Example 11 with SPSSODescriptor
use of org.opensaml.saml2.metadata.SPSSODescriptor in project ddf by codice.
the class SamlProtocol method createSpMetadata.
public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost, String assertionConsumerServiceLocationPaos) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
// signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
// encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (String nameId : nameIds) {
NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
nameIDFormat.setFormat(nameId);
spSsoDescriptor.getNameIDFormats().add(nameIDFormat);
}
addSingleLogoutLocation(singleLogOutLocation, spSsoDescriptor.getSingleLogoutServices());
int acsIndex = 0;
if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(REDIRECT_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(POST_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPaos)) {
AssertionConsumerService assertionConsumerServicePaos = assertionConsumerServiceBuilder.buildObject();
assertionConsumerServicePaos.setBinding(PAOS_BINDING);
assertionConsumerServicePaos.setIndex(acsIndex);
assertionConsumerServicePaos.setLocation(assertionConsumerServiceLocationPaos);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerServicePaos);
}
spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
entityDescriptor.setCacheDuration(getCacheDuration().toMillis());
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 12 with SPSSODescriptor
use of org.opensaml.saml2.metadata.SPSSODescriptor in project ddf by codice.
the class SamlProtocol method createSpMetadata.
public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
//signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
//encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
if (StringUtils.isNotBlank(singleLogOutLocation)) {
SingleLogoutService singleLogoutServiceRedirect = singleLogOutServiceBuilder.buildObject();
singleLogoutServiceRedirect.setBinding(REDIRECT_BINDING);
singleLogoutServiceRedirect.setLocation(singleLogOutLocation);
spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedirect);
SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
singleLogoutServicePost.setBinding(POST_BINDING);
singleLogoutServicePost.setLocation(singleLogOutLocation);
spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
}
int acsIndex = 0;
if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(REDIRECT_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(POST_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 13 with SPSSODescriptor
use of org.opensaml.saml2.metadata.SPSSODescriptor in project cas by apereo.
the class SamlIdPUtils method getAssertionConsumerServiceFor.
/**
* Gets assertion consumer service for.
*
* @param authnRequest the authn request
* @param servicesManager the services manager
* @param resolver the resolver
* @return the assertion consumer service for
*/
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest, final ServicesManager servicesManager, final SamlRegisteredServiceCachingMetadataResolver resolver) {
try {
final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
if (authnRequest.getAssertionConsumerServiceIndex() != null) {
final String issuer = getIssuerFromSamlRequest(authnRequest);
final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion(issuer));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new BindingCriterion(CollectionUtils.wrap(SAMLConstants.SAML2_POST_BINDING_URI)));
final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
it.forEach(entityDescriptor -> {
final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
if (acsEndpoints.isEmpty()) {
throw new IllegalArgumentException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
}
final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (acsIndex + 1 > acsEndpoints.size()) {
throw new IllegalArgumentException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid " + "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
}
final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
acs.setBinding(foundAcs.getBinding());
acs.setLocation(foundAcs.getLocation());
acs.setResponseLocation(foundAcs.getResponseLocation());
acs.setIndex(acsIndex);
});
} else {
acs.setBinding(authnRequest.getProtocolBinding());
acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setIndex(0);
acs.setIsDefault(Boolean.TRUE);
}
LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
if (StringUtils.isBlank(acs.getBinding())) {
throw new SamlException("AssertionConsumerService has no protocol binding defined");
}
if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
throw new SamlException("AssertionConsumerService has no location or response location defined");
}
return acs;
} catch (final Exception e) {
throw new IllegalArgumentException(new SamlException(e.getMessage(), e));
}
}
Also used :
AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
BindingCriterion(org.opensaml.saml.criterion.BindingCriterion)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
Endpoint(org.opensaml.saml.saml2.metadata.Endpoint)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Example 14 with SPSSODescriptor
use of org.opensaml.saml2.metadata.SPSSODescriptor in project pac4j by pac4j.
the class SAML2LogoutMessageSender method sendMessage.
@Override
public void sendMessage(final SAML2MessageContext context, final LogoutRequest logoutRequest, final Object relayState) {
final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
final SingleLogoutService ssoLogoutService = context.getIDPSingleLogoutService(destinationBindingType);
final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
final MessageEncoder encoder = getMessageEncoder(context);
final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
outboundContext.setMessage(logoutRequest);
outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoLogoutService);
outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
if (relayState != null) {
outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
}
invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
try {
encoder.setMessageContext(outboundContext);
encoder.initialize();
encoder.prepareContext();
encoder.encode();
final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
if (messageStorage != null) {
messageStorage.storeMessage(logoutRequest.getID(), logoutRequest);
}
} catch (final MessageEncodingException e) {
throw new SAMLException("Error encoding saml message", e);
} catch (final ComponentInitializationException e) {
throw new SAMLException("Error initializing saml encoder", e);
}
}
Also used :
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
MessageEncoder(org.opensaml.messaging.encoder.MessageEncoder)
SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage)
MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 15 with SPSSODescriptor
use of org.opensaml.saml2.metadata.SPSSODescriptor in project pac4j by pac4j.
the class SAML2DefaultResponseValidatorTests method testWantsAssertionsSignedWithValidSPSSODescriptor.
@Test
public void testWantsAssertionsSignedWithValidSPSSODescriptor() {
SAML2DefaultResponseValidator validator = createResponseValidatorWithSigningValidationOf(true);
SAML2MessageContext context = new SAML2MessageContext();
SAMLMetadataContext samlSelfMetadataContext = context.getSAMLSelfMetadataContext();
SPSSODescriptor roleDescriptor = mock(SPSSODescriptor.class);
when(roleDescriptor.getWantAssertionsSigned()).thenReturn(true);
samlSelfMetadataContext.setRoleDescriptor(roleDescriptor);
assertNotNull("Expected SPSSODescriptor to not be null", context.getSPSSODescriptor());
assertTrue("Expected wantAssertionsSigned == true", validator.wantsAssertionsSigned(context));
}
Also used :
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
SAMLMetadataContext(org.opensaml.saml.common.messaging.context.SAMLMetadataContext)
Test(org.junit.Test)
Aggregations
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)16
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)6
SAMLMetadataContext (org.opensaml.saml.common.messaging.context.SAMLMetadataContext)3
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)3
SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)3
SAML2MessageContext (org.pac4j.saml.context.SAML2MessageContext)3
ComponentInitializationException (net.shibboleth.utilities.java.support.component.ComponentInitializationException)2
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)2
Test (org.junit.Test)2
MessageEncoder (org.opensaml.messaging.encoder.MessageEncoder)2
MessageEncodingException (org.opensaml.messaging.encoder.MessageEncodingException)2
Extensions (org.opensaml.saml.saml2.metadata.Extensions)2
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)2
NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)2
AssertionConsumerServiceBuilder (org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)2
SAMLException (org.pac4j.saml.exceptions.SAMLException)2
IOException (java.io.IOException)1
OutputStreamWriter (java.io.OutputStreamWriter)1
StringWriter (java.io.StringWriter)1
