Search in sources :

Example 1 with SPSSODescriptor

use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.

the class MetadataUIUtils method locateMetadataUserInterfaceForEntityId.

/**
     * Locate mdui for entity id simple metadata ui info.
     *
     * @param entityDescriptor  the entity descriptor
     * @param entityId          the entity id
     * @param registeredService the registered service
     * @return the simple metadata ui info
     */
public static SamlMetadataUIInfo locateMetadataUserInterfaceForEntityId(final EntityDescriptor entityDescriptor, final String entityId, final RegisteredService registeredService) {
    final SamlMetadataUIInfo mdui = new SamlMetadataUIInfo(registeredService);
    if (entityDescriptor == null) {
        LOGGER.debug("Entity descriptor not found for [{}]", entityId);
        return mdui;
    }
    final SPSSODescriptor spssoDescriptor = getSPSsoDescriptor(entityDescriptor);
    if (spssoDescriptor == null) {
        LOGGER.debug("SP SSO descriptor not found for [{}]", entityId);
        return mdui;
    }
    final Extensions extensions = spssoDescriptor.getExtensions();
    if (extensions == null) {
        LOGGER.debug("No extensions in the SP SSO descriptor are found for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
        return mdui;
    }
    final List<XMLObject> spExtensions = extensions.getUnknownXMLObjects(UIInfo.DEFAULT_ELEMENT_NAME);
    if (spExtensions.isEmpty()) {
        LOGGER.debug("No extensions in the SP SSO descriptor are located for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
        return mdui;
    }
    spExtensions.stream().filter(UIInfo.class::isInstance).forEach(obj -> {
        final UIInfo uiInfo = (UIInfo) obj;
        LOGGER.debug("Found MDUI info for [{}]", entityId);
        mdui.setUIInfo(uiInfo);
    });
    return mdui;
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) UIInfo(org.opensaml.saml.ext.saml2mdui.UIInfo) XMLObject(org.opensaml.core.xml.XMLObject) Extensions(org.opensaml.saml.saml2.metadata.Extensions)

Example 2 with SPSSODescriptor

use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.

the class MetadataRequestedAttributesAttributeReleasePolicy method getAttributesForSamlRegisteredService.

@Override
protected Map<String, Object> getAttributesForSamlRegisteredService(final Map<String, Object> attributes, final SamlRegisteredService service, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor) {
    final Map<String, Object> releaseAttributes = new LinkedHashMap<>();
    final SPSSODescriptor sso = facade.getSsoDescriptor();
    if (sso != null) {
        sso.getAttributeConsumingServices().forEach(svc -> svc.getRequestAttributes().stream().filter(attr -> {
            final String name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
            LOGGER.debug("Checking for requested attribute [{}] in metadata for [{}]", name, service.getName());
            return attributes.containsKey(name);
        }).forEach(attr -> {
            final String name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
            LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, service.getName());
            releaseAttributes.put(name, attributes.get(name));
        }));
    }
    return releaseAttributes;
}
Also used : Setter(lombok.Setter) Getter(lombok.Getter) SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver) EqualsAndHashCode(lombok.EqualsAndHashCode) ApplicationContext(org.springframework.context.ApplicationContext) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) LinkedHashMap(java.util.LinkedHashMap) Slf4j(lombok.extern.slf4j.Slf4j) Map(java.util.Map) ToString(lombok.ToString) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) AllArgsConstructor(lombok.AllArgsConstructor) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) NoArgsConstructor(lombok.NoArgsConstructor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) ToString(lombok.ToString) LinkedHashMap(java.util.LinkedHashMap)

Example 3 with SPSSODescriptor

use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.

the class MetadataUIUtils method getSPSsoDescriptor.

/**
 * Gets SP SSO descriptor.
 *
 * @param entityDescriptor the entity descriptor
 * @return the SP SSO descriptor
 */
public static SPSSODescriptor getSPSsoDescriptor(final EntityDescriptor entityDescriptor) {
    LOGGER.trace("Locating SP SSO descriptor for SAML2 protocol...");
    SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
    if (spssoDescriptor == null) {
        LOGGER.trace("Locating SP SSO descriptor for SAML11 protocol...");
        spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML11P_NS);
    }
    if (spssoDescriptor == null) {
        LOGGER.trace("Locating SP SSO descriptor for SAML1 protocol...");
        spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML10P_NS);
    }
    LOGGER.trace("SP SSO descriptor resolved to be [{}]", spssoDescriptor);
    return spssoDescriptor;
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)

Example 4 with SPSSODescriptor

use of org.opensaml.saml2.metadata.SPSSODescriptor in project syncope by apache.

the class SAML2SPLogic method getMetadata.

@PreAuthorize("isAuthenticated()")
public void getMetadata(final String spEntityID, final String urlContext, final OutputStream os) {
    check();
    try {
        EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
        spEntityDescriptor.setEntityID(spEntityID);
        SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
        spSSODescriptor.setWantAssertionsSigned(true);
        spSSODescriptor.setAuthnRequestsSigned(true);
        spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
        X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        keyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
        keyInfoGenerator.generate(loader.getCredential());
        KeyDescriptor keyDescriptor = new KeyDescriptorBuilder().buildObject();
        keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
        spSSODescriptor.getKeyDescriptors().add(keyDescriptor);
        NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
        nameIDFormat.setFormat(NameIDType.PERSISTENT);
        spSSODescriptor.getNameIDFormats().add(nameIDFormat);
        nameIDFormat = new NameIDFormatBuilder().buildObject();
        nameIDFormat.setFormat(NameIDType.TRANSIENT);
        spSSODescriptor.getNameIDFormats().add(nameIDFormat);
        for (SAML2BindingType bindingType : SAML2BindingType.values()) {
            AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
            assertionConsumerService.setIndex(bindingType.ordinal());
            assertionConsumerService.setBinding(bindingType.getUri());
            assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext));
            spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
            spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
            String sloUrl = spEntityID + urlContext + "/logout";
            validateUrl(sloUrl);
            SingleLogoutService singleLogoutService = new SingleLogoutServiceBuilder().buildObject();
            singleLogoutService.setBinding(bindingType.getUri());
            singleLogoutService.setLocation(sloUrl);
            singleLogoutService.setResponseLocation(sloUrl);
            spSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
        }
        spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
        saml2rw.sign(spEntityDescriptor);
        saml2rw.write(new OutputStreamWriter(os), spEntityDescriptor, true);
    } catch (Exception e) {
        LOG.error("While getting SP metadata", e);
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
        sce.getElements().add(e.getMessage());
        throw sce;
    }
}
Also used : SAML2BindingType(org.apache.syncope.common.lib.types.SAML2BindingType) SPSSODescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorBuilder) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) NameIDFormatBuilder(org.opensaml.saml.saml2.metadata.impl.NameIDFormatBuilder) XSString(org.opensaml.core.xml.schema.XSString) EntityDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) KeyInfoGenerator(org.opensaml.xmlsec.keyinfo.KeyInfoGenerator) NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat) SingleLogoutServiceBuilder(org.opensaml.saml.saml2.metadata.impl.SingleLogoutServiceBuilder) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) OutputStreamWriter(java.io.OutputStreamWriter) KeyDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 5 with SPSSODescriptor

use of org.opensaml.saml2.metadata.SPSSODescriptor in project pac4j by pac4j.

the class SAML2WebSSOMessageSender method sendMessage.

@Override
public void sendMessage(final SAML2MessageContext context, final AuthnRequest authnRequest, final Object relayState) {
    final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
    final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
    final SingleSignOnService ssoService = context.getIDPSingleSignOnService(destinationBindingType);
    final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
    final MessageEncoder encoder = getMessageEncoder(context);
    final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
    outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
    outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
    outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
    outboundContext.setMessage(authnRequest);
    outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
    outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoService);
    outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
    outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
    outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
    outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
    if (relayState != null) {
        outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
    }
    try {
        invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
        encoder.setMessageContext(outboundContext);
        encoder.initialize();
        encoder.prepareContext();
        encoder.encode();
        final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
        if (messageStorage != null) {
            messageStorage.storeMessage(authnRequest.getID(), authnRequest);
        }
    } catch (final MessageEncodingException e) {
        throw new SAMLException("Error encoding saml message", e);
    } catch (final ComponentInitializationException e) {
        throw new SAMLException("Error initializing saml encoder", e);
    }
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) MessageEncoder(org.opensaml.messaging.encoder.MessageEncoder) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Aggregations

SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)16 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)6 SAMLMetadataContext (org.opensaml.saml.common.messaging.context.SAMLMetadataContext)3 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)3 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)3 SAML2MessageContext (org.pac4j.saml.context.SAML2MessageContext)3 ComponentInitializationException (net.shibboleth.utilities.java.support.component.ComponentInitializationException)2 SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)2 Test (org.junit.Test)2 MessageEncoder (org.opensaml.messaging.encoder.MessageEncoder)2 MessageEncodingException (org.opensaml.messaging.encoder.MessageEncodingException)2 Extensions (org.opensaml.saml.saml2.metadata.Extensions)2 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)2 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)2 AssertionConsumerServiceBuilder (org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)2 SAMLException (org.pac4j.saml.exceptions.SAMLException)2 IOException (java.io.IOException)1 OutputStreamWriter (java.io.OutputStreamWriter)1 StringWriter (java.io.StringWriter)1