apache.
the class DefaultAuthnRequestBuilder method createAuthnRequest.
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
public AuthnRequest createAuthnRequest(Message message, String issuerId, String assertionConsumerServiceAddress) throws Exception {
Issuer issuer = SamlpRequestComponentBuilder.createIssuer(issuerId);
NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
// CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(assertionConsumerServiceAddress, forceAuthn, isPassive, protocolBinding, SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
}
Also used :
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
Issuer(org.opensaml.saml.saml2.core.Issuer)
NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Example 12 with RequestedAuthnContext
use of org.opensaml.saml2.core.RequestedAuthnContext in project cxf by apache.
the class AuthnRequestBuilderTest method testCreateAuthnRequest.
@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
Document doc = DOMUtils.createDocument();
Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
doc.appendChild(policyElement);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Also used :
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Issuer(org.opensaml.saml.saml2.core.Issuer)
NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy)
Element(org.w3c.dom.Element)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Document(org.w3c.dom.Document)
Example 13 with RequestedAuthnContext
use of org.opensaml.saml2.core.RequestedAuthnContext in project pac4j by pac4j.
the class SAML2AuthnRequestBuilder method buildAuthnRequest.
@SuppressWarnings("unchecked")
protected final AuthnRequest buildAuthnRequest(final SAML2MessageContext context, final AssertionConsumerService assertionConsumerService, final SingleSignOnService ssoService) {
final SAMLObjectBuilder<AuthnRequest> builder = (SAMLObjectBuilder<AuthnRequest>) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
final AuthnRequest request = builder.buildObject();
if (comparisonType != null) {
final RequestedAuthnContext authnContext = new RequestedAuthnContextBuilder().buildObject();
authnContext.setComparison(comparisonType);
if (authnContextClassRef != null) {
final AuthnContextClassRef classRef = new AuthnContextClassRefBuilder().buildObject();
classRef.setAuthnContextClassRef(authnContextClassRef);
authnContext.getAuthnContextClassRefs().add(classRef);
}
request.setRequestedAuthnContext(authnContext);
}
final SAMLSelfEntityContext selfContext = context.getSAMLSelfEntityContext();
request.setID(generateID());
request.setIssuer(getIssuer(selfContext.getEntityId()));
request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
request.setVersion(SAMLVersion.VERSION_20);
request.setIsPassive(this.passive);
request.setForceAuthn(this.forceAuth);
request.setProviderName("pac4j-saml");
if (nameIdPolicyFormat != null) {
final NameIDPolicy nameIdPolicy = new NameIDPolicyBuilder().buildObject();
nameIdPolicy.setAllowCreate(true);
nameIdPolicy.setFormat(nameIdPolicyFormat);
request.setNameIDPolicy(nameIdPolicy);
}
request.setDestination(ssoService.getLocation());
if (assertionConsumerServiceIndex >= 0) {
request.setAssertionConsumerServiceIndex(assertionConsumerServiceIndex);
} else {
request.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
}
request.setProtocolBinding(assertionConsumerService.getBinding());
if (attributeConsumingServiceIndex >= 0) {
request.setAttributeConsumingServiceIndex(attributeConsumingServiceIndex);
}
return request;
}
Also used :
RequestedAuthnContextBuilder(org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
SAMLSelfEntityContext(org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext)
NameIDPolicyBuilder(org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)
Example 14 with RequestedAuthnContext
use of org.opensaml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method getAuthenticationContextByAssertion.
/**
* Gets authentication context by assertion.
* This is more of a template method for the time being,
* and may be enhanced later to support more advanced parsing of classes
* from the assertion.
*
* @param context the context
* @param requestedAuthnContext the requested authn context
* @param authnContextClassRefs the authn context class refs
* @return the authentication context by assertion
*/
protected String getAuthenticationContextByAssertion(final SamlProfileBuilderContext context, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) {
LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getURI()));
val authnContexts = casProperties.getAuthn().getSamlIdp().getCore().getAuthenticationContextClassMappings();
val definedContexts = CollectionUtils.convertDirectedListToMap(authnContexts);
val mappedMethod = authnContextClassRefs.stream().filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> definedContexts.containsKey(ref.getURI())).map(ref -> Pair.of(ref, definedContexts.get(ref.getURI()))).findFirst().orElse(null);
val attributes = context.getAuthenticatedAssertion().getAttributes();
val contextAttribute = casProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute();
if (attributes.containsKey(contextAttribute) && mappedMethod != null) {
val authnContext = attributes.get(contextAttribute);
val satisfiedContext = CollectionUtils.firstElement(authnContext).map(Object::toString).orElse(null);
if (StringUtils.equals(mappedMethod.getValue(), satisfiedContext)) {
return mappedMethod.getLeft().getURI();
}
}
return null;
}
Also used :
lombok.val(lombok.val)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
AuthnContext(org.opensaml.saml.saml2.core.AuthnContext)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
StringUtils(org.apache.commons.lang3.StringUtils)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
SamlProfileBuilderContext(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)
Pair(org.apache.commons.lang3.tuple.Pair)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
Example 15 with RequestedAuthnContext
use of org.opensaml.saml2.core.RequestedAuthnContext in project ddf by codice.
the class IdpHandler method createAndSignAuthnRequest.
private String createAndSignAuthnRequest(boolean isPost, boolean wantSigned) throws AuthenticationFailureException {
String spIssuerId = getSpIssuerId();
String spAssertionConsumerServiceUrl = getSpAssertionConsumerServiceUrl(spIssuerId);
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(spIssuerId);
authnRequest.setIssuer(issuer);
authnRequest.setAssertionConsumerServiceURL(spAssertionConsumerServiceUrl);
authnRequest.setID("_" + UUID.randomUUID().toString());
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setDestination(idpMetadata.getSingleSignOnLocation());
authnRequest.setProtocolBinding(SamlProtocol.POST_BINDING);
authnRequest.setNameIDPolicy(SamlpRequestComponentBuilder.createNameIDPolicy(true, SAML2Constants.NAMEID_FORMAT_PERSISTENT, spIssuerId));
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
for (String authContextClass : authContextClasses) {
if (StringUtils.isNotEmpty(authContextClass)) {
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(authContextClass);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
}
}
authnRequest.setRequestedAuthnContext(requestedAuthnContext);
return serializeAndSign(isPost, wantSigned, authnRequest);
}
Also used :
RequestedAuthnContextBuilder(org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Issuer(org.opensaml.saml.saml2.core.Issuer)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)
DateTime(org.joda.time.DateTime)
Aggregations
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)16
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)13
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)10
Test (org.junit.jupiter.api.Test)5
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)5
Issuer (org.opensaml.saml.saml2.core.Issuer)4
IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)4
lombok.val (lombok.val)3
DateTime (org.joda.time.DateTime)3
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3
AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)3
IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)3
XMLObject (org.opensaml.core.xml.XMLObject)2
MessageContext (org.opensaml.messaging.context.MessageContext)2
RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2
JEEContext (org.pac4j.core.context.JEEContext)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
Inject (com.google.inject.Inject)1
StringReader (java.io.StringReader)1
