Examples with EntityDescriptor org.opensaml.saml2.metadata.EntityDescriptor used on opensource projects

Search in sources :

Example 36 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.

the class SamlProtocol method createSpMetadata.

public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
    //signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    //encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    if (StringUtils.isNotBlank(singleLogOutLocation)) {
        SingleLogoutService singleLogoutServiceRedirect = singleLogOutServiceBuilder.buildObject();
        singleLogoutServiceRedirect.setBinding(REDIRECT_BINDING);
        singleLogoutServiceRedirect.setLocation(singleLogOutLocation);
        spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedirect);
        SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
        singleLogoutServicePost.setBinding(POST_BINDING);
        singleLogoutServicePost.setLocation(singleLogOutLocation);
        spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
    }
    int acsIndex = 0;
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(REDIRECT_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(POST_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 37 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.

the class MetadataConfigurationParser method readEntityDescriptor.

private EntityDescriptor readEntityDescriptor(Reader reader) {
    Document entityDoc;
    try {
        entityDoc = StaxUtils.read(reader);
    } catch (Exception ex) {
        throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
    }
    XMLObject entityXmlObj;
    try {
        entityXmlObj = OpenSAMLUtil.fromDom(entityDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw new IllegalArgumentException("Unable to convert EntityDescriptor document to XMLObject.");
    }
    return (EntityDescriptor) entityXmlObj;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) NoSuchFileException(java.nio.file.NoSuchFileException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException)

Example 38 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project cas by apereo.

the class SamlIdPUtils method getAssertionConsumerServiceFor.

/**
 * Gets assertion consumer service for.
 *
 * @param authnRequest    the authn request
 * @param servicesManager the services manager
 * @param resolver        the resolver
 * @return the assertion consumer service for
 */
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
    try {
        final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
        if (authnRequest.getAssertionConsumerServiceIndex() != null) {
            final String issuer = getIssuerFromSamlRequest(authnRequest);
            final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
            final CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(issuer));
            criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
            criteriaSet.add(new BindingCriterion(CollectionUtils.wrap(SAMLConstants.SAML2_POST_BINDING_URI)));
            final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
            it.forEach(entityDescriptor -> {
                final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
                final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
                if (acsEndpoints.isEmpty()) {
                    throw new IllegalArgumentException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
                }
                final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
                if (acsIndex + 1 > acsEndpoints.size()) {
                    throw new IllegalArgumentException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
                }
                final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
                acs.setBinding(foundAcs.getBinding());
                acs.setLocation(foundAcs.getLocation());
                acs.setResponseLocation(foundAcs.getResponseLocation());
                acs.setIndex(acsIndex);
            });
        } else {
            acs.setBinding(authnRequest.getProtocolBinding());
            acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
            acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
            acs.setIndex(0);
            acs.setIsDefault(Boolean.TRUE);
        }
        LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
        if (StringUtils.isBlank(acs.getBinding())) {
            throw new SamlException("AssertionConsumerService has no protocol binding defined");
        }
        if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
            throw new SamlException("AssertionConsumerService has no location or response location defined");
        }
        return acs;
    } catch (final Exception e) {
        throw new IllegalArgumentException(new SamlException(e.getMessage(), e));
    }
}
Also used : AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) BindingCriterion(org.opensaml.saml.criterion.BindingCriterion) SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver) Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)

Example 39 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.

the class CountrySingleSignOnServiceHelperTest method getSingleSignOn.

@Test
public void getSingleSignOn() throws Exception {
    // Given
    SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder();
    SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject();
    singleSignOnService.setLocation("http://the-sso-location");
    IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder();
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
    idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
    EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID("the-entity-id");
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    when(metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(entityDescriptor.getEntityID())))).thenReturn(entityDescriptor);
    // When
    URI singleSignOnUri = service.getSingleSignOn(entityDescriptor.getEntityID());
    // Then
    assertThat(singleSignOnUri.toString(), equalTo(singleSignOnService.getLocation()));
    verify(metadataResolver).resolveSingle(any(CriteriaSet.class));
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) SingleSignOnServiceBuilder(org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder) URI(java.net.URI) EntityDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder) IDPSSODescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorBuilder) Test(org.junit.Test)

Example 40 with EntityDescriptor

use of org.opensaml.saml2.metadata.EntityDescriptor in project pac4j by pac4j.

the class SAML2WebSSOMessageReceiver method receiveMessage.

@Override
public Credentials receiveMessage(final SAML2MessageContext context) {
    final SAMLPeerEntityContext peerContext = context.getSAMLPeerEntityContext();
    peerContext.setRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
    context.getSAMLSelfProtocolContext().setProtocol(SAMLConstants.SAML20P_NS);
    final Pac4jHTTPPostDecoder decoder = new Pac4jHTTPPostDecoder(context.getWebContext());
    try {
        decoder.setParserPool(Configuration.getParserPool());
        decoder.initialize();
        decoder.decode();
    } catch (final Exception e) {
        throw new SAMLException("Error decoding saml message", e);
    }
    final SAML2MessageContext decodedCtx = new SAML2MessageContext(decoder.getMessageContext());
    decodedCtx.setMessage(decoder.getMessageContext().getMessage());
    decodedCtx.setSAMLMessageStorage(context.getSAMLMessageStorage());
    final SAMLBindingContext bindingContext = decodedCtx.getParent().getSubcontext(SAMLBindingContext.class);
    decodedCtx.getSAMLBindingContext().setBindingDescriptor(bindingContext.getBindingDescriptor());
    decodedCtx.getSAMLBindingContext().setBindingUri(bindingContext.getBindingUri());
    decodedCtx.getSAMLBindingContext().setHasBindingSignature(bindingContext.hasBindingSignature());
    decodedCtx.getSAMLBindingContext().setIntendedDestinationEndpointURIRequired(bindingContext.isIntendedDestinationEndpointURIRequired());
    decodedCtx.getSAMLBindingContext().setRelayState(bindingContext.getRelayState());
    final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
    decodedCtx.getSAMLEndpointContext().setEndpoint(acsService);
    final EntityDescriptor metadata = context.getSAMLPeerMetadataContext().getEntityDescriptor();
    if (metadata == null) {
        throw new SAMLException("IDP Metadata cannot be null");
    }
    decodedCtx.getSAMLPeerEntityContext().setEntityId(metadata.getEntityID());
    decodedCtx.getSAMLSelfEntityContext().setEntityId(context.getSAMLSelfEntityContext().getEntityId());
    decodedCtx.getSAMLSelfEndpointContext().setEndpoint(context.getSAMLSelfEndpointContext().getEndpoint());
    decodedCtx.getSAMLSelfEntityContext().setRole(context.getSAMLSelfEntityContext().getRole());
    decodedCtx.getProfileRequestContext().setProfileId(SAML2_WEBSSO_PROFILE_URI);
    decodedCtx.getSAMLSelfMetadataContext().setRoleDescriptor(context.getSPSSODescriptor());
    return this.validator.validate(decodedCtx);
}
Also used : SAMLBindingContext(org.opensaml.saml.common.messaging.context.SAMLBindingContext) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) Pac4jHTTPPostDecoder(org.pac4j.saml.transport.Pac4jHTTPPostDecoder) SAMLException(org.pac4j.saml.exceptions.SAMLException) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Aggregations

EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)60 Test (org.junit.jupiter.api.Test)15 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)13 EntityDescriptorBuilder.anEntityDescriptor (uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)11 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8 Test (org.junit.Test)8 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)8 List (java.util.List)7 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)7 IOException (java.io.IOException)6 InputStream (java.io.InputStream)6 ArrayList (java.util.ArrayList)6 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6 InputStreamReader (java.io.InputStreamReader)5 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)5 SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)5 ApplicationContext (org.springframework.context.ApplicationContext)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial