Example 6 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class SamlProtocolTest method testCreateSpMetadata.
@Test
public void testCreateSpMetadata() {
EntityDescriptor entityDescriptor = SamlProtocol.createSpMetadata("myid", "mysigningcert", "myencryptioncert", "logoutlocation", "redirectlocation", "postlocation");
assertEquals("myid", entityDescriptor.getEntityID());
assertEquals("mysigningcert", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue());
assertEquals("myencryptioncert", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getKeyDescriptors().get(1).getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue());
assertEquals("redirectlocation", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getAssertionConsumerServices().get(0).getLocation());
assertEquals("postlocation", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getAssertionConsumerServices().get(1).getLocation());
assertEquals("logoutlocation", entityDescriptor.getSPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getSingleLogoutServices().get(0).getLocation());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Test(org.junit.Test)
Example 7 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class IdpEndpoint method retrieveMetadata.
@GET
@Path("/login/metadata")
@Produces("application/xml")
public Response retrieveMetadata() throws WSSecurityException, CertificateEncodingException {
List<String> nameIdFormats = new ArrayList<>();
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_PERSISTENT);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_UNSPECIFIED);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getSignatureCrypto().getDefaultX509Identifier());
X509Certificate[] certs = systemCrypto.getSignatureCrypto().getX509Certificates(cryptoType);
X509Certificate issuerCert = null;
if (certs != null && certs.length > 0) {
issuerCert = certs[0];
}
cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getEncryptionCrypto().getDefaultX509Identifier());
certs = systemCrypto.getEncryptionCrypto().getX509Certificates(cryptoType);
X509Certificate encryptionCert = null;
if (certs != null && certs.length > 0) {
encryptionCert = certs[0];
}
EntityDescriptor entityDescriptor = SamlProtocol.createIdpMetadata(SystemBaseUrl.constructUrl("/idp/login", true), Base64.getEncoder().encodeToString(issuerCert != null ? issuerCert.getEncoded() : new byte[0]), Base64.getEncoder().encodeToString(encryptionCert != null ? encryptionCert.getEncoded() : new byte[0]), nameIdFormats, SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/logout", true));
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
return Response.ok(DOM2Writer.nodeToString(OpenSAMLUtil.toDom(entityDescriptor, doc, false))).build();
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ArrayList(java.util.ArrayList)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
Document(org.w3c.dom.Document)
X509Certificate(java.security.cert.X509Certificate)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 8 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.
the class CountrySingleSignOnServiceHelper method getSingleSignOn.
public URI getSingleSignOn(String entityId) {
EidasMetadataResolver metadataResolver = new EidasMetadataResolver(new Timer(), client, URI.create(entityId));
try {
EntityDescriptor idpEntityDescriptor;
try {
CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(entityId));
idpEntityDescriptor = metadataResolver.resolveSingle(criteria);
} catch (ResolverException e) {
LOG.error(format("Exception when accessing metadata: {0}", e));
throw propagate(e);
}
if (idpEntityDescriptor != null) {
final IDPSSODescriptor idpssoDescriptor = idpEntityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices();
if (singleSignOnServices.isEmpty()) {
LOG.error(format("No singleSignOnServices present for IDP entityId: {0}", entityId));
} else {
if (singleSignOnServices.size() > 1) {
LOG.warn(format("More than one singleSignOnService present: {0} for {1}", singleSignOnServices.size(), entityId));
}
return URI.create(singleSignOnServices.get(0).getLocation());
}
}
throw ApplicationException.createUnauditedException(ExceptionType.NOT_FOUND, UUID.randomUUID(), new RuntimeException(format("no entity descriptor for IDP: {0}", entityId)));
} finally {
if (metadataResolver != null) {
metadataResolver.destroy();
}
}
}
Also used :
EidasMetadataResolver(uk.gov.ida.hub.samlengine.EidasMetadataResolver)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
Timer(java.util.Timer)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
Example 9 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project syncope by apache.
the class SAML2IdPLogic method importIdPs.
private List<SAML2IdPTO> importIdPs(final InputStream input) throws Exception {
List<EntityDescriptor> idpEntityDescriptors = new ArrayList<>();
Element root = OpenSAMLUtil.getParserPool().parse(new InputStreamReader(input)).getDocumentElement();
if (SAMLConstants.SAML20MD_NS.equals(root.getNamespaceURI()) && EntityDescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(root.getLocalName())) {
idpEntityDescriptors.add((EntityDescriptor) OpenSAMLUtil.fromDom(root));
} else if (SAMLConstants.SAML20MD_NS.equals(root.getNamespaceURI()) && EntitiesDescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(root.getLocalName())) {
NodeList children = root.getChildNodes();
for (int i = 0; i < children.getLength(); i++) {
Node child = children.item(i);
if (SAMLConstants.SAML20MD_NS.equals(child.getNamespaceURI()) && EntityDescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(child.getLocalName())) {
NodeList descendants = child.getChildNodes();
for (int j = 0; j < descendants.getLength(); j++) {
Node descendant = descendants.item(j);
if (SAMLConstants.SAML20MD_NS.equals(descendant.getNamespaceURI()) && IDPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(descendant.getLocalName())) {
idpEntityDescriptors.add((EntityDescriptor) OpenSAMLUtil.fromDom((Element) child));
}
}
}
}
}
List<SAML2IdPTO> result = new ArrayList<>(idpEntityDescriptors.size());
for (EntityDescriptor idpEntityDescriptor : idpEntityDescriptors) {
SAML2IdPTO idpTO = new SAML2IdPTO();
idpTO.setEntityID(idpEntityDescriptor.getEntityID());
idpTO.setName(idpEntityDescriptor.getEntityID());
idpTO.setUseDeflateEncoding(false);
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
saml2rw.write(new OutputStreamWriter(baos), idpEntityDescriptor, false);
idpTO.setMetadata(Base64.getEncoder().encodeToString(baos.toByteArray()));
}
ItemTO connObjectKeyItem = new ItemTO();
connObjectKeyItem.setIntAttrName("username");
connObjectKeyItem.setExtAttrName("NameID");
idpTO.setConnObjectKeyItem(connObjectKeyItem);
SAML2IdPEntity idp = cache.put(idpEntityDescriptor, idpTO);
if (idp.getSSOLocation(SAML2BindingType.POST) != null) {
idpTO.setBindingType(SAML2BindingType.POST);
} else if (idp.getSSOLocation(SAML2BindingType.REDIRECT) != null) {
idpTO.setBindingType(SAML2BindingType.REDIRECT);
} else {
throw new IllegalArgumentException("Neither POST nor REDIRECT artifacts supported by " + idp.getId());
}
result.add(idpTO);
}
return result;
}
Also used :
SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO)
InputStreamReader(java.io.InputStreamReader)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
ArrayList(java.util.ArrayList)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ItemTO(org.apache.syncope.common.lib.to.ItemTO)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SAML2IdPEntity(org.apache.syncope.core.logic.saml2.SAML2IdPEntity)
OutputStreamWriter(java.io.OutputStreamWriter)
Example 10 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project syncope by apache.
the class SAML2SPLogic method getMetadata.
@PreAuthorize("isAuthenticated()")
public void getMetadata(final String spEntityID, final String urlContext, final OutputStream os) {
check();
try {
EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
spEntityDescriptor.setEntityID(spEntityID);
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
keyInfoGenerator.generate(loader.getCredential());
KeyDescriptor keyDescriptor = new KeyDescriptorBuilder().buildObject();
keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
spSSODescriptor.getKeyDescriptors().add(keyDescriptor);
NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.TRANSIENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
for (SAML2BindingType bindingType : SAML2BindingType.values()) {
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(bindingType.ordinal());
assertionConsumerService.setBinding(bindingType.getUri());
assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext));
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
String sloUrl = spEntityID + urlContext + "/logout";
validateUrl(sloUrl);
SingleLogoutService singleLogoutService = new SingleLogoutServiceBuilder().buildObject();
singleLogoutService.setBinding(bindingType.getUri());
singleLogoutService.setLocation(sloUrl);
singleLogoutService.setResponseLocation(sloUrl);
spSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
}
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
saml2rw.sign(spEntityDescriptor);
saml2rw.write(new OutputStreamWriter(os), spEntityDescriptor, true);
} catch (Exception e) {
LOG.error("While getting SP metadata", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
}
Also used :
SAML2BindingType(org.apache.syncope.common.lib.types.SAML2BindingType)
SPSSODescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorBuilder)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
NameIDFormatBuilder(org.opensaml.saml.saml2.metadata.impl.NameIDFormatBuilder)
XSString(org.opensaml.core.xml.schema.XSString)
EntityDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
KeyInfoGenerator(org.opensaml.xmlsec.keyinfo.KeyInfoGenerator)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
SingleLogoutServiceBuilder(org.opensaml.saml.saml2.metadata.impl.SingleLogoutServiceBuilder)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
OutputStreamWriter(java.io.OutputStreamWriter)
KeyDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder)
X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)60
Test (org.junit.jupiter.api.Test)15
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)13
EntityDescriptorBuilder.anEntityDescriptor (uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)11
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
Test (org.junit.Test)8
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8
SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)8
List (java.util.List)7
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7
X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)7
IOException (java.io.IOException)6
InputStream (java.io.InputStream)6
ArrayList (java.util.ArrayList)6
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6
InputStreamReader (java.io.InputStreamReader)5
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)5
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)5
ApplicationContext (org.springframework.context.ApplicationContext)5
