use of org.opensaml.ws.message.decoder.MessageDecodingException in project uaa by cloudfoundry.
the class SamlAssertionDecoder method doDecode.
/**
* {@inheritDoc}
*/
protected void doDecode(MessageContext messageContext) throws MessageDecodingException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Invalid message context type, this decoder only support SAMLMessageContext");
throw new MessageDecodingException("Invalid message context type, this decoder only support SAMLMessageContext");
}
if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) {
log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport");
throw new MessageDecodingException("Invalid inbound message transport type, this decoder only support HTTPInTransport");
}
SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport();
if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) {
throw new MessageDecodingException("This message decoder only supports the HTTP POST method");
}
String relayState = inTransport.getParameterValue("RelayState");
samlMsgCtx.setRelayState(relayState);
log.debug("Decoded SAML relay state of: {}", relayState);
InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport);
Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage);
Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue());
samlMsgCtx.setInboundMessage(response);
samlMsgCtx.setInboundSAMLMessage(response);
log.debug("Decoded SAML message");
populateMessageContext(samlMsgCtx);
}
use of org.opensaml.ws.message.decoder.MessageDecodingException in project MaxKey by dromara.
the class LogoutSamlEndpoint method samlRedirectLogout.
@Operation(summary = "SAML单点注销地址接口", description = "", method = "GET")
@SuppressWarnings("rawtypes")
@RequestMapping(value = "/logout/saml", method = RequestMethod.GET)
public ModelAndView samlRedirectLogout(HttpServletRequest request, HttpServletResponse response) throws Exception {
SAMLMessageContext messageContext;
logger.debug("extract SAML Message .");
try {
messageContext = extractRedirectBindingAdapter.extractSAMLMessageContext(request);
logger.debug("validate SAML LogoutRequest .");
LogoutRequest logoutRequest = (LogoutRequest) messageContext.getInboundSAMLMessage();
validatorSuite.validate(logoutRequest);
logger.debug("LogoutRequest ID " + logoutRequest.getID());
logger.debug("LogoutRequest Issuer " + logoutRequest.getIssuer());
logger.debug("LogoutRequest IssueInstant " + logoutRequest.getIssueInstant());
logger.debug("LogoutRequest Destination " + logoutRequest.getDestination());
logger.debug("LogoutRequest NameID " + logoutRequest.getNameID().getValue());
return WebContext.redirect("/logout");
} catch (MessageDecodingException e1) {
logger.error("Exception decoding SAML MessageDecodingException", e1);
} catch (SecurityException e1) {
logger.error("Exception decoding SAML SecurityException", e1);
} catch (ValidationException ve) {
logger.warn("logoutRequest Message failed Validation", ve);
}
return WebContext.redirect("/login");
}
use of org.opensaml.ws.message.decoder.MessageDecodingException in project MaxKey by dromara.
the class ConsumerEndpoint method consumer.
@RequestMapping(value = "/consumer/saml/v20/{spId}")
public ModelAndView consumer(HttpServletRequest request, HttpServletResponse response, @PathVariable("spId") String spId) throws Exception {
logger.debug("Attempting authentication.");
// 初始化SP 证书
initCredential(spId);
SAMLMessageContext messageContext = null;
/*
try {
messageContext = bindingAdapter.extractSAMLMessageContext(request);
} catch (MessageDecodingException me) {
logger.error("Could not decode SAML Response", me);
throw new Exception(me);
} catch (SecurityException se) {
logger.error("Could not decode SAML Response", se);
throw new Exception(se);
}*/
logger.debug("Message received from issuer: " + messageContext.getInboundMessageIssuer());
if (!(messageContext.getInboundSAMLMessage() instanceof Response)) {
logger.error("SAML Message was not a Response");
throw new Exception();
}
List<Assertion> assertionList = ((Response) messageContext.getInboundSAMLMessage()).getAssertions();
String credentials = extractBindingAdapter.extractSAMLMessage(request);
// 未认证token
Response samlResponse = (Response) messageContext.getInboundSAMLMessage();
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
try {
validatorSuite.validate(samlResponse);
} catch (ValidationException ve) {
logger.warn("Response Message failed Validation", ve);
throw new ServiceProviderAuthenticationException("Invalid SAML REsponse Message", ve);
}
checkResponseStatus(samlResponse);
Assertion assertion = samlResponse.getAssertions().get(0);
logger.debug("authenticationResponseIssuingEntityName {}", samlResponse.getIssuer().getValue());
String username = assertion.getSubject().getNameID().getValue();
logger.debug("assertion.getID() ", assertion.getID());
logger.debug("assertion.getSubject().getNameID().getValue() ", username);
logger.debug("assertion.getID() ", assertion.getAuthnStatements());
LoginCredential loginCredential = new LoginCredential(username, "", ConstsLoginType.SAMLTRUST);
authenticationProvider.authentication(loginCredential, true);
ModelAndView mav = new ModelAndView();
mav.addObject("username", username);
mav.setViewName("redirect:/appList");
return mav;
}
use of org.opensaml.ws.message.decoder.MessageDecodingException in project MaxKey by dromara.
the class OpenHTTPPostDecoder method getActualReceiverEndpointURI.
@Override
@SuppressWarnings("rawtypes")
protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException {
InTransport inTransport = messageContext.getInboundMessageTransport();
if (!(inTransport instanceof HttpServletRequestAdapter)) {
throw new MessageDecodingException("Message context InTransport instance was an unsupported type");
}
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
StringBuffer urlBuilder = httpRequest.getRequestURL();
String tempUrl = urlBuilder.toString();
// 从http协议头开始,跳过前面两个斜杠
tempUrl = tempUrl.substring(tempUrl.indexOf("/", 8) + 1);
return receiverEndpoint + tempUrl;
}
use of org.opensaml.ws.message.decoder.MessageDecodingException in project MaxKey by dromara.
the class SingleSignOnEndpoint method extractSAMLMessage.
@SuppressWarnings("rawtypes")
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter, HttpServletRequest request) throws Exception {
SAMLMessageContext messageContext;
logger.debug("extract SAML Message .");
try {
messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
logger.debug("validate SAML AuthnRequest .");
AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
logger.debug("AuthnRequest ProtocolBinding " + authnRequest.getProtocolBinding());
logger.debug("InboundSAMLMessage Id " + messageContext.getInboundSAMLMessageId());
logger.debug("AuthnRequest AssertionConsumerServiceURL " + authnRequest.getAssertionConsumerServiceURL());
logger.debug("InboundMessage Issuer " + messageContext.getInboundMessageIssuer());
logger.debug("InboundSAMLMessage IssueInstant " + messageContext.getInboundSAMLMessageIssueInstant());
logger.debug("InboundSAMLMessage RelayState " + messageContext.getRelayState());
logger.debug("AuthnRequest isPassive " + authnRequest.isPassive());
logger.debug("AuthnRequest ForceAuthn " + authnRequest.isForceAuthn());
validatorSuite.validate(authnRequest);
logger.debug("Select Authz Binding.");
String binding = extractBindingAdapter.getSaml20Detail().getBinding();
if (binding.endsWith("PostSimpleSign")) {
bindingAdapter = postSimpleSignBindingAdapter;
logger.debug("Authz POST Binding is use PostSimpleSign .");
} else {
bindingAdapter = postBindingAdapter;
logger.debug("Authz POST Binding is use Post .");
}
AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(authnRequest.getAssertionConsumerServiceURL(), authnRequest.getID());
logger.debug("AuthnRequest vefified. Forwarding to AuthnResponder", authnRequestInfo);
bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
String relayState = request.getParameter("RelayState");
if (relayState != null) {
bindingAdapter.setRelayState(relayState);
logger.debug("RelayState : ", relayState);
}
} catch (MessageDecodingException e1) {
logger.error("Exception decoding SAML MessageDecodingException", e1);
throw new Exception(e1);
} catch (SecurityException e1) {
logger.error("Exception decoding SAML SecurityException", e1);
throw new Exception(e1);
} catch (ValidationException ve) {
logger.warn("AuthnRequest Message failed Validation", ve);
throw new Exception(ve);
}
}
Aggregations