Examples with Endpoint org.opensaml.saml2.metadata.Endpoint used on opensource projects

Example 6 with Endpoint

use of org.opensaml.saml2.metadata.Endpoint in project pac4j by pac4j.

the class SAML2LogoutValidator method validateDestinationEndpoint.

protected void validateDestinationEndpoint(final LogoutResponse logoutResponse, final SAML2MessageContext context) {
    final List<String> expected = new ArrayList<>();
    if (StringUtils.isBlank(this.expectedDestination)) {
        final Endpoint endpoint = Objects.requireNonNull(context.getSPSSODescriptor().getSingleLogoutServices().get(0));
        if (endpoint.getLocation() != null) {
            expected.add(endpoint.getLocation());
        }
        if (endpoint.getResponseLocation() != null) {
            expected.add(endpoint.getResponseLocation());
        }
    } else {
        expected.add(this.expectedDestination);
    }
    final boolean isDestinationMandatory = context.getSAML2Configuration().isResponseDestinationAttributeMandatory();
    verifyEndpoint(expected, logoutResponse.getDestination(), isDestinationMandatory);
}

Example 7 with Endpoint

use of org.opensaml.saml2.metadata.Endpoint in project service-authorization by reportportal.

the class NonAliasHostedServiceProviderService method authenticationRequest.

@Override
public AuthenticationRequest authenticationRequest(IdentityProviderMetadata idp) {
    ExternalIdentityProviderConfiguration configuration = getIdentityProviderConfigurationForMetadata(idp);
    final URI authnBinding = configuration.getAuthenticationRequestBinding();
    Binding preferredBinding = authnBinding == null ? Binding.REDIRECT : Binding.fromUrn(authnBinding);
    Endpoint endpoint = getPreferredEndpoint(idp.getIdentityProvider().getSingleSignOnService(), preferredBinding, 0);
    ServiceProviderMetadata sp = getMetadata();
    AuthenticationRequest request = new AuthenticationRequest().setId("ARQ" + UUID.randomUUID().toString().substring(1)).setIssueInstant(new DateTime(getClock().millis())).setForceAuth(Boolean.FALSE).setPassive(Boolean.FALSE).setBinding(endpoint.getBinding()).setAssertionConsumerService(getPreferredEndpoint(sp.getServiceProvider().getAssertionConsumerService(), null, -1)).setIssuer(new Issuer().setValue(sp.getEntityId())).setDestination(endpoint);
    if (sp.getServiceProvider().isAuthnRequestsSigned()) {
        request.setSigningKey(sp.getSigningKey(), sp.getAlgorithm(), sp.getDigest());
    }
    return authenticationRequestEnhancer.enhance(request);
}

Example 8 with Endpoint

use of org.opensaml.saml2.metadata.Endpoint in project cas by apereo.

the class SamlIdPUtils method preparePeerEntitySamlEndpointContext.

/**
 * Prepare peer entity saml endpoint.
 *
 * @param outboundContext the outbound context
 * @param adaptor         the adaptor
 * @param binding         the binding
 * @throws SamlException the saml exception
 */
public static void preparePeerEntitySamlEndpointContext(final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    if (!adaptor.containsAssertionConsumerServices()) {
        throw new SamlException("No assertion consumer service could be found for entity " + adaptor.getEntityId());
    }
    final SAMLPeerEntityContext peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true);
    if (peerEntityContext == null) {
        throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + adaptor.getEntityId());
    }
    peerEntityContext.setEntityId(adaptor.getEntityId());
    final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
    if (endpointContext == null) {
        throw new SamlException("SAMLEndpointContext could not be defined for entity " + adaptor.getEntityId());
    }
    final Endpoint endpoint = adaptor.getAssertionConsumerService(binding);
    if (StringUtils.isBlank(endpoint.getBinding()) || StringUtils.isBlank(endpoint.getLocation())) {
        throw new SamlException("Assertion consumer service does not define a binding or location for " + adaptor.getEntityId());
    }
    LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding());
    endpointContext.setEndpoint(endpoint);
}

Example 9 with Endpoint

use of org.opensaml.saml2.metadata.Endpoint in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method isValidBearerSubjectConfirmationData.

/**
 * Validate Bearer subject confirmation data
 * - notBefore
 * - NotOnOrAfter
 * - recipient
 *
 * @param data    the data
 * @param context the context
 * @return true if all Bearer subject checks are passing
 */
protected final boolean isValidBearerSubjectConfirmationData(final SubjectConfirmationData data, final SAML2MessageContext context) {
    if (data == null) {
        logger.debug("SubjectConfirmationData cannot be null for Bearer confirmation");
        return false;
    }
    if (data.getNotBefore() != null) {
        logger.debug("SubjectConfirmationData notBefore must be null for Bearer confirmation");
        return false;
    }
    if (data.getNotOnOrAfter() == null) {
        logger.debug("SubjectConfirmationData notOnOrAfter cannot be null for Bearer confirmation");
        return false;
    }
    if (data.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) {
        logger.debug("SubjectConfirmationData notOnOrAfter is too old");
        return false;
    }
    try {
        if (data.getRecipient() == null) {
            logger.debug("SubjectConfirmationData recipient cannot be null for Bearer confirmation");
            return false;
        } else {
            final Endpoint endpoint = context.getSAMLEndpointContext().getEndpoint();
            if (endpoint == null) {
                logger.warn("No endpoint was found in the SAML endpoint context");
                return false;
            }
            final URI recipientUri = new URI(data.getRecipient());
            final URI appEndpointUri = new URI(endpoint.getLocation());
            if (!UriUtils.urisEqualAfterPortNormalization(recipientUri, appEndpointUri)) {
                logger.debug("SubjectConfirmationData recipient {} does not match SP assertion consumer URL, found. " + "SP ACS URL from context: {}", recipientUri, appEndpointUri);
                return false;
            }
        }
    } catch (URISyntaxException use) {
        logger.error("Unable to check SubjectConfirmationData recipient, a URI has invalid syntax.", use);
        return false;
    }
    return true;
}

Example 10 with Endpoint

use of org.opensaml.saml2.metadata.Endpoint in project MaxKey by dromara.

the class EndpointGenerator method generateEndpoint.

public Endpoint generateEndpoint(String location, String responseLocation, QName service) {
    logger.debug("end point service: {}", service);
    logger.debug("end point location: {}", location);
    logger.debug("end point responseLocation: {}", responseLocation);
    Endpoint samlEndpoint;
    if (null == service) {
        service = AssertionConsumerService.DEFAULT_ELEMENT_NAME;
    }
    samlEndpoint = new AssertionConsumerServiceBuilder().buildObject(service);
    samlEndpoint.setLocation(location);
    // this does not have to be set
    if (StringUtils.isNotEmpty(responseLocation)) {
        samlEndpoint.setResponseLocation(responseLocation);
    }
    return samlEndpoint;
}