use of org.opensaml.saml2.core.Response in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
}
return samlResponse;
}
use of org.opensaml.saml2.core.Response in project ddf by codice.
the class LoginFilter method createSamlResponse.
/**
* Creates the SAML response that we use for validation against the CXF
* code.
*
* @param inResponseTo
* @param issuer
* @param status
* @return Response
*/
private static Response createSamlResponse(String inResponseTo, String issuer, Status status) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
use of org.opensaml.saml2.core.Response in project ddf by codice.
the class SamlProtocolTest method testCreateResponse.
@Test
public void testCreateResponse() throws WSSecurityException {
Response response = SamlProtocol.createResponse(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createStatus("mystatus"), "myid", null);
assertEquals("myissuer", response.getIssuer().getValue());
assertEquals("mystatus", response.getStatus().getStatusCode().getValue());
assertEquals("myid", response.getInResponseTo());
}
use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorService method translate.
public InboundResponseFromMatchingServiceDto translate(SamlResponseDto samlResponseDto) {
final Response response = responseUnmarshaller.apply(samlResponseDto.getSamlResponse());
MdcHelper.addContextToMdc(response);
final InboundResponseFromMatchingService responseFromMatchingService = responseToInboundResponseFromMatchingServiceTransformer.transform(response);
Optional<String> assertionBlob = Optional.empty();
Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
// FIXME?: transformer can return null
if (responseFromMatchingService.getMatchingServiceAssertion() != null && responseFromMatchingService.getMatchingServiceAssertion().isPresent()) {
assertionBlob = Optional.ofNullable(responseFromMatchingService.getMatchingServiceAssertion().get().getUnderlyingAssertionBlob());
final Optional<AuthnContext> authnContext = responseFromMatchingService.getMatchingServiceAssertion().get().getAuthnContext();
if (authnContext.isPresent()) {
levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(authnContext.get().name()));
}
}
final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = new InboundResponseFromMatchingServiceDto(responseFromMatchingService.getStatus(), responseFromMatchingService.getInResponseTo(), responseFromMatchingService.getIssuer(), assertionBlob, levelOfAssurance);
return inboundResponseFromMatchingServiceDto;
}
use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorServiceTest method setup.
@Before
public void setup() throws Exception {
IdaSamlBootstrap.bootstrap();
service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
Response eidasSAMLResponse = (Response) buildResponseFromFile();
ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
Aggregations