Example 1 with RoleDescriptor
use of org.opensaml.saml2.metadata.RoleDescriptor in project cas by apereo.
the class SamlIdPObjectSigner method prepareSecurityParametersContext.
/**
* Prepare security parameters context.
*
* @param <T> the type parameter
* @param adaptor the adaptor
* @param outboundContext the outbound context
* @param service the service
* @throws SAMLException the saml exception
*/
protected <T extends SAMLObject> void prepareSecurityParametersContext(final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final MessageContext<T> outboundContext, final SamlRegisteredService service) throws SAMLException {
@NonNull final SecurityParametersContext secParametersContext = outboundContext.getSubcontext(SecurityParametersContext.class, true);
final RoleDescriptor roleDesc = adaptor.getSsoDescriptor();
final SignatureSigningParameters signingParameters = buildSignatureSigningParameters(roleDesc, service);
secParametersContext.setSignatureSigningParameters(signingParameters);
}
Also used :
SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters)
NonNull(lombok.NonNull)
SecurityParametersContext(org.opensaml.xmlsec.context.SecurityParametersContext)
RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor)
Example 2 with RoleDescriptor
use of org.opensaml.saml2.metadata.RoleDescriptor in project verify-hub by alphagov.
the class SamlEntityDescriptorValidator method validateRoleDescriptor.
private void validateRoleDescriptor(EntityDescriptor descriptor) {
if (descriptor.getRoleDescriptors().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingRoleDescriptor();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
RoleDescriptor roleDescriptor = descriptor.getRoleDescriptors().get(0);
if (roleDescriptor.getKeyDescriptors().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingKeyDescriptor();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
KeyInfo keyInfo = roleDescriptor.getKeyDescriptors().get(0).getKeyInfo();
if (keyInfo == null) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingKeyInfo();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (keyInfo.getX509Datas().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingX509Data();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
X509Data x509Data = keyInfo.getX509Datas().get(0);
if (x509Data.getX509Certificates().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingX509Certificate();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
X509Certificate x509Certificate = x509Data.getX509Certificates().get(0);
if (StringUtils.isEmpty(x509Certificate.getValue())) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyX509Certificiate();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
}
Also used :
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 3 with RoleDescriptor
use of org.opensaml.saml2.metadata.RoleDescriptor in project pac4j by pac4j.
the class SAML2ContextProvider method addContext.
protected final void addContext(final SAML2MetadataResolver metadata, final BaseContext parentContext, final QName elementName) {
final EntityDescriptor entityDescriptor;
final RoleDescriptor roleDescriptor;
try {
final var set = new CriteriaSet();
final var entityId = metadata.getEntityId();
set.add(new EntityIdCriterion(entityId));
entityDescriptor = SAML2Utils.buildChainingMetadataResolver(this.idpEntityId, this.spEntityId).resolveSingle(set);
if (entityDescriptor == null) {
throw new SAMLException("Cannot find entity " + entityId + " in metadata provider");
}
final var list = entityDescriptor.getRoleDescriptors(elementName, SAMLConstants.SAML20P_NS);
roleDescriptor = CommonHelper.isNotEmpty(list) ? list.get(0) : null;
if (roleDescriptor == null) {
throw new SAMLException("Cannot find entity " + entityId + " or role " + elementName + " in metadata provider");
}
} catch (final ResolverException e) {
throw new SAMLException("An error occurred while getting IDP descriptors", e);
}
final var mdCtx = parentContext.getSubcontext(SAMLMetadataContext.class, true);
mdCtx.setEntityDescriptor(entityDescriptor);
mdCtx.setRoleDescriptor(roleDescriptor);
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 4 with RoleDescriptor
use of org.opensaml.saml2.metadata.RoleDescriptor in project MaxKey by dromara.
the class MetadataGenerator method buildEntityDescriptor.
public EntityDescriptor buildEntityDescriptor(String entityId, RoleDescriptor roleDescriptor) {
EntityDescriptor entityDescriptor = new EntityDescriptorBuilder().buildObject();
entityDescriptor.setEntityID(entityId);
entityDescriptor.getRoleDescriptors().add(roleDescriptor);
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor)
EntityDescriptorBuilder(org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder)
Example 5 with RoleDescriptor
use of org.opensaml.saml2.metadata.RoleDescriptor in project cloud-pipeline by epam.
the class SAMLContexProviderCustomSingKey method populateLocalEntity.
@Override
protected void populateLocalEntity(SAMLMessageContext samlContext) throws MetadataProviderException {
String localEntityId = samlContext.getLocalEntityId();
QName localEntityRole = samlContext.getLocalEntityRole();
if (localEntityId == null) {
throw new MetadataProviderException("No hosted service provider is configured and no alias was selected");
}
EntityDescriptor entityDescriptor = metadata.getEntityDescriptor(localEntityId);
RoleDescriptor roleDescriptor = metadata.getRole(localEntityId, localEntityRole, SAMLConstants.SAML20P_NS);
ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(localEntityId);
if (entityDescriptor == null || roleDescriptor == null) {
throw new MetadataProviderException("Metadata for entity " + localEntityId + " and role " + localEntityRole + " wasn't found");
}
samlContext.setLocalEntityMetadata(entityDescriptor);
samlContext.setLocalEntityRoleMetadata(roleDescriptor);
samlContext.setLocalExtendedMetadata(extendedMetadata);
if (extendedMetadata.getSigningKey() != null) {
samlContext.setLocalSigningCredential(keyManager.getCredential(extendedMetadata.getSigningKey()));
} else {
samlContext.setLocalSigningCredential(keyManager.getCredential(signingKey));
}
}
Also used :
EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor)
QName(javax.xml.namespace.QName)
RoleDescriptor(org.opensaml.saml2.metadata.RoleDescriptor)
ExtendedMetadata(org.springframework.security.saml.metadata.ExtendedMetadata)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
Aggregations
RoleDescriptor (org.opensaml.saml.saml2.metadata.RoleDescriptor)4
EntityDescriptor (org.opensaml.saml2.metadata.EntityDescriptor)4
RoleDescriptor (org.opensaml.saml2.metadata.RoleDescriptor)3
QName (javax.xml.namespace.QName)2
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)2
MetadataProviderException (org.opensaml.saml2.metadata.provider.MetadataProviderException)2
SecurityParametersContext (org.opensaml.xmlsec.context.SecurityParametersContext)2
ExtendedMetadata (org.springframework.security.saml.metadata.ExtendedMetadata)2
File (java.io.File)1
FileInputStream (java.io.FileInputStream)1
InputStream (java.io.InputStream)1
NonNull (lombok.NonNull)1
ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1
SamlException (org.apereo.cas.support.saml.SamlException)1
SAMLPeerEntityContext (org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)1
SAMLProtocolContext (org.opensaml.saml.common.messaging.context.SAMLProtocolContext)1
EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1
SAML2HTTPRedirectDeflateSignatureSecurityHandler (org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler)1
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)1
