Search in sources :

Example 16 with IDPSSODescriptor

use of org.opensaml.saml2.metadata.IDPSSODescriptor in project verify-hub by alphagov.

the class NodeMetadataFactory method createCountryEntityDescriptor.

public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
    Signature entityDescriptorSignature = createSignature();
    KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
    try {
        return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
    } catch (MarshallingException | SignatureException e) {
        throw Throwables.propagate(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Signature(org.opensaml.xmlsec.signature.Signature) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 17 with IDPSSODescriptor

use of org.opensaml.saml2.metadata.IDPSSODescriptor in project verify-hub by alphagov.

the class NodeMetadataFactory method createCountryEntityDescriptor.

public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
    Signature entityDescriptorSignature = createSignature();
    KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
    try {
        return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
    } catch (MarshallingException | SignatureException e) {
        throw Throwables.propagate(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Signature(org.opensaml.xmlsec.signature.Signature) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 18 with IDPSSODescriptor

use of org.opensaml.saml2.metadata.IDPSSODescriptor in project pac4j by pac4j.

the class SAML2LogoutMessageSender method sendMessage.

@Override
public void sendMessage(final SAML2MessageContext context, final LogoutRequest logoutRequest, final Object relayState) {
    final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
    final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
    final SingleLogoutService ssoLogoutService = context.getIDPSingleLogoutService(destinationBindingType);
    final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
    final MessageEncoder encoder = getMessageEncoder(context);
    final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
    outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
    outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
    outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
    outboundContext.setMessage(logoutRequest);
    outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
    outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoLogoutService);
    outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
    outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
    outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
    outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
    if (relayState != null) {
        outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
    }
    invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
    try {
        encoder.setMessageContext(outboundContext);
        encoder.initialize();
        encoder.prepareContext();
        encoder.encode();
        final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
        if (messageStorage != null) {
            messageStorage.storeMessage(logoutRequest.getID(), logoutRequest);
        }
    } catch (final MessageEncodingException e) {
        throw new SAMLException("Error encoding saml message", e);
    } catch (final ComponentInitializationException e) {
        throw new SAMLException("Error initializing saml encoder", e);
    }
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) MessageEncoder(org.opensaml.messaging.encoder.MessageEncoder) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Example 19 with IDPSSODescriptor

use of org.opensaml.saml2.metadata.IDPSSODescriptor in project verify-hub by alphagov.

the class IdpSingleSignOnServiceHelper method getSingleSignOn.

public URI getSingleSignOn(String entityId) {
    EntityDescriptor idpEntityDescriptor;
    try {
        CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(entityId));
        idpEntityDescriptor = metadataProvider.resolveSingle(criteria);
    } catch (ResolverException e) {
        LOG.log(Level.SEVERE, format("Exception when accessing metadata: {0}", e));
        throw new RuntimeException(e);
    }
    if (idpEntityDescriptor != null) {
        final IDPSSODescriptor idpssoDescriptor = idpEntityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        final List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices();
        if (singleSignOnServices.isEmpty()) {
            LOG.log(Level.SEVERE, format("No singleSignOnServices present for IDP entityId: {0}", entityId));
        } else {
            if (singleSignOnServices.size() > 1) {
                LOG.log(Level.WARNING, format("More than one singleSignOnService present: {0} for {1}", singleSignOnServices.size(), entityId));
            }
            return URI.create(singleSignOnServices.get(0).getLocation());
        }
    }
    throw ApplicationException.createUnauditedException(ExceptionType.NOT_FOUND, UUID.randomUUID(), new RuntimeException(format("no entity descriptor for IDP: {0}", entityId)));
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)

Example 20 with IDPSSODescriptor

use of org.opensaml.saml2.metadata.IDPSSODescriptor in project verify-hub by alphagov.

the class IdpMetadataPublicKeyStoreTest method idpEntityDescriptor.

private static EntityDescriptor idpEntityDescriptor(String idpEntityId, String public_signing_certificate) {
    KeyDescriptor keyDescriptor = buildKeyDescriptor(public_signing_certificate);
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).withoutDefaultSigningKey().build();
    try {
        return EntityDescriptorBuilder.anEntityDescriptor().withEntityId(idpEntityId).withIdpSsoDescriptor(idpssoDescriptor).withValidUntil(DateTime.now().plusWeeks(2)).withSignature(null).withoutSigning().setAddDefaultSpServiceDescriptor(false).build();
    } catch (MarshallingException | SignatureException e) {
        throw new RuntimeException(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Aggregations

IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)21 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)8 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)7 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)7 IOException (java.io.IOException)3 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)3 AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)3 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)3 MarshallingException (org.opensaml.core.xml.io.MarshallingException)3 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)3 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)3 URI (java.net.URI)2 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 ComponentInitializationException (net.shibboleth.utilities.java.support.component.ComponentInitializationException)2 ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)2 Test (org.junit.Test)2 MessageEncoder (org.opensaml.messaging.encoder.MessageEncoder)2 MessageEncodingException (org.opensaml.messaging.encoder.MessageEncodingException)2 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2