Example 1 with Marshaller
use of org.opensaml.xml.io.Marshaller in project cloudstack by apache.
the class GetServiceProviderMetaDataCmd method authenticate.
@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
SAMLMetaDataResponse response = new SAMLMetaDataResponse();
response.setResponseName(getCommandName());
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException | FactoryConfigurationError e) {
s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
}
final SAMLProviderMetadata spMetadata = _samlAuthManager.getSPMetadata();
EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
spEntityDescriptor.setEntityID(spMetadata.getEntityId());
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
KeyDescriptor signKeyDescriptor = new KeyDescriptorBuilder().buildObject();
signKeyDescriptor.setUse(UsageType.SIGNING);
KeyDescriptor encKeyDescriptor = new KeyDescriptorBuilder().buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
BasicX509Credential signingCredential = new BasicX509Credential();
signingCredential.setEntityCertificate(spMetadata.getSigningCertificate());
BasicX509Credential encryptionCredential = new BasicX509Credential();
encryptionCredential.setEntityCertificate(spMetadata.getEncryptionCertificate());
try {
signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingCredential));
encKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(encryptionCredential));
spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
spSSODescriptor.getKeyDescriptors().add(encKeyDescriptor);
} catch (SecurityException e) {
s_logger.warn("Unable to add SP X509 descriptors:" + e.getMessage());
}
NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
NameIDFormat emailNameIDFormat = new NameIDFormatBuilder().buildObject();
emailNameIDFormat.setFormat(NameIDType.EMAIL);
spSSODescriptor.getNameIDFormats().add(emailNameIDFormat);
NameIDFormat transientNameIDFormat = new NameIDFormatBuilder().buildObject();
transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
spSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(1);
assertionConsumerService.setIsDefault(true);
assertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
assertionConsumerService.setLocation(spMetadata.getSsoUrl());
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
AssertionConsumerService assertionConsumerService2 = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService2.setIndex(2);
assertionConsumerService2.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
assertionConsumerService2.setLocation(spMetadata.getSsoUrl());
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService2);
SingleLogoutService ssoService = new SingleLogoutServiceBuilder().buildObject();
ssoService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
ssoService.setLocation(spMetadata.getSloUrl());
spSSODescriptor.getSingleLogoutServices().add(ssoService);
SingleLogoutService ssoService2 = new SingleLogoutServiceBuilder().buildObject();
ssoService2.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
ssoService2.setLocation(spMetadata.getSloUrl());
spSSODescriptor.getSingleLogoutServices().add(ssoService2);
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
// Add technical contact
GivenName givenName = new GivenNameBuilder().buildObject();
givenName.setName(spMetadata.getContactPersonName());
EmailAddress emailAddress = new EmailAddressBuilder().buildObject();
emailAddress.setAddress(spMetadata.getContactPersonEmail());
ContactPerson contactPerson = new ContactPersonBuilder().buildObject();
contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
contactPerson.setGivenName(givenName);
contactPerson.getEmailAddresses().add(emailAddress);
spEntityDescriptor.getContactPersons().add(contactPerson);
// Add administrative/support contact
GivenName givenNameAdmin = new GivenNameBuilder().buildObject();
givenNameAdmin.setName(spMetadata.getContactPersonName());
EmailAddress emailAddressAdmin = new EmailAddressBuilder().buildObject();
emailAddressAdmin.setAddress(spMetadata.getContactPersonEmail());
ContactPerson contactPersonAdmin = new ContactPersonBuilder().buildObject();
contactPersonAdmin.setType(ContactPersonTypeEnumeration.ADMINISTRATIVE);
contactPersonAdmin.setGivenName(givenNameAdmin);
contactPersonAdmin.getEmailAddresses().add(emailAddressAdmin);
spEntityDescriptor.getContactPersons().add(contactPersonAdmin);
Organization organization = new OrganizationBuilder().buildObject();
OrganizationName organizationName = new OrganizationNameBuilder().buildObject();
organizationName.setName(new LocalizedString(spMetadata.getOrganizationName(), Locale.getDefault().getLanguage()));
OrganizationURL organizationURL = new OrganizationURLBuilder().buildObject();
organizationURL.setURL(new LocalizedString(spMetadata.getOrganizationUrl(), Locale.getDefault().getLanguage()));
organization.getOrganizationNames().add(organizationName);
organization.getURLs().add(organizationURL);
spEntityDescriptor.setOrganization(organization);
StringWriter stringWriter = new StringWriter();
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.newDocument();
Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntityDescriptor);
out.marshall(spEntityDescriptor, document);
Transformer transformer = TransformerFactory.newInstance().newTransformer();
StreamResult streamResult = new StreamResult(stringWriter);
DOMSource source = new DOMSource(document);
transformer.transform(source, streamResult);
stringWriter.close();
response.setMetadata(stringWriter.toString());
} catch (ParserConfigurationException | IOException | MarshallingException | TransformerException e) {
if (responseType.equals(HttpUtils.JSON_CONTENT_TYPE)) {
response.setMetadata("Error creating Service Provider MetaData XML: " + e.getMessage());
} else {
return "Error creating Service Provider MetaData XML: " + e.getMessage();
}
}
// For JSON type return serialized response object
if (responseType.equals(HttpUtils.RESPONSE_TYPE_JSON)) {
return ApiResponseSerializer.toSerializedString(response, responseType);
}
// For other response types return XML
return stringWriter.toString();
}
Also used :
OrganizationName(org.opensaml.saml2.metadata.OrganizationName)
EmailAddressBuilder(org.opensaml.saml2.metadata.impl.EmailAddressBuilder)
DOMSource(javax.xml.transform.dom.DOMSource)
SAMLMetaDataResponse(org.apache.cloudstack.api.response.SAMLMetaDataResponse)
Organization(org.opensaml.saml2.metadata.Organization)
OrganizationNameBuilder(org.opensaml.saml2.metadata.impl.OrganizationNameBuilder)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
Transformer(javax.xml.transform.Transformer)
SPSSODescriptorBuilder(org.opensaml.saml2.metadata.impl.SPSSODescriptorBuilder)
KeyDescriptor(org.opensaml.saml2.metadata.KeyDescriptor)
GivenName(org.opensaml.saml2.metadata.GivenName)
NameIDFormatBuilder(org.opensaml.saml2.metadata.impl.NameIDFormatBuilder)
LocalizedString(org.opensaml.saml2.metadata.LocalizedString)
Document(org.w3c.dom.Document)
EntityDescriptorBuilder(org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder)
ContactPerson(org.opensaml.saml2.metadata.ContactPerson)
SPSSODescriptor(org.opensaml.saml2.metadata.SPSSODescriptor)
KeyInfoGenerator(org.opensaml.xml.security.keyinfo.KeyInfoGenerator)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
StringWriter(java.io.StringWriter)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
SingleLogoutServiceBuilder(org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder)
AssertionConsumerService(org.opensaml.saml2.metadata.AssertionConsumerService)
OrganizationBuilder(org.opensaml.saml2.metadata.impl.OrganizationBuilder)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
GivenNameBuilder(org.opensaml.saml2.metadata.impl.GivenNameBuilder)
TransformerException(javax.xml.transform.TransformerException)
X509KeyInfoGeneratorFactory(org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory)
Marshaller(org.opensaml.xml.io.Marshaller)
OrganizationURLBuilder(org.opensaml.saml2.metadata.impl.OrganizationURLBuilder)
StreamResult(javax.xml.transform.stream.StreamResult)
SingleLogoutService(org.opensaml.saml2.metadata.SingleLogoutService)
AssertionConsumerServiceBuilder(org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
SecurityException(org.opensaml.xml.security.SecurityException)
IOException(java.io.IOException)
EmailAddress(org.opensaml.saml2.metadata.EmailAddress)
ContactPersonBuilder(org.opensaml.saml2.metadata.impl.ContactPersonBuilder)
EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor)
NameIDFormat(org.opensaml.saml2.metadata.NameIDFormat)
BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
KeyDescriptorBuilder(org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder)
OrganizationURL(org.opensaml.saml2.metadata.OrganizationURL)
Example 2 with Marshaller
use of org.opensaml.xml.io.Marshaller in project cloudstack by apache.
the class SAMLUtils method encodeSAMLRequest.
public static String encodeSAMLRequest(XMLObject authnRequest) throws MarshallingException, IOException {
Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(authnRequest);
Element authDOM = marshaller.marshall(authnRequest);
StringWriter requestWriter = new StringWriter();
XMLHelper.writeNode(authDOM, requestWriter);
String requestMessage = requestWriter.toString();
Deflater deflater = new Deflater(Deflater.DEFLATED, true);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
deflaterOutputStream.write(requestMessage.getBytes(Charset.forName("UTF-8")));
deflaterOutputStream.close();
String encodedRequestMessage = Base64.encodeBytes(byteArrayOutputStream.toByteArray(), Base64.DONT_BREAK_LINES);
encodedRequestMessage = URLEncoder.encode(encodedRequestMessage, HttpUtils.UTF_8).trim();
return encodedRequestMessage;
}
Also used :
Marshaller(org.opensaml.xml.io.Marshaller)
StringWriter(java.io.StringWriter)
Deflater(java.util.zip.Deflater)
Element(org.w3c.dom.Element)
DeflaterOutputStream(java.util.zip.DeflaterOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Aggregations
StringWriter (java.io.StringWriter)2
Marshaller (org.opensaml.xml.io.Marshaller)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
IOException (java.io.IOException)1
Deflater (java.util.zip.Deflater)1
DeflaterOutputStream (java.util.zip.DeflaterOutputStream)1
DocumentBuilder (javax.xml.parsers.DocumentBuilder)1
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
FactoryConfigurationError (javax.xml.stream.FactoryConfigurationError)1
Transformer (javax.xml.transform.Transformer)1
TransformerException (javax.xml.transform.TransformerException)1
DOMSource (javax.xml.transform.dom.DOMSource)1
StreamResult (javax.xml.transform.stream.StreamResult)1
ServerApiException (org.apache.cloudstack.api.ServerApiException)1
SAMLMetaDataResponse (org.apache.cloudstack.api.response.SAMLMetaDataResponse)1
SAMLProviderMetadata (org.apache.cloudstack.saml.SAMLProviderMetadata)1
AssertionConsumerService (org.opensaml.saml2.metadata.AssertionConsumerService)1
ContactPerson (org.opensaml.saml2.metadata.ContactPerson)1
EmailAddress (org.opensaml.saml2.metadata.EmailAddress)1
