Example 6 with MessageEncodingException
use of org.opensaml.ws.message.encoder.MessageEncodingException in project MaxKey by dromara.
the class AssertionEndpoint method assertion.
@RequestMapping(value = "/authz/saml20/assertion")
public ModelAndView assertion(HttpServletRequest request, HttpServletResponse response) throws Exception {
logger.debug("saml20 assertion start.");
bindingAdapter = (BindingAdapter) request.getSession().getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
logger.debug("saml20 assertion get session samlv20Adapter " + bindingAdapter);
AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
logger.debug("saml20Details " + saml20Details.getExtendAttr());
AuthnRequestInfo authnRequestInfo = bindingAdapter.getAuthnRequestInfo();
if (authnRequestInfo == null) {
logger.warn("Could not find AuthnRequest on the request. Responding with SC_FORBIDDEN.");
throw new Exception();
}
logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
HashMap<String, String> attributeMap = new HashMap<String, String>();
attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId());
// saml20Details
Response authResponse = authnResponseGenerator.generateAuthnResponse(saml20Details, authnRequestInfo, attributeMap, bindingAdapter);
Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());
request.getSession().removeAttribute(AuthnRequestInfo.class.getName());
// request issuer...
try {
bindingAdapter.sendSAMLMessage(authResponse, endpoint, request, response);
} catch (MessageEncodingException mee) {
logger.error("Exception encoding SAML message", mee);
throw new Exception(mee);
}
return null;
}
Also used :
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(org.opensaml.saml2.core.Response)
AppsSAML20Details(org.maxkey.entity.apps.AppsSAML20Details)
Endpoint(org.opensaml.saml2.metadata.Endpoint)
HashMap(java.util.HashMap)
AuthnRequestInfo(org.maxkey.authz.saml.common.AuthnRequestInfo)
SigninPrincipal(org.maxkey.authn.SigninPrincipal)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 7 with MessageEncodingException
use of org.opensaml.ws.message.encoder.MessageEncodingException in project MaxKey by dromara.
the class WebServicePostEncoder method getSignatureAlgorithmURI.
protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) throws MessageEncodingException {
SecurityConfiguration secConfig;
if (config != null) {
secConfig = config;
} else {
secConfig = Configuration.getGlobalSecurityConfiguration();
}
String signAlgo = secConfig.getSignatureAlgorithmURI(credential);
if (signAlgo == null) {
throw new MessageEncodingException("The signing credential's algorithm URI could not be derived");
}
return signAlgo;
}
Also used :
SecurityConfiguration(org.opensaml.xml.security.SecurityConfiguration)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
Example 8 with MessageEncodingException
use of org.opensaml.ws.message.encoder.MessageEncodingException in project MaxKey by dromara.
the class WebServicePostEncoder method buildKeyInfo.
/**
* Build the {@link KeyInfo} from the signing credential.
*
* @param signingCredential
* the credential used for signing
* @param kiGenerator
* the generator for the KeyInfo
* @throws MessageEncodingException
* thrown if there is an error generating or marshalling the
* KeyInfo
* @return the marshalled, serialized and base64-encoded KeyInfo, or null if
* none was generated
*/
protected String buildKeyInfo(Credential signingCredential, KeyInfoGenerator kiGenerator) throws MessageEncodingException {
try {
KeyInfo keyInfo = kiGenerator.generate(signingCredential);
if (keyInfo != null) {
Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(keyInfo);
if (marshaller == null) {
log.error("No KeyInfo marshaller available from configuration");
throw new MessageEncodingException("No KeyInfo marshaller was configured");
}
String kiXML = XMLHelper.nodeToString(marshaller.marshall(keyInfo));
String kiBase64 = Base64.encodeBytes(kiXML.getBytes(), Base64.DONT_BREAK_LINES);
return kiBase64;
} else {
return null;
}
} catch (SecurityException e) {
log.error("Error generating KeyInfo from signing credential", e);
throw new MessageEncodingException("Error generating KeyInfo from signing credential", e);
} catch (MarshallingException e) {
log.error("Error marshalling KeyInfo based on signing credential", e);
throw new MessageEncodingException("Error marshalling KeyInfo based on signing credential", e);
}
}
Also used :
Marshaller(org.opensaml.xml.io.Marshaller)
MarshallingException(org.opensaml.xml.io.MarshallingException)
KeyInfo(org.opensaml.xml.signature.KeyInfo)
SecurityException(org.opensaml.xml.security.SecurityException)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
Example 9 with MessageEncodingException
use of org.opensaml.ws.message.encoder.MessageEncodingException in project MaxKey by dromara.
the class WebServicePostEncoder method populateVelocityContext.
@SuppressWarnings("rawtypes")
protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext) throws MessageEncodingException {
log.debug("Marshalling and Base64 encoding SAML message");
if (messageContext.getOutboundSAMLMessage().getDOM() == null) {
marshallMessage(messageContext.getOutboundSAMLMessage());
}
try {
String messageXML = XMLHelper.nodeToString(messageContext.getOutboundSAMLMessage().getDOM());
String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
if (messageContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
velocityContext.put("SAMLRequest", encodedMessage);
} else if (messageContext.getOutboundSAMLMessage() instanceof StatusResponseType) {
velocityContext.put("SAMLResponse", encodedMessage);
} else {
throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
} catch (UnsupportedEncodingException e) {
log.error("UTF-8 encoding is not supported, this VM is not Java compliant.");
throw new MessageEncodingException("Unable to encode message, UTF-8 encoding is not supported");
}
Credential signingCredential = messageContext.getOuboundSAMLMessageSigningCredential();
if (signingCredential == null) {
log.debug("No signing credential was supplied, skipping HTTP-Post simple signing");
return;
}
String sigAlgURI = getSignatureAlgorithmURI(signingCredential, null);
velocityContext.put("SigAlg", sigAlgURI);
String formControlData = buildFormDataToSign(velocityContext, messageContext, sigAlgURI);
velocityContext.put("Signature", generateSignature(signingCredential, sigAlgURI, formControlData));
KeyInfoGenerator kiGenerator = SecurityHelper.getKeyInfoGenerator(signingCredential, null, null);
if (kiGenerator != null) {
String kiBase64 = buildKeyInfo(signingCredential, kiGenerator);
if (!DatatypeHelper.isEmpty(kiBase64)) {
velocityContext.put("KeyInfo", kiBase64);
}
}
}
Also used :
KeyInfoGenerator(org.opensaml.xml.security.keyinfo.KeyInfoGenerator)
Credential(org.opensaml.xml.security.credential.Credential)
RequestAbstractType(org.opensaml.saml2.core.RequestAbstractType)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
StatusResponseType(org.opensaml.saml2.core.StatusResponseType)
Example 10 with MessageEncodingException
use of org.opensaml.ws.message.encoder.MessageEncodingException in project cloud-pipeline by epam.
the class OptionalSAMLLogoutFilter method processLogout.
/**
* In case request parameter of name "local" is set to true or there is no authenticated user
* only local logout will be performed and user will be redirected to the success page.
* Otherwise global logout procedure is initialized.
*
* @param request http request
* @param response http response
* @param chain chain
* @throws IOException error
* @throws ServletException error
*/
public void processLogout(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
if (requiresLogout(request, response)) {
try {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null && isGlobalLogout(request, auth)) {
Assert.isInstanceOf(SAMLCredential.class, auth.getCredentials(), "Authentication object doesn't contain SAML credential, cannot perform global logout");
// Terminate the session first
for (LogoutHandler handler : globalHandlers) {
handler.logout(request, response, auth);
}
// Notify session participants using SAML Single Logout profile
SAMLCredential credential = (SAMLCredential) auth.getCredentials();
request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
request.setAttribute(SAMLConstants.PEER_ENTITY_ID, credential.getRemoteEntityID());
SAMLMessageContext context = contextProvider.getLocalAndPeerEntity(request, response);
try {
profile.sendLogoutRequest(context, credential);
samlLogger.log(SAMLConstants.LOGOUT_REQUEST, SAMLConstants.SUCCESS, context);
} catch (MetadataProviderException e) {
logger.debug(e.getMessage(), e);
super.doFilter(request, response, chain);
}
} else {
super.doFilter(request, response, chain);
}
} catch (SAMLException e) {
logger.debug("Error initializing global logout", e);
throw new ServletException("Error initializing global logout", e);
} catch (MetadataProviderException e) {
logger.debug("Error processing metadata", e);
throw new ServletException("Error processing metadata", e);
} catch (MessageEncodingException e) {
logger.debug("Error encoding outgoing message", e);
throw new ServletException("Error encoding outgoing message", e);
}
} else {
chain.doFilter(request, response);
}
}
Also used :
ServletException(javax.servlet.ServletException)
SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext)
SAMLCredential(org.springframework.security.saml.SAMLCredential)
Authentication(org.springframework.security.core.Authentication)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
SAMLException(org.opensaml.common.SAMLException)
Aggregations
MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)10
SecurityException (org.opensaml.xml.security.SecurityException)5
MarshallingException (org.opensaml.xml.io.MarshallingException)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
SAMLException (org.opensaml.common.SAMLException)3
MetadataProviderException (org.opensaml.saml2.metadata.provider.MetadataProviderException)3
SAMLMessageContext (org.springframework.security.saml.context.SAMLMessageContext)3
ServletException (javax.servlet.ServletException)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
SignatureException (org.opensaml.xml.signature.SignatureException)2
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2
HashMap (java.util.HashMap)1
List (java.util.List)1
Optional (java.util.Optional)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
QName (javax.xml.namespace.QName)1
VelocityContext (org.apache.velocity.VelocityContext)1
UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)1
SigninPrincipal (org.maxkey.authn.SigninPrincipal)1
AuthnRequestInfo (org.maxkey.authz.saml.common.AuthnRequestInfo)1
