Search in sources :

Example 6 with Envelope

use of org.opensaml.soap.soap11.Envelope in project cas by apereo.

the class SamlResponseAuditResourceResolver method getPrincipalIdFromSamlEcpResponse.

private String[] getPrincipalIdFromSamlEcpResponse(final Envelope envelope) {
    final List<XMLObject> objects = envelope.getBody().getUnknownXMLObjects();
    if (objects.isEmpty()) {
        return new String[] {};
    }
    final XMLObject object = objects.get(0);
    if (object instanceof Response) {
        return getPrincipalIdFromSamlResponse((Response) object);
    }
    if (object instanceof Fault) {
        return getPrincipalIdFromSamlEcpFault((Fault) object);
    }
    return new String[] {};
}
Also used : Response(org.opensaml.saml.saml2.core.Response) XMLObject(org.opensaml.core.xml.XMLObject) Fault(org.opensaml.soap.soap11.Fault)

Example 7 with Envelope

use of org.opensaml.soap.soap11.Envelope in project cas by apereo.

the class SamlProfileSamlSoap11FaultResponseBuilder method build.

@Override
public Envelope build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Header header = newSoapObject(Header.class);
    final Body body = newSoapObject(Body.class);
    final Fault fault = newSoapObject(Fault.class);
    final FaultCode faultCode = newSoapObject(FaultCode.class);
    faultCode.setValue(FaultCode.SERVER);
    fault.setCode(faultCode);
    final FaultActor faultActor = newSoapObject(FaultActor.class);
    faultActor.setValue(SamlIdPUtils.getIssuerFromSamlRequest(authnRequest));
    fault.setActor(faultActor);
    final FaultString faultString = newSoapObject(FaultString.class);
    faultString.setValue(request.getAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR).toString());
    fault.setMessage(faultString);
    body.getUnknownXMLObjects().add(fault);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    encodeFinalResponse(request, response, service, adaptor, envelope, binding, authnRequest, casAssertion);
    return envelope;
}
Also used : FaultCode(org.opensaml.soap.soap11.FaultCode) FaultActor(org.opensaml.soap.soap11.FaultActor) Header(org.opensaml.soap.soap11.Header) Fault(org.opensaml.soap.soap11.Fault) FaultString(org.opensaml.soap.soap11.FaultString) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Example 8 with Envelope

use of org.opensaml.soap.soap11.Envelope in project cas by apereo.

the class ECPProfileHandlerController method handleEcpRequest.

/**
 * Handle ecp request.
 *
 * @param response    the response
 * @param request     the request
 * @param soapContext the soap context
 * @param credential  the credential
 * @param binding     the binding
 */
protected void handleEcpRequest(final HttpServletResponse response, final HttpServletRequest request, final MessageContext soapContext, final Credential credential, final String binding) {
    LOGGER.debug("Handling ECP request for SOAP context [{}]", soapContext);
    final Envelope envelope = soapContext.getSubcontext(SOAP11Context.class).getEnvelope();
    SamlUtils.logSamlObject(configBean, envelope);
    final AuthnRequest authnRequest = (AuthnRequest) soapContext.getMessage();
    final Pair<AuthnRequest, MessageContext> authenticationContext = Pair.of(authnRequest, soapContext);
    try {
        LOGGER.debug("Verifying ECP authentication request [{}]", authnRequest);
        final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> serviceRequest = verifySamlAuthenticationRequest(authenticationContext, request);
        LOGGER.debug("Attempting to authenticate ECP request for credential id [{}]", credential.getId());
        final Authentication authentication = authenticateEcpRequest(credential, authenticationContext);
        LOGGER.debug("Authenticated [{}] successfully with authenticated principal [{}]", credential.getId(), authentication.getPrincipal());
        LOGGER.debug("Building ECP SAML response for [{}]", credential.getId());
        final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
        final Service service = webApplicationServiceFactory.createService(issuer);
        final Assertion casAssertion = buildCasAssertion(authentication, service, serviceRequest.getKey(), new LinkedHashMap<>());
        LOGGER.debug("CAS assertion to use for building ECP SAML response is [{}]", casAssertion);
        buildSamlResponse(response, request, authenticationContext, casAssertion, binding);
    } catch (final AuthenticationException e) {
        LOGGER.error(e.getMessage(), e);
        final String error = e.getHandlerErrors().values().stream().map(Throwable::getMessage).filter(Objects::nonNull).collect(Collectors.joining(","));
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, error));
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        buildEcpFaultResponse(response, request, Pair.of(authnRequest, e.getMessage()));
    }
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) Assertion(org.jasig.cas.client.validation.Assertion) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Service(org.apereo.cas.authentication.principal.Service) Envelope(org.opensaml.soap.soap11.Envelope) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) SOAP11Context(org.opensaml.soap.messaging.context.SOAP11Context) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Authentication(org.apereo.cas.authentication.Authentication) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Objects(java.util.Objects) MessageContext(org.opensaml.messaging.context.MessageContext)

Example 9 with Envelope

use of org.opensaml.soap.soap11.Envelope in project cas by apereo.

the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
    final Response ecpResponse = newEcpResponse(adaptor.getAssertionConsumerService().getLocation());
    final Header header = newSoapObject(Header.class);
    header.getUnknownXMLObjects().add(ecpResponse);
    final Body body = newSoapObject(Body.class);
    final org.opensaml.saml.saml2.core.Response saml2Response = (org.opensaml.saml.saml2.core.Response) saml2ResponseBuilder.build(authnRequest, request, response, casAssertion, service, adaptor);
    body.getUnknownXMLObjects().add(saml2Response);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    return envelope;
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(org.opensaml.saml.saml2.ecp.Response) Header(org.opensaml.soap.soap11.Header) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Example 10 with Envelope

use of org.opensaml.soap.soap11.Envelope in project cas by apereo.

the class SamlProfileArtifactResponseBuilder method buildResponse.

@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final org.jasig.cas.client.validation.Assertion castedAssertion = org.jasig.cas.client.validation.Assertion.class.cast(casAssertion);
    final SamlArtifactTicket ticket = (SamlArtifactTicket) castedAssertion.getAttributes().get("artifact");
    final ArtifactResponse artifactResponse = new ArtifactResponseBuilder().buildObject();
    artifactResponse.setIssueInstant(DateTime.now());
    artifactResponse.setIssuer(newIssuer(ticket.getIssuer()));
    artifactResponse.setInResponseTo(ticket.getRelyingPartyId());
    artifactResponse.setID(ticket.getId());
    artifactResponse.setStatus(newStatus(StatusCode.SUCCESS, "Success"));
    final SAMLObject samlResponse = SamlUtils.transformSamlObject(configBean, ticket.getObject(), SAMLObject.class);
    artifactResponse.setMessage(samlResponse);
    final Header header = newSoapObject(Header.class);
    final Body body = newSoapObject(Body.class);
    body.getUnknownXMLObjects().add(artifactResponse);
    final Envelope envelope = newSoapObject(Envelope.class);
    envelope.setHeader(header);
    envelope.setBody(body);
    SamlUtils.logSamlObject(this.configBean, envelope);
    return envelope;
}
Also used : Header(org.opensaml.soap.soap11.Header) SAMLObject(org.opensaml.saml.common.SAMLObject) ArtifactResponse(org.opensaml.saml.saml2.core.ArtifactResponse) ArtifactResponseBuilder(org.opensaml.saml.saml2.core.impl.ArtifactResponseBuilder) SamlArtifactTicket(org.apereo.cas.ticket.artifact.SamlArtifactTicket) Envelope(org.opensaml.soap.soap11.Envelope) Body(org.opensaml.soap.soap11.Body)

Aggregations

Envelope (org.opensaml.soap.soap11.Envelope)11 Body (org.opensaml.soap.soap11.Body)8 Header (org.opensaml.soap.soap11.Header)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Fault (org.opensaml.soap.soap11.Fault)3 Authentication (org.apereo.cas.authentication.Authentication)2 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)2 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)2 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)2 MessageContext (org.opensaml.messaging.context.MessageContext)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2 Response (org.opensaml.saml.saml2.core.Response)2 Response (org.opensaml.saml.saml2.ecp.Response)2 SOAP11Context (org.opensaml.soap.messaging.context.SOAP11Context)2 FaultActor (org.opensaml.soap.soap11.FaultActor)2 FaultCode (org.opensaml.soap.soap11.FaultCode)2 FaultString (org.opensaml.soap.soap11.FaultString)2 Objects (java.util.Objects)1 NonNull (lombok.NonNull)1 Service (org.apereo.cas.authentication.principal.Service)1