Examples with EntityDescriptor org.opensaml.saml2.metadata.EntityDescriptor used on opensource projects

Search in sources :

Example 56 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.

the class SamlEntityDescriptorValidatorTest method decorate_shouldThrowExceptionWhenBothValidUntilAndCacheDurationAreMissing.

@Test
public void decorate_shouldThrowExceptionWhenBothValidUntilAndCacheDurationAreMissing() throws Exception {
    EntityDescriptor entityDescriptor = anEntityDescriptor().withValidUntil(null).withCacheDuration(null).build();
    assertExceptionMessage(entityDescriptor, SamlTransformationErrorFactory.missingCacheDurationAndValidUntil());
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) EntityDescriptorBuilder.anEntityDescriptor(uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor) Test(org.junit.jupiter.api.Test)

Example 57 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.

the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method transform_shouldTransformIdpSigningCertificates.

@Test
public void transform_shouldTransformIdpSigningCertificates() {
    String idpOneIssuerId = UUID.randomUUID().toString();
    String idpTwoIssuerId = UUID.randomUUID().toString();
    final Certificate idpCertOne = aCertificate().withIssuerId(idpOneIssuerId).build();
    final Certificate idpCertTwo = aCertificate().withIssuerId(idpTwoIssuerId).build();
    final EntityDescriptor result = transformer.apply(IdentityProviderMetadataDtoBuilder.anIdentityProviderMetadataDto().addIdpSigningCertificate(idpCertOne).addIdpSigningCertificate(idpCertTwo).build());
    final List<KeyDescriptor> keyDescriptors = result.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
    Assertions.assertThat(keyDescriptors.size()).isEqualTo(4);
    assertCertificateCorrect(keyDescriptors.get(1), idpOneIssuerId, idpCertOne);
    assertCertificateCorrect(keyDescriptors.get(2), idpTwoIssuerId, idpCertTwo);
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) CertificateBuilder.aCertificate(uk.gov.ida.saml.core.test.builders.CertificateBuilder.aCertificate) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate) Test(org.junit.jupiter.api.Test)

Example 58 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.

the class HubAsIdpMetadataHandler method getMetadataAsAnIdentityProvider.

public HubIdentityProviderMetadataDto getMetadataAsAnIdentityProvider() {
    URI hubFrontend = samlProxyConfiguration.getFrontendExternalUri();
    SamlEndpointDto binding = new SamlEndpointDto(SamlEndpointDto.Binding.POST, URI.create(hubFrontend + SAML2_SSO_REQUEST_ENDPOINT));
    Iterable<EntityDescriptor> entityDescriptors;
    try {
        CriteriaSet criteria = new CriteriaSet(new EntitiesDescriptorNameCriterion(hubFederationId));
        entityDescriptors = metadataResolver.resolve(criteria);
        LOG.info("Retrieved metadata from " + samlProxyConfiguration.getMetadataConfiguration().getUri());
    } catch (ResolverException e) {
        throw ApplicationException.createUnauditedException(ExceptionType.METADATA_PROVIDER_EXCEPTION, e.getMessage(), e);
    }
    final Iterable<EntityDescriptor> idpEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) != null).collect(Collectors.toList());
    final Iterable<EntityDescriptor> hubEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getEntityID().equals(hubEntityId)).collect(Collectors.toList());
    final Iterable<List<Certificate>> idpSigningCertificates = StreamSupport.stream(idpEntityDescriptors.spliterator(), false).map(this::getIDPSigningCertificates).collect(Collectors.toList());
    final Iterable<Certificate> hubEncryptionCertificate = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubEncryptionCertificate).collect(Collectors.toList());
    final Iterable<List<Certificate>> hubSigningCertificates = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubSigningCertificates).collect(Collectors.toList());
    return new HubIdentityProviderMetadataDto(singletonList(binding), hubEntityId, organisationDto, Collections.emptySet(), ImmutableList.copyOf(Iterables.concat(idpSigningCertificates)), DateTime.now().plus(samlProxyConfiguration.getMetadataValidDuration().toMilliseconds()), ImmutableList.copyOf(Iterables.concat(hubSigningCertificates)), hubEncryptionCertificate.iterator().next());
}
Also used : Iterables(com.google.common.collect.Iterables) ExceptionType(uk.gov.ida.common.ExceptionType) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Collections.singletonList(java.util.Collections.singletonList) Inject(javax.inject.Inject) HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) ImmutableList(com.google.common.collect.ImmutableList) StreamSupport(java.util.stream.StreamSupport) Named(javax.inject.Named) URI(java.net.URI) SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) ApplicationException(uk.gov.ida.exceptions.ApplicationException) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) UsageType(org.opensaml.security.credential.UsageType) DateTime(org.joda.time.DateTime) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) OrganisationDto(uk.gov.ida.saml.metadata.domain.OrganisationDto) Logger(java.util.logging.Logger) Collectors(java.util.stream.Collectors) List(java.util.List) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) X509Data(org.opensaml.xmlsec.signature.X509Data) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) Collections(java.util.Collections) Certificate(uk.gov.ida.common.shared.security.Certificate) SamlProxyConfiguration(uk.gov.ida.hub.samlproxy.SamlProxyConfiguration) EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion) SAML2_SSO_REQUEST_ENDPOINT(uk.gov.ida.hub.samlproxy.Urls.FrontendUrls.SAML2_SSO_REQUEST_ENDPOINT) SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion) URI(java.net.URI) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Collections.singletonList(java.util.Collections.singletonList) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate)

Example 59 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project hub-alert by blackducksoftware.

the class SAMLManager method createMemoryProvider.

// This needs to be created in order for Azure AD SAML configuration to work. The entity id in the metadata is different
// than the entity id configured in Azure.  This allows the the entity id to get mapped and found correctly for the application.
private Optional<ExtendedMetadataDelegate> createMemoryProvider() throws MetadataProviderException {
    EntityDescriptor descriptor = metadataGenerator.generateMetadata();
    MetadataMemoryProvider provider = new MetadataMemoryProvider(descriptor);
    provider.initialize();
    return Optional.of(createDelegate(provider));
}
Also used : EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor) MetadataMemoryProvider(org.springframework.security.saml.metadata.MetadataMemoryProvider)

Example 60 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.

the class AssertionConsumerService method retrieveMetadata.

@GET
@Path("/metadata")
@Produces("application/xml")
public Response retrieveMetadata() throws WSSecurityException, CertificateEncodingException {
    List<String> nameIdFormats = new ArrayList<>();
    nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_PERSISTENT);
    nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_UNSPECIFIED);
    nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME);
    X509Certificate issuerCert = findCertificate(systemCrypto.getSignatureAlias(), systemCrypto.getSignatureCrypto());
    X509Certificate encryptionCert = findCertificate(systemCrypto.getEncryptionAlias(), systemCrypto.getEncryptionCrypto());
    String entityId = SystemBaseUrl.EXTERNAL.constructUrl("/saml", true);
    String logoutLocation = SystemBaseUrl.EXTERNAL.constructUrl("/saml/logout", true);
    String assertionConsumerServiceLocation = SystemBaseUrl.EXTERNAL.constructUrl("/saml/sso", true);
    EntityDescriptor entityDescriptor = SamlProtocol.createSpMetadata(entityId, Base64.getEncoder().encodeToString(issuerCert.getEncoded()), Base64.getEncoder().encodeToString(encryptionCert.getEncoded()), nameIdFormats, logoutLocation, assertionConsumerServiceLocation, assertionConsumerServiceLocation, assertionConsumerServiceLocation);
    Document doc = DOMUtils.createDocument();
    doc.appendChild(doc.createElement("root"));
    return Response.ok(DOM2Writer.nodeToString(OpenSAMLUtil.toDom(entityDescriptor, doc, false))).build();
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) X509Certificate(java.security.cert.X509Certificate) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Aggregations

EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)60 Test (org.junit.jupiter.api.Test)15 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)13 EntityDescriptorBuilder.anEntityDescriptor (uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)11 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8 Test (org.junit.Test)8 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)8 List (java.util.List)7 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)7 IOException (java.io.IOException)6 InputStream (java.io.InputStream)6 ArrayList (java.util.ArrayList)6 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6 InputStreamReader (java.io.InputStreamReader)5 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)5 SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)5 ApplicationContext (org.springframework.context.ApplicationContext)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial