Example 1 with Response
use of org.opensaml.saml2.core.Response in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
}
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Status(org.opensaml.saml.saml2.core.Status)
SAMLObject(org.opensaml.saml.common.SAMLObject)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SecureRandom(java.security.SecureRandom)
Example 2 with Response
use of org.opensaml.saml2.core.Response in project ddf by codice.
the class LoginFilter method createSamlResponse.
/**
* Creates the SAML response that we use for validation against the CXF
* code.
*
* @param inResponseTo
* @param issuer
* @param status
* @return Response
*/
private static Response createSamlResponse(String inResponseTo, String issuer, Status status) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ServletResponse(javax.servlet.ServletResponse)
DateTime(org.joda.time.DateTime)
Example 3 with Response
use of org.opensaml.saml2.core.Response in project ddf by codice.
the class SamlProtocolTest method testCreateResponse.
@Test
public void testCreateResponse() throws WSSecurityException {
Response response = SamlProtocol.createResponse(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createStatus("mystatus"), "myid", null);
assertEquals("myissuer", response.getIssuer().getValue());
assertEquals("mystatus", response.getStatus().getStatusCode().getValue());
assertEquals("myid", response.getInResponseTo());
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(org.opensaml.saml.saml2.core.Response)
Test(org.junit.Test)
Example 4 with Response
use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorService method translate.
public InboundResponseFromMatchingServiceDto translate(SamlResponseDto samlResponseDto) {
final Response response = responseUnmarshaller.apply(samlResponseDto.getSamlResponse());
MdcHelper.addContextToMdc(response);
final InboundResponseFromMatchingService responseFromMatchingService = responseToInboundResponseFromMatchingServiceTransformer.transform(response);
Optional<String> assertionBlob = Optional.empty();
Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
// FIXME?: transformer can return null
if (responseFromMatchingService.getMatchingServiceAssertion() != null && responseFromMatchingService.getMatchingServiceAssertion().isPresent()) {
assertionBlob = Optional.ofNullable(responseFromMatchingService.getMatchingServiceAssertion().get().getUnderlyingAssertionBlob());
final Optional<AuthnContext> authnContext = responseFromMatchingService.getMatchingServiceAssertion().get().getAuthnContext();
if (authnContext.isPresent()) {
levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(authnContext.get().name()));
}
}
final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = new InboundResponseFromMatchingServiceDto(responseFromMatchingService.getStatus(), responseFromMatchingService.getInResponseTo(), responseFromMatchingService.getIssuer(), assertionBlob, levelOfAssurance);
return inboundResponseFromMatchingServiceDto;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto)
InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
Example 5 with Response
use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorServiceTest method setup.
@Before
public void setup() throws Exception {
IdaSamlBootstrap.bootstrap();
service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
Response eidasSAMLResponse = (Response) buildResponseFromFile();
ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
Also used :
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)
IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)
ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions)
AuthnContextFactory(uk.gov.ida.saml.core.transformers.AuthnContextFactory)
SamlStatusToIdpIdaStatusMappingsFactory(uk.gov.ida.saml.hub.transformers.inbound.SamlStatusToIdpIdaStatusMappingsFactory)
Before(org.junit.Before)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)245
Test (org.junit.jupiter.api.Test)148
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)84
Assertion (org.opensaml.saml.saml2.core.Assertion)62
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)51
Element (org.w3c.dom.Element)44
Status (org.opensaml.saml.saml2.core.Status)37
DateTime (org.joda.time.DateTime)36
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)31
Document (org.w3c.dom.Document)31
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)19
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)19
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)19
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)18
Authentication (org.springframework.security.core.Authentication)16
ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16
Crypto (org.apache.wss4j.common.crypto.Crypto)15
NameID (org.opensaml.saml.saml2.core.NameID)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)13
