use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.
the class MetadataUIUtils method locateMetadataUserInterfaceForEntityId.
/**
* Locate mdui for entity id simple metadata ui info.
*
* @param entityDescriptor the entity descriptor
* @param entityId the entity id
* @param registeredService the registered service
* @return the simple metadata ui info
*/
public static SamlMetadataUIInfo locateMetadataUserInterfaceForEntityId(final EntityDescriptor entityDescriptor, final String entityId, final RegisteredService registeredService) {
final SamlMetadataUIInfo mdui = new SamlMetadataUIInfo(registeredService);
if (entityDescriptor == null) {
LOGGER.debug("Entity descriptor not found for [{}]", entityId);
return mdui;
}
final SPSSODescriptor spssoDescriptor = getSPSsoDescriptor(entityDescriptor);
if (spssoDescriptor == null) {
LOGGER.debug("SP SSO descriptor not found for [{}]", entityId);
return mdui;
}
final Extensions extensions = spssoDescriptor.getExtensions();
if (extensions == null) {
LOGGER.debug("No extensions in the SP SSO descriptor are found for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
return mdui;
}
final List<XMLObject> spExtensions = extensions.getUnknownXMLObjects(UIInfo.DEFAULT_ELEMENT_NAME);
if (spExtensions.isEmpty()) {
LOGGER.debug("No extensions in the SP SSO descriptor are located for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
return mdui;
}
spExtensions.stream().filter(UIInfo.class::isInstance).forEach(obj -> {
final UIInfo uiInfo = (UIInfo) obj;
LOGGER.debug("Found MDUI info for [{}]", entityId);
mdui.setUIInfo(uiInfo);
});
return mdui;
}
use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.
the class MetadataRequestedAttributesAttributeReleasePolicy method getAttributesForSamlRegisteredService.
@Override
protected Map<String, Object> getAttributesForSamlRegisteredService(final Map<String, Object> attributes, final SamlRegisteredService service, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor) {
final Map<String, Object> releaseAttributes = new LinkedHashMap<>();
final SPSSODescriptor sso = facade.getSsoDescriptor();
if (sso != null) {
sso.getAttributeConsumingServices().forEach(svc -> svc.getRequestAttributes().stream().filter(attr -> {
final String name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Checking for requested attribute [{}] in metadata for [{}]", name, service.getName());
return attributes.containsKey(name);
}).forEach(attr -> {
final String name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, service.getName());
releaseAttributes.put(name, attributes.get(name));
}));
}
return releaseAttributes;
}
use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.
the class MetadataUIUtils method getSPSsoDescriptor.
/**
* Gets SP SSO descriptor.
*
* @param entityDescriptor the entity descriptor
* @return the SP SSO descriptor
*/
public static SPSSODescriptor getSPSsoDescriptor(final EntityDescriptor entityDescriptor) {
LOGGER.trace("Locating SP SSO descriptor for SAML2 protocol...");
SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spssoDescriptor == null) {
LOGGER.trace("Locating SP SSO descriptor for SAML11 protocol...");
spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML11P_NS);
}
if (spssoDescriptor == null) {
LOGGER.trace("Locating SP SSO descriptor for SAML1 protocol...");
spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML10P_NS);
}
LOGGER.trace("SP SSO descriptor resolved to be [{}]", spssoDescriptor);
return spssoDescriptor;
}
use of org.opensaml.saml2.metadata.SPSSODescriptor in project syncope by apache.
the class SAML2SPLogic method getMetadata.
@PreAuthorize("isAuthenticated()")
public void getMetadata(final String spEntityID, final String urlContext, final OutputStream os) {
check();
try {
EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
spEntityDescriptor.setEntityID(spEntityID);
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
keyInfoGenerator.generate(loader.getCredential());
KeyDescriptor keyDescriptor = new KeyDescriptorBuilder().buildObject();
keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
spSSODescriptor.getKeyDescriptors().add(keyDescriptor);
NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.TRANSIENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
for (SAML2BindingType bindingType : SAML2BindingType.values()) {
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(bindingType.ordinal());
assertionConsumerService.setBinding(bindingType.getUri());
assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext));
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
String sloUrl = spEntityID + urlContext + "/logout";
validateUrl(sloUrl);
SingleLogoutService singleLogoutService = new SingleLogoutServiceBuilder().buildObject();
singleLogoutService.setBinding(bindingType.getUri());
singleLogoutService.setLocation(sloUrl);
singleLogoutService.setResponseLocation(sloUrl);
spSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
}
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
saml2rw.sign(spEntityDescriptor);
saml2rw.write(new OutputStreamWriter(os), spEntityDescriptor, true);
} catch (Exception e) {
LOG.error("While getting SP metadata", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
}
use of org.opensaml.saml2.metadata.SPSSODescriptor in project pac4j by pac4j.
the class SAML2WebSSOMessageSender method sendMessage.
@Override
public void sendMessage(final SAML2MessageContext context, final AuthnRequest authnRequest, final Object relayState) {
final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
final SingleSignOnService ssoService = context.getIDPSingleSignOnService(destinationBindingType);
final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
final MessageEncoder encoder = getMessageEncoder(context);
final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
outboundContext.setMessage(authnRequest);
outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoService);
outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
if (relayState != null) {
outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
}
try {
invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
encoder.setMessageContext(outboundContext);
encoder.initialize();
encoder.prepareContext();
encoder.encode();
final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
if (messageStorage != null) {
messageStorage.storeMessage(authnRequest.getID(), authnRequest);
}
} catch (final MessageEncodingException e) {
throw new SAMLException("Error encoding saml message", e);
} catch (final ComponentInitializationException e) {
throw new SAMLException("Error initializing saml encoder", e);
}
}
Aggregations