Example 11 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project pac4j by pac4j.
the class SAML2ContextProvider method addContext.
protected final void addContext(final SAML2MetadataResolver entityId, final BaseContext parentContext, final QName elementName) {
final EntityDescriptor entityDescriptor;
final RoleDescriptor roleDescriptor;
try {
final CriteriaSet set = new CriteriaSet();
set.add(new EntityIdCriterion(entityId.getEntityId()));
entityDescriptor = this.metadata.resolveSingle(set);
if (entityDescriptor == null) {
throw new SAMLException("Cannot find entity " + entityId + " in metadata provider");
}
final List<RoleDescriptor> list = entityDescriptor.getRoleDescriptors(elementName, SAMLConstants.SAML20P_NS);
roleDescriptor = CommonHelper.isNotEmpty(list) ? list.get(0) : null;
if (roleDescriptor == null) {
throw new SAMLException("Cannot find entity " + entityId + " or role " + elementName + " in metadata provider");
}
} catch (final ResolverException e) {
throw new SAMLException("An error occured while getting IDP descriptors", e);
}
final SAMLMetadataContext mdCtx = parentContext.getSubcontext(SAMLMetadataContext.class, true);
mdCtx.setEntityDescriptor(entityDescriptor);
mdCtx.setRoleDescriptor(roleDescriptor);
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
SAMLMetadataContext(org.opensaml.saml.common.messaging.context.SAMLMetadataContext)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 12 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project spring-security by spring-projects.
the class OpenSamlMetadataAssertingPartyDetailsConverterTests method readWhenDescriptorFullySpecifiedThenConfigures.
@Test
public void readWhenDescriptorFullySpecifiedThenConfigures() throws Exception {
String payload = String.format(ENTITY_DESCRIPTOR_TEMPLATE, String.format(IDP_SSO_DESCRIPTOR_TEMPLATE, String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"signing\"") + String.format(KEY_DESCRIPTOR_TEMPLATE, "use=\"encryption\"") + EXTENSIONS_TEMPLATE + String.format(SINGLE_SIGN_ON_SERVICE_TEMPLATE)));
InputStream inputStream = new ByteArrayInputStream(payload.getBytes());
RelyingPartyRegistration.AssertingPartyDetails details = this.converter.convert(inputStream).iterator().next().build();
assertThat(details.getWantAuthnRequestsSigned()).isFalse();
assertThat(details.getSigningAlgorithms()).containsExactly(SignatureConstants.ALGO_ID_DIGEST_SHA512);
assertThat(details.getSingleSignOnServiceLocation()).isEqualTo("sso-location");
assertThat(details.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
assertThat(details.getEntityId()).isEqualTo("entity-id");
assertThat(details.getVerificationX509Credentials()).hasSize(1);
assertThat(details.getVerificationX509Credentials().iterator().next().getCertificate()).isEqualTo(x509Certificate(CERTIFICATE));
assertThat(details.getEncryptionX509Credentials()).hasSize(1);
assertThat(details.getEncryptionX509Credentials().iterator().next().getCertificate()).isEqualTo(x509Certificate(CERTIFICATE));
assertThat(details).isInstanceOf(OpenSamlAssertingPartyDetails.class);
OpenSamlAssertingPartyDetails openSamlDetails = (OpenSamlAssertingPartyDetails) details;
EntityDescriptor entityDescriptor = openSamlDetails.getEntityDescriptor();
assertThat(entityDescriptor).isNotNull();
assertThat(entityDescriptor.getEntityID()).isEqualTo(details.getEntityId());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
Test(org.junit.jupiter.api.Test)
Example 13 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project spring-security by spring-projects.
the class OpenSamlMetadataResolver method resolve.
@Override
public String resolve(RelyingPartyRegistration relyingPartyRegistration) {
EntityDescriptor entityDescriptor = build(EntityDescriptor.ELEMENT_QNAME);
entityDescriptor.setEntityID(relyingPartyRegistration.getEntityId());
SPSSODescriptor spSsoDescriptor = buildSpSsoDescriptor(relyingPartyRegistration);
entityDescriptor.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).add(spSsoDescriptor);
return serialize(entityDescriptor);
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
Example 14 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project spring-security by spring-projects.
the class OpenSamlMetadataAssertingPartyDetailsConverter method convert.
Collection<RelyingPartyRegistration.AssertingPartyDetails.Builder> convert(InputStream inputStream) {
List<RelyingPartyRegistration.AssertingPartyDetails.Builder> builders = new ArrayList<>();
XMLObject xmlObject = xmlObject(inputStream);
if (xmlObject instanceof EntitiesDescriptor) {
EntitiesDescriptor descriptors = (EntitiesDescriptor) xmlObject;
for (EntityDescriptor descriptor : descriptors.getEntityDescriptors()) {
builders.add(convert(descriptor));
}
return builders;
}
if (xmlObject instanceof EntityDescriptor) {
EntityDescriptor descriptor = (EntityDescriptor) xmlObject;
return Arrays.asList(convert(descriptor));
}
throw new Saml2Exception("Unsupported element of type " + xmlObject.getClass());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ArrayList(java.util.ArrayList)
XMLObject(org.opensaml.core.xml.XMLObject)
EntitiesDescriptor(org.opensaml.saml.saml2.metadata.EntitiesDescriptor)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 15 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project spring-security by spring-projects.
the class OpenSamlMetadataAssertingPartyDetailsConverter method signingMethods.
private List<SigningMethod> signingMethods(IDPSSODescriptor idpssoDescriptor) {
Extensions extensions = idpssoDescriptor.getExtensions();
List<SigningMethod> result = signingMethods(extensions);
if (!result.isEmpty()) {
return result;
}
EntityDescriptor descriptor = (EntityDescriptor) idpssoDescriptor.getParent();
extensions = descriptor.getExtensions();
return signingMethods(extensions);
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Extensions(org.opensaml.saml.saml2.metadata.Extensions)
SigningMethod(org.opensaml.saml.ext.saml2alg.SigningMethod)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)60
Test (org.junit.jupiter.api.Test)15
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)13
EntityDescriptorBuilder.anEntityDescriptor (uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)11
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
Test (org.junit.Test)8
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8
SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)8
List (java.util.List)7
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7
X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)7
IOException (java.io.IOException)6
InputStream (java.io.InputStream)6
ArrayList (java.util.ArrayList)6
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6
InputStreamReader (java.io.InputStreamReader)5
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)5
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)5
ApplicationContext (org.springframework.context.ApplicationContext)5
