Search in sources :

Example 1 with EndpointImpl

use of org.opensaml.saml2.metadata.impl.EndpointImpl in project cloud-pipeline by epam.

the class CustomSamlClient method validateAssertion.

private void validateAssertion(Response response) throws SAMLException {
    if (response.getAssertions().size() != 1) {
        throw new SAMLException("The response doesn't contain exactly 1 assertion");
    }
    Assertion assertion = response.getAssertions().get(0);
    // Verify storage time skew
    if (!isDateTimeSkewValid(getResponseSkew(), getMaxAssertionTime(), assertion.getIssueInstant())) {
        throw new SAMLException("Assertion is too old to be used, value can be customized by setting maxAssertionTime value " + assertion.getIssueInstant());
    }
    if (!assertion.getIssuer().getValue().equals(responseIssuer)) {
        throw new SAMLException("The assertion issuer didn't match the expected value");
    }
    if (assertion.getSubject().getNameID() == null) {
        throw new SAMLException("The NameID value is missing from the SAML response; this is likely an IDP configuration issue");
    }
    SAMLMessageContext context = new SAMLMessageContext();
    context.setLocalEntityId(relyingPartyIdentifier);
    context.setLocalEntityEndpoint(new EndpointImpl(null, "", "") {

        @Override
        public String getLocation() {
            return relyingPartyIdentifier + SSO_ENDPOINT;
        }
    });
    try {
        verifySubject(assertion.getSubject(), null, context);
    } catch (DecryptionException e) {
        throw new SAMLException(e);
    }
    if (assertion.getAuthnStatements().size() > 0) {
        verifyAssertionConditions(assertion.getConditions(), context, true);
        for (AuthnStatement statement : assertion.getAuthnStatements()) {
            verifyAuthenticationStatement(statement, null, context);
        }
    } else {
        verifyAssertionConditions(assertion.getConditions(), context, false);
    }
}
Also used : SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext) EndpointImpl(org.opensaml.saml2.metadata.impl.EndpointImpl) Assertion(org.opensaml.saml2.core.Assertion) AuthnStatement(org.opensaml.saml2.core.AuthnStatement) SAMLException(org.opensaml.common.SAMLException) DecryptionException(org.opensaml.xml.encryption.DecryptionException)

Aggregations

SAMLException (org.opensaml.common.SAMLException)1 Assertion (org.opensaml.saml2.core.Assertion)1 AuthnStatement (org.opensaml.saml2.core.AuthnStatement)1 EndpointImpl (org.opensaml.saml2.metadata.impl.EndpointImpl)1 DecryptionException (org.opensaml.xml.encryption.DecryptionException)1 SAMLMessageContext (org.springframework.security.saml.context.SAMLMessageContext)1