Example 1 with MarshallingException
use of org.opensaml.xml.io.MarshallingException in project cloudstack by apache.
the class GetServiceProviderMetaDataCmd method authenticate.
@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
SAMLMetaDataResponse response = new SAMLMetaDataResponse();
response.setResponseName(getCommandName());
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException | FactoryConfigurationError e) {
s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
}
final SAMLProviderMetadata spMetadata = _samlAuthManager.getSPMetadata();
EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
spEntityDescriptor.setEntityID(spMetadata.getEntityId());
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
KeyDescriptor signKeyDescriptor = new KeyDescriptorBuilder().buildObject();
signKeyDescriptor.setUse(UsageType.SIGNING);
KeyDescriptor encKeyDescriptor = new KeyDescriptorBuilder().buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
BasicX509Credential signingCredential = new BasicX509Credential();
signingCredential.setEntityCertificate(spMetadata.getSigningCertificate());
BasicX509Credential encryptionCredential = new BasicX509Credential();
encryptionCredential.setEntityCertificate(spMetadata.getEncryptionCertificate());
try {
signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingCredential));
encKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(encryptionCredential));
spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
spSSODescriptor.getKeyDescriptors().add(encKeyDescriptor);
} catch (SecurityException e) {
s_logger.warn("Unable to add SP X509 descriptors:" + e.getMessage());
}
NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
NameIDFormat emailNameIDFormat = new NameIDFormatBuilder().buildObject();
emailNameIDFormat.setFormat(NameIDType.EMAIL);
spSSODescriptor.getNameIDFormats().add(emailNameIDFormat);
NameIDFormat transientNameIDFormat = new NameIDFormatBuilder().buildObject();
transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
spSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(1);
assertionConsumerService.setIsDefault(true);
assertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
assertionConsumerService.setLocation(spMetadata.getSsoUrl());
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
AssertionConsumerService assertionConsumerService2 = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService2.setIndex(2);
assertionConsumerService2.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
assertionConsumerService2.setLocation(spMetadata.getSsoUrl());
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService2);
SingleLogoutService ssoService = new SingleLogoutServiceBuilder().buildObject();
ssoService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
ssoService.setLocation(spMetadata.getSloUrl());
spSSODescriptor.getSingleLogoutServices().add(ssoService);
SingleLogoutService ssoService2 = new SingleLogoutServiceBuilder().buildObject();
ssoService2.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
ssoService2.setLocation(spMetadata.getSloUrl());
spSSODescriptor.getSingleLogoutServices().add(ssoService2);
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
// Add technical contact
GivenName givenName = new GivenNameBuilder().buildObject();
givenName.setName(spMetadata.getContactPersonName());
EmailAddress emailAddress = new EmailAddressBuilder().buildObject();
emailAddress.setAddress(spMetadata.getContactPersonEmail());
ContactPerson contactPerson = new ContactPersonBuilder().buildObject();
contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
contactPerson.setGivenName(givenName);
contactPerson.getEmailAddresses().add(emailAddress);
spEntityDescriptor.getContactPersons().add(contactPerson);
// Add administrative/support contact
GivenName givenNameAdmin = new GivenNameBuilder().buildObject();
givenNameAdmin.setName(spMetadata.getContactPersonName());
EmailAddress emailAddressAdmin = new EmailAddressBuilder().buildObject();
emailAddressAdmin.setAddress(spMetadata.getContactPersonEmail());
ContactPerson contactPersonAdmin = new ContactPersonBuilder().buildObject();
contactPersonAdmin.setType(ContactPersonTypeEnumeration.ADMINISTRATIVE);
contactPersonAdmin.setGivenName(givenNameAdmin);
contactPersonAdmin.getEmailAddresses().add(emailAddressAdmin);
spEntityDescriptor.getContactPersons().add(contactPersonAdmin);
Organization organization = new OrganizationBuilder().buildObject();
OrganizationName organizationName = new OrganizationNameBuilder().buildObject();
organizationName.setName(new LocalizedString(spMetadata.getOrganizationName(), Locale.getDefault().getLanguage()));
OrganizationURL organizationURL = new OrganizationURLBuilder().buildObject();
organizationURL.setURL(new LocalizedString(spMetadata.getOrganizationUrl(), Locale.getDefault().getLanguage()));
organization.getOrganizationNames().add(organizationName);
organization.getURLs().add(organizationURL);
spEntityDescriptor.setOrganization(organization);
StringWriter stringWriter = new StringWriter();
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.newDocument();
Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntityDescriptor);
out.marshall(spEntityDescriptor, document);
Transformer transformer = TransformerFactory.newInstance().newTransformer();
StreamResult streamResult = new StreamResult(stringWriter);
DOMSource source = new DOMSource(document);
transformer.transform(source, streamResult);
stringWriter.close();
response.setMetadata(stringWriter.toString());
} catch (ParserConfigurationException | IOException | MarshallingException | TransformerException e) {
if (responseType.equals(HttpUtils.JSON_CONTENT_TYPE)) {
response.setMetadata("Error creating Service Provider MetaData XML: " + e.getMessage());
} else {
return "Error creating Service Provider MetaData XML: " + e.getMessage();
}
}
// For JSON type return serialized response object
if (responseType.equals(HttpUtils.RESPONSE_TYPE_JSON)) {
return ApiResponseSerializer.toSerializedString(response, responseType);
}
// For other response types return XML
return stringWriter.toString();
}
Also used :
OrganizationName(org.opensaml.saml2.metadata.OrganizationName)
EmailAddressBuilder(org.opensaml.saml2.metadata.impl.EmailAddressBuilder)
DOMSource(javax.xml.transform.dom.DOMSource)
SAMLMetaDataResponse(org.apache.cloudstack.api.response.SAMLMetaDataResponse)
Organization(org.opensaml.saml2.metadata.Organization)
OrganizationNameBuilder(org.opensaml.saml2.metadata.impl.OrganizationNameBuilder)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
Transformer(javax.xml.transform.Transformer)
SPSSODescriptorBuilder(org.opensaml.saml2.metadata.impl.SPSSODescriptorBuilder)
KeyDescriptor(org.opensaml.saml2.metadata.KeyDescriptor)
GivenName(org.opensaml.saml2.metadata.GivenName)
NameIDFormatBuilder(org.opensaml.saml2.metadata.impl.NameIDFormatBuilder)
LocalizedString(org.opensaml.saml2.metadata.LocalizedString)
Document(org.w3c.dom.Document)
EntityDescriptorBuilder(org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder)
ContactPerson(org.opensaml.saml2.metadata.ContactPerson)
SPSSODescriptor(org.opensaml.saml2.metadata.SPSSODescriptor)
KeyInfoGenerator(org.opensaml.xml.security.keyinfo.KeyInfoGenerator)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
StringWriter(java.io.StringWriter)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
SingleLogoutServiceBuilder(org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder)
AssertionConsumerService(org.opensaml.saml2.metadata.AssertionConsumerService)
OrganizationBuilder(org.opensaml.saml2.metadata.impl.OrganizationBuilder)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
GivenNameBuilder(org.opensaml.saml2.metadata.impl.GivenNameBuilder)
TransformerException(javax.xml.transform.TransformerException)
X509KeyInfoGeneratorFactory(org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory)
Marshaller(org.opensaml.xml.io.Marshaller)
OrganizationURLBuilder(org.opensaml.saml2.metadata.impl.OrganizationURLBuilder)
StreamResult(javax.xml.transform.stream.StreamResult)
SingleLogoutService(org.opensaml.saml2.metadata.SingleLogoutService)
AssertionConsumerServiceBuilder(org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
SecurityException(org.opensaml.xml.security.SecurityException)
IOException(java.io.IOException)
EmailAddress(org.opensaml.saml2.metadata.EmailAddress)
ContactPersonBuilder(org.opensaml.saml2.metadata.impl.ContactPersonBuilder)
EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor)
NameIDFormat(org.opensaml.saml2.metadata.NameIDFormat)
BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
KeyDescriptorBuilder(org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder)
OrganizationURL(org.opensaml.saml2.metadata.OrganizationURL)
Example 2 with MarshallingException
use of org.opensaml.xml.io.MarshallingException in project cloudstack by apache.
the class SAMLUtils method buildAuthnRequestUrl.
public static String buildAuthnRequestUrl(final String authnId, final SAMLProviderMetadata spMetadata, final SAMLProviderMetadata idpMetadata, final String signatureAlgorithm) {
String redirectUrl = "";
try {
DefaultBootstrap.bootstrap();
AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(authnId, spMetadata.getEntityId(), idpMetadata.getSsoUrl(), spMetadata.getSsoUrl());
PrivateKey privateKey = null;
if (spMetadata.getKeyPair() != null) {
privateKey = spMetadata.getKeyPair().getPrivate();
}
redirectUrl = idpMetadata.getSsoUrl() + "?" + SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest), privateKey, signatureAlgorithm);
} catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException | NoSuchAlgorithmException | InvalidKeyException | java.security.SignatureException e) {
s_logger.error("SAML AuthnRequest message building error: " + e.getMessage());
}
return redirectUrl;
}
Also used :
PrivateKey(java.security.PrivateKey)
AuthnRequest(org.opensaml.saml2.core.AuthnRequest)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
Example 3 with MarshallingException
use of org.opensaml.xml.io.MarshallingException in project cloudstack by apache.
the class SAML2LogoutAPIAuthenticatorCmd method authenticate.
@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
auditTrailSb.append("=== SAML SLO Logging out ===");
LogoutCmdResponse response = new LogoutCmdResponse();
response.setDescription("success");
response.setResponseName(getCommandName());
String responseString = ApiResponseSerializer.toSerializedString(response, responseType);
if (session == null) {
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] sending redirected failed.", ignored);
}
return responseString;
}
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException | FactoryConfigurationError e) {
s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
}
if (params != null && params.containsKey("SAMLResponse")) {
try {
final String samlResponse = ((String[]) params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse);
String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(), "SAML SLO LogoutResponse status is not Success", params, responseType));
}
} catch (ConfigurationException | FactoryConfigurationError | ParserConfigurationException | SAXException | IOException | UnmarshallingException e) {
s_logger.error("SAMLResponse processing error: " + e.getMessage());
}
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] second redirected sending failed.", ignored);
}
return responseString;
}
String idpId = (String) session.getAttribute(SAMLPluginConstants.SAML_IDPID);
SAMLProviderMetadata idpMetadata = _samlAuthManager.getIdPMetadata(idpId);
String nameId = (String) session.getAttribute(SAMLPluginConstants.SAML_NAMEID);
if (idpMetadata == null || nameId == null || nameId.isEmpty()) {
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] final redirected failed.", ignored);
}
return responseString;
}
LogoutRequest logoutRequest = SAMLUtils.buildLogoutRequest(idpMetadata.getSloUrl(), _samlAuthManager.getSPMetadata().getEntityId(), nameId);
try {
String redirectUrl = idpMetadata.getSloUrl() + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(logoutRequest);
resp.sendRedirect(redirectUrl);
} catch (MarshallingException | IOException e) {
s_logger.error("SAML SLO error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "SAML Single Logout Error", params, responseType));
}
return responseString;
}
Also used :
IOException(java.io.IOException)
SAXException(org.xml.sax.SAXException)
Response(org.opensaml.saml2.core.Response)
LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
LogoutRequest(org.opensaml.saml2.core.LogoutRequest)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata)
LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
UnmarshallingException(org.opensaml.xml.io.UnmarshallingException)
Aggregations
IOException (java.io.IOException)3
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)3
FactoryConfigurationError (javax.xml.stream.FactoryConfigurationError)3
ConfigurationException (org.opensaml.xml.ConfigurationException)3
MarshallingException (org.opensaml.xml.io.MarshallingException)3
ServerApiException (org.apache.cloudstack.api.ServerApiException)2
SAMLProviderMetadata (org.apache.cloudstack.saml.SAMLProviderMetadata)2
StringWriter (java.io.StringWriter)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PrivateKey (java.security.PrivateKey)1
SignatureException (java.security.SignatureException)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
DocumentBuilder (javax.xml.parsers.DocumentBuilder)1
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)1
Transformer (javax.xml.transform.Transformer)1
TransformerException (javax.xml.transform.TransformerException)1
DOMSource (javax.xml.transform.dom.DOMSource)1
StreamResult (javax.xml.transform.stream.StreamResult)1
LogoutCmdResponse (org.apache.cloudstack.api.response.LogoutCmdResponse)1
