Search in sources :

Example 1 with Response

use of org.opensaml.saml2.core.Response in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
    }
    return samlResponse;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(org.opensaml.saml.saml2.core.Status) SAMLObject(org.opensaml.saml.common.SAMLObject) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) SecureRandom(java.security.SecureRandom)

Example 2 with Response

use of org.opensaml.saml2.core.Response in project ddf by codice.

the class LoginFilter method createSamlResponse.

/**
     * Creates the SAML response that we use for validation against the CXF
     * code.
     *
     * @param inResponseTo
     * @param issuer
     * @param status
     * @return Response
     */
private static Response createSamlResponse(String inResponseTo, String issuer, Status status) {
    if (responseBuilder == null) {
        responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
    }
    Response response = responseBuilder.buildObject();
    response.setID(UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);
    return response;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) ServletResponse(javax.servlet.ServletResponse) DateTime(org.joda.time.DateTime)

Example 3 with Response

use of org.opensaml.saml2.core.Response in project ddf by codice.

the class SamlProtocolTest method testCreateResponse.

@Test
public void testCreateResponse() throws WSSecurityException {
    Response response = SamlProtocol.createResponse(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createStatus("mystatus"), "myid", null);
    assertEquals("myissuer", response.getIssuer().getValue());
    assertEquals("mystatus", response.getStatus().getStatusCode().getValue());
    assertEquals("myid", response.getInResponseTo());
}
Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(org.opensaml.saml.saml2.core.Response) Test(org.junit.Test)

Example 4 with Response

use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorService method translate.

public InboundResponseFromMatchingServiceDto translate(SamlResponseDto samlResponseDto) {
    final Response response = responseUnmarshaller.apply(samlResponseDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    final InboundResponseFromMatchingService responseFromMatchingService = responseToInboundResponseFromMatchingServiceTransformer.transform(response);
    Optional<String> assertionBlob = Optional.empty();
    Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
    // FIXME?: transformer can return null
    if (responseFromMatchingService.getMatchingServiceAssertion() != null && responseFromMatchingService.getMatchingServiceAssertion().isPresent()) {
        assertionBlob = Optional.ofNullable(responseFromMatchingService.getMatchingServiceAssertion().get().getUnderlyingAssertionBlob());
        final Optional<AuthnContext> authnContext = responseFromMatchingService.getMatchingServiceAssertion().get().getAuthnContext();
        if (authnContext.isPresent()) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(authnContext.get().name()));
        }
    }
    final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = new InboundResponseFromMatchingServiceDto(responseFromMatchingService.getStatus(), responseFromMatchingService.getInResponseTo(), responseFromMatchingService.getIssuer(), assertionBlob, levelOfAssurance);
    return inboundResponseFromMatchingServiceDto;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 5 with Response

use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorServiceTest method setup.

@Before
public void setup() throws Exception {
    IdaSamlBootstrap.bootstrap();
    service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
    Response eidasSAMLResponse = (Response) buildResponseFromFile();
    ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
    List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
    when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
    when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
    when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
    doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
    when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
    when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
    when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
    when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
Also used : IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) Assertion(org.opensaml.saml.saml2.core.Assertion) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) Response(org.opensaml.saml.saml2.core.Response) PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller) IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller) ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions) AuthnContextFactory(uk.gov.ida.saml.core.transformers.AuthnContextFactory) SamlStatusToIdpIdaStatusMappingsFactory(uk.gov.ida.saml.hub.transformers.inbound.SamlStatusToIdpIdaStatusMappingsFactory) Before(org.junit.Before)

Aggregations

Response (org.opensaml.saml.saml2.core.Response)245 Test (org.junit.jupiter.api.Test)148 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)84 Assertion (org.opensaml.saml.saml2.core.Assertion)62 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)51 Element (org.w3c.dom.Element)44 Status (org.opensaml.saml.saml2.core.Status)37 DateTime (org.joda.time.DateTime)36 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)31 Document (org.w3c.dom.Document)31 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)19 SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)19 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)19 IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)18 Authentication (org.springframework.security.core.Authentication)16 ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16 Crypto (org.apache.wss4j.common.crypto.Crypto)15 NameID (org.opensaml.saml.saml2.core.NameID)14 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)13