Example 16 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project cloudstack by apache.
the class SAML2AuthManagerImpl method addIdpToMap.
private void addIdpToMap(EntityDescriptor descriptor, Map<String, SAMLProviderMetadata> idpMap) {
SAMLProviderMetadata idpMetadata = new SAMLProviderMetadata();
idpMetadata.setEntityId(descriptor.getEntityID());
s_logger.debug("Adding IdP to the list of discovered IdPs: " + descriptor.getEntityID());
if (descriptor.getOrganization() != null) {
if (descriptor.getOrganization().getDisplayNames() != null) {
for (OrganizationDisplayName orgName : descriptor.getOrganization().getDisplayNames()) {
if (orgName != null && orgName.getName() != null) {
idpMetadata.setOrganizationName(orgName.getName().getLocalString());
break;
}
}
}
if (idpMetadata.getOrganizationName() == null && descriptor.getOrganization().getOrganizationNames() != null) {
for (OrganizationName orgName : descriptor.getOrganization().getOrganizationNames()) {
if (orgName != null && orgName.getName() != null) {
idpMetadata.setOrganizationName(orgName.getName().getLocalString());
break;
}
}
}
if (descriptor.getOrganization().getURLs() != null) {
for (OrganizationURL organizationURL : descriptor.getOrganization().getURLs()) {
if (organizationURL != null && organizationURL.getURL() != null) {
idpMetadata.setOrganizationUrl(organizationURL.getURL().getLocalString());
break;
}
}
}
}
if (descriptor.getContactPersons() != null) {
for (ContactPerson person : descriptor.getContactPersons()) {
if (person == null || (person.getGivenName() == null && person.getSurName() == null) || person.getEmailAddresses() == null) {
continue;
}
if (person.getGivenName() != null) {
idpMetadata.setContactPersonName(person.getGivenName().getName());
} else if (person.getSurName() != null) {
idpMetadata.setContactPersonName(person.getSurName().getName());
}
for (EmailAddress emailAddress : person.getEmailAddresses()) {
if (emailAddress != null && emailAddress.getAddress() != null) {
idpMetadata.setContactPersonEmail(emailAddress.getAddress());
}
}
if (idpMetadata.getContactPersonName() != null && idpMetadata.getContactPersonEmail() != null) {
break;
}
}
}
IDPSSODescriptor idpDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpDescriptor != null) {
if (idpDescriptor.getSingleSignOnServices() != null) {
for (SingleSignOnService ssos : idpDescriptor.getSingleSignOnServices()) {
if (ssos.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
idpMetadata.setSsoUrl(ssos.getLocation());
}
}
}
if (idpDescriptor.getSingleLogoutServices() != null) {
for (SingleLogoutService slos : idpDescriptor.getSingleLogoutServices()) {
if (slos.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
idpMetadata.setSloUrl(slos.getLocation());
}
}
}
X509Certificate unspecifiedKey = null;
if (idpDescriptor.getKeyDescriptors() != null) {
for (KeyDescriptor kd : idpDescriptor.getKeyDescriptors()) {
if (kd.getUse() == UsageType.SIGNING) {
try {
idpMetadata.setSigningCertificate(KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0));
} catch (CertificateException ignored) {
s_logger.info("[ignored] encountered invalid certificate signing.", ignored);
}
}
if (kd.getUse() == UsageType.ENCRYPTION) {
try {
idpMetadata.setEncryptionCertificate(KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0));
} catch (CertificateException ignored) {
s_logger.info("[ignored] encountered invalid certificate encryption.", ignored);
}
}
if (kd.getUse() == UsageType.UNSPECIFIED) {
try {
unspecifiedKey = KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0);
} catch (CertificateException ignored) {
s_logger.info("[ignored] encountered invalid certificate.", ignored);
}
}
}
}
if (idpMetadata.getSigningCertificate() == null && unspecifiedKey != null) {
idpMetadata.setSigningCertificate(unspecifiedKey);
}
if (idpMetadata.getEncryptionCertificate() == null && unspecifiedKey != null) {
idpMetadata.setEncryptionCertificate(unspecifiedKey);
}
if (idpMap.containsKey(idpMetadata.getEntityId())) {
s_logger.warn("Duplicate IdP metadata found with entity Id: " + idpMetadata.getEntityId());
}
idpMap.put(idpMetadata.getEntityId(), idpMetadata);
}
}
Also used :
OrganizationName(org.opensaml.saml2.metadata.OrganizationName)
OrganizationDisplayName(org.opensaml.saml2.metadata.OrganizationDisplayName)
IDPSSODescriptor(org.opensaml.saml2.metadata.IDPSSODescriptor)
SingleLogoutService(org.opensaml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml2.metadata.KeyDescriptor)
SingleSignOnService(org.opensaml.saml2.metadata.SingleSignOnService)
CertificateException(java.security.cert.CertificateException)
ContactPerson(org.opensaml.saml2.metadata.ContactPerson)
EmailAddress(org.opensaml.saml2.metadata.EmailAddress)
X509Certificate(java.security.cert.X509Certificate)
OrganizationURL(org.opensaml.saml2.metadata.OrganizationURL)
Example 17 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class SamlProtocol method createIdpMetadata.
@SuppressWarnings("squid:S00107")
public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleSignOnLocationSoap, String singleLogOutLocation) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
// signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
// encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (String nameId : nameIds) {
NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
nameIDFormat.setFormat(nameId);
idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
}
if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
}
if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
singleSignOnServicePost.setBinding(POST_BINDING);
singleSignOnServicePost.setLocation(singleSignOnLocationPost);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
}
addSingleLogoutLocation(singleLogOutLocation, idpssoDescriptor.getSingleLogoutServices());
if (StringUtils.isNotBlank(singleSignOnLocationSoap)) {
SingleSignOnService singleSignOnServiceSoap = singleSignOnServiceBuilder.buildObject();
singleSignOnServiceSoap.setBinding(SOAP_BINDING);
singleSignOnServiceSoap.setLocation(singleSignOnLocationSoap);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceSoap);
}
idpssoDescriptor.setWantAuthnRequestsSigned(true);
idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
entityDescriptor.setCacheDuration(getCacheDuration().toMillis());
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 18 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class SamlProtocol method createSpMetadata.
public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost, String assertionConsumerServiceLocationPaos) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
// signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
// encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (String nameId : nameIds) {
NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
nameIDFormat.setFormat(nameId);
spSsoDescriptor.getNameIDFormats().add(nameIDFormat);
}
addSingleLogoutLocation(singleLogOutLocation, spSsoDescriptor.getSingleLogoutServices());
int acsIndex = 0;
if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(REDIRECT_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(POST_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPaos)) {
AssertionConsumerService assertionConsumerServicePaos = assertionConsumerServiceBuilder.buildObject();
assertionConsumerServicePaos.setBinding(PAOS_BINDING);
assertionConsumerServicePaos.setIndex(acsIndex);
assertionConsumerServicePaos.setLocation(assertionConsumerServiceLocationPaos);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerServicePaos);
}
spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
entityDescriptor.setCacheDuration(getCacheDuration().toMillis());
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 19 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class MetadataConfigurationParserTest method testRootElementValidUntil.
@Test
public void testRootElementValidUntil() throws Exception {
String xml = IOUtils.toString(entityDescriptorPath.toUri());
DateTime validUntil = DateTime.now().plusYears(1);
String validUntilXmlString = String.format("validUntil=\"%tF\"", validUntil.toDate());
String xmlNoCacheDuration = xml.replaceFirst(CACHE_DURATION_REGEX, validUntilXmlString);
EntityDescriptor entity = getEntityDescriptor(xmlNoCacheDuration);
boolean isSameDate = entity.getValidUntil().toLocalDate().isEqual(validUntil.toLocalDate());
assertThat("Expected different valid-until date", isSameDate, is(true));
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 20 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class MetadataConfigurationParser method retrieveEntityDescriptorViaFile.
private List<EntityDescriptor> retrieveEntityDescriptorViaFile(String entityDescriptorString, List<EntityDescriptor> entityDescriptors) throws IOException {
String pathStr = StringUtils.substringAfter(entityDescriptorString, FILE);
Path path = Paths.get(pathStr);
try {
entityDescriptors = AccessController.doPrivileged((PrivilegedExceptionAction<Optional<List<EntityDescriptor>>>) () -> privilegedRetrieveEntityDescriptorViaFile(path)).orElse(entityDescriptors);
} catch (PrivilegedActionException e) {
if (!(e.getException() instanceof IOException)) {
LOGGER.warn("Unexpected exception type - {}", e.getException().getClass(), e.getException());
throw new IOException("Runtime exception occurred reading entity descriptors");
}
throw (IOException) e.getException();
}
return entityDescriptors;
}
Also used :
Path(java.nio.file.Path)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Optional(java.util.Optional)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)60
Test (org.junit.jupiter.api.Test)15
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)13
EntityDescriptorBuilder.anEntityDescriptor (uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)11
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
Test (org.junit.Test)8
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8
SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)8
List (java.util.List)7
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7
X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)7
IOException (java.io.IOException)6
InputStream (java.io.InputStream)6
ArrayList (java.util.ArrayList)6
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6
InputStreamReader (java.io.InputStreamReader)5
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)5
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)5
ApplicationContext (org.springframework.context.ApplicationContext)5
