Example 6 with Response
use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorService method toModel.
private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}
Also used :
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer)
Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty)
Subject(org.opensaml.saml.saml2.core.Subject)
IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper)
ResponseFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseFromCountryValidator)
SamlResponseSignatureValidator(uk.gov.ida.saml.security.validators.signature.SamlResponseSignatureValidator)
Inject(javax.inject.Inject)
Assertion(org.opensaml.saml.saml2.core.Assertion)
AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
ResponseAssertionsFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseAssertionsFromCountryValidator)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)
AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)
List(java.util.List)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
DestinationValidator(uk.gov.ida.saml.core.validators.DestinationValidator)
Optional(java.util.Optional)
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
NameID(org.opensaml.saml.saml2.core.NameID)
SamlAssertionsSignatureValidator(uk.gov.ida.saml.security.SamlAssertionsSignatureValidator)
InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
Subject(org.opensaml.saml.saml2.core.Subject)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
Example 7 with Response
use of org.opensaml.saml2.core.Response in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
public Response buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
if (casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
storeAttributeQueryTicketInRegistry(assertion, request, adaptor);
}
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, null);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request, binding);
SamlUtils.logSamlObject(configBean, samlResponse);
}
return samlResponse;
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Status(org.opensaml.saml.saml2.core.Status)
SAMLObject(org.opensaml.saml.common.SAMLObject)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Example 8 with Response
use of org.opensaml.saml2.core.Response in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method validate.
/**
* Validates the SAML protocol response and the SAML SSO response.
* The method decrypt encrypted assertions if any.
*
* @param context the context
*/
@Override
public Credentials validate(final SAML2MessageContext context) {
final SAMLObject message = context.getMessage();
if (!(message instanceof Response)) {
throw new SAMLException("Response instance is an unsupported type");
}
final Response response = (Response) message;
final SignatureTrustEngine engine = this.signatureTrustEngineProvider.build();
validateSamlProtocolResponse(response, context, engine);
if (decrypter != null) {
decryptEncryptedAssertions(response, decrypter);
}
validateSamlSSOResponse(response, context, engine, decrypter);
return buildSAML2Credentials(context);
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
SAMLObject(org.opensaml.saml.common.SAMLObject)
SignatureTrustEngine(org.opensaml.xmlsec.signature.support.SignatureTrustEngine)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 9 with Response
use of org.opensaml.saml2.core.Response in project pentaho-engineering-samples by pentaho.
the class PentahoSamlLogoutFilter method idpContainsGlobalLogoutEndpoint.
private boolean idpContainsGlobalLogoutEndpoint(HttpServletRequest request, HttpServletResponse response) {
try {
SAMLMessageContext ctx = contextProvider.getLocalAndPeerEntity(request, response);
String binding = SAMLUtil.getLogoutBinding((IDPSSODescriptor) ctx.getPeerEntityRoleMetadata(), (SPSSODescriptor) ctx.getLocalEntityRoleMetadata());
return (binding != null && !binding.isEmpty());
} catch (MetadataProviderException e) {
logger.error(e.getMessage(), e);
}
return false;
}
Also used :
SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
Example 10 with Response
use of org.opensaml.saml2.core.Response in project testcases by coheigea.
the class SAML2PResponseComponentBuilder method createSAMLResponse.
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(String inResponseTo, String issuer, Status status) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}Aggregations
Response (org.opensaml.saml.saml2.core.Response)245
Test (org.junit.jupiter.api.Test)148
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)84
Assertion (org.opensaml.saml.saml2.core.Assertion)62
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)51
Element (org.w3c.dom.Element)44
Status (org.opensaml.saml.saml2.core.Status)37
DateTime (org.joda.time.DateTime)36
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)31
Document (org.w3c.dom.Document)31
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)19
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)19
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)19
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)18
Authentication (org.springframework.security.core.Authentication)16
ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16
Crypto (org.apache.wss4j.common.crypto.Crypto)15
NameID (org.opensaml.saml.saml2.core.NameID)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)13
