Example 1 with SignatureException
use of org.opensaml.xml.signature.SignatureException in project uaa by cloudfoundry.
the class IdpSamlAuthenticationSuccessHandler method onAuthenticationSuccess.
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException {
SAMLMessageContext context = ((UaaAuthentication) authentication).getSamlMessageContext();
IdpExtendedMetadata extendedMetadata = null;
try {
extendedMetadata = (IdpExtendedMetadata) metadataManager.getExtendedMetadata(context.getLocalEntityId());
} catch (MetadataProviderException e) {
throw new ServletException("Failed to obtain local SAML IdP extended metadata.", e);
}
try {
populatePeerContext(context);
} catch (MetadataProviderException e) {
throw new ServletException("Failed to populate peer SAML SP context.", e);
}
try {
IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions();
options.setAssertionsSigned(extendedMetadata.isAssertionsSigned());
options.setAssertionTimeToLiveSeconds(extendedMetadata.getAssertionTimeToLiveSeconds());
idpWebSsoProfile.sendResponse(authentication, context, options);
} catch (SAMLException e) {
LOGGER.debug("Incoming SAML message is invalid.", e);
throw new AuthenticationServiceException("Incoming SAML message is invalid.", e);
} catch (MetadataProviderException e) {
LOGGER.debug("Error determining metadata contracts.", e);
throw new AuthenticationServiceException("Error determining metadata contracts.", e);
} catch (MessageEncodingException e) {
LOGGER.debug("Error decoding incoming SAML message.", e);
throw new AuthenticationServiceException("Error encoding outgoing SAML message.", e);
} catch (MarshallingException | SecurityException | SignatureException e) {
LOGGER.debug("Error signing SAML assertion.", e);
throw new AuthenticationServiceException("Error signing SAML assertion.", e);
}
}
Also used :
SecurityException(org.opensaml.xml.security.SecurityException)
SignatureException(org.opensaml.xml.signature.SignatureException)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
SAMLException(org.opensaml.common.SAMLException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
ServletException(javax.servlet.ServletException)
SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext)
MarshallingException(org.opensaml.xml.io.MarshallingException)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
Example 2 with SignatureException
use of org.opensaml.xml.signature.SignatureException in project uaa by cloudfoundry.
the class IdpInitiatedLoginController method initiate.
@RequestMapping("/saml/idp/initiate")
public void initiate(@RequestParam(value = "sp", required = false) String sp, HttpServletRequest request, HttpServletResponse response) {
if (!hasText(sp)) {
throw new ProviderNotFoundException("Missing sp request parameter. sp parameter must be a valid and configured entity ID");
}
log.debug(String.format("IDP is initiating authentication request to SP[%s]", sp));
Optional<SamlServiceProviderHolder> holder = configurator.getSamlServiceProviders().stream().filter(serviceProvider -> sp.equals(serviceProvider.getSamlServiceProvider().getEntityId())).findFirst();
if (holder.isEmpty()) {
log.debug(String.format("SP[%s] was not found, aborting saml response", sp));
throw new ProviderNotFoundException("Invalid sp entity ID. sp parameter must be a valid and configured entity ID");
}
if (!holder.get().getSamlServiceProvider().isActive()) {
log.debug(String.format("SP[%s] is disabled, aborting saml response", sp));
throw new ProviderNotFoundException("Service provider is disabled.");
}
if (!holder.get().getSamlServiceProvider().getConfig().isEnableIdpInitiatedSso()) {
log.debug(String.format("SP[%s] initiated login is disabled, aborting saml response", sp));
throw new ProviderNotFoundException("IDP initiated login is disabled for this service provider.");
}
String nameId = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
try {
String assertionLocation = getAssertionConsumerURL(sp);
log.debug(String.format("IDP is sending assertion for SP[%s] to %s", sp, assertionLocation));
AuthnRequest authnRequest = idpWebSsoProfile.buildIdpInitiatedAuthnRequest(nameId, sp, assertionLocation);
SAMLMessageContext samlContext = getSamlContext(sp, authnRequest, request, response);
idpWebSsoProfile.sendResponse(SecurityContextHolder.getContext().getAuthentication(), samlContext, getIdpIniatedOptions());
log.debug(String.format("IDP initiated authentication and responded to SP[%s]", sp));
} catch (MetadataProviderException | SAMLException | SecurityException | MessageEncodingException | MarshallingException | SignatureException e) {
log.debug(String.format("IDP is unable to process assertion for SP[%s]", sp), e);
throw new ProviderNotFoundException("Unable to process SAML assertion. Response not sent.");
}
}
Also used :
RequestParam(org.springframework.web.bind.annotation.RequestParam)
IndexedEndpoint(org.opensaml.saml2.metadata.IndexedEndpoint)
AuthnRequest(org.opensaml.saml2.core.AuthnRequest)
ProviderNotFoundException(org.springframework.security.authentication.ProviderNotFoundException)
SAMLConstants(org.opensaml.common.xml.SAMLConstants)
LoggerFactory(org.slf4j.LoggerFactory)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Controller(org.springframework.stereotype.Controller)
SignatureException(org.opensaml.xml.signature.SignatureException)
AssertionConsumerService(org.opensaml.saml2.metadata.AssertionConsumerService)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
ExceptionHandler(org.springframework.web.bind.annotation.ExceptionHandler)
AuthenticationException(org.springframework.security.core.AuthenticationException)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
SAMLException(org.opensaml.common.SAMLException)
MetadataManager(org.springframework.security.saml.metadata.MetadataManager)
MarshallingException(org.opensaml.xml.io.MarshallingException)
Logger(org.slf4j.Logger)
SPSSODescriptor(org.opensaml.saml2.metadata.SPSSODescriptor)
SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext)
EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SAMLContextProvider(org.springframework.security.saml.context.SAMLContextProvider)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
List(java.util.List)
StringUtils.hasText(org.springframework.util.StringUtils.hasText)
SecurityException(org.opensaml.xml.security.SecurityException)
Optional(java.util.Optional)
QName(javax.xml.namespace.QName)
DEFAULT_ELEMENT_LOCAL_NAME(org.opensaml.saml2.metadata.SPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
SecurityException(org.opensaml.xml.security.SecurityException)
SignatureException(org.opensaml.xml.signature.SignatureException)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
SAMLException(org.opensaml.common.SAMLException)
SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext)
ProviderNotFoundException(org.springframework.security.authentication.ProviderNotFoundException)
AuthnRequest(org.opensaml.saml2.core.AuthnRequest)
MarshallingException(org.opensaml.xml.io.MarshallingException)
MetadataProviderException(org.opensaml.saml2.metadata.provider.MetadataProviderException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
SAMLException (org.opensaml.common.SAMLException)2
MetadataProviderException (org.opensaml.saml2.metadata.provider.MetadataProviderException)2
MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)2
MarshallingException (org.opensaml.xml.io.MarshallingException)2
SecurityException (org.opensaml.xml.security.SecurityException)2
SignatureException (org.opensaml.xml.signature.SignatureException)2
SAMLMessageContext (org.springframework.security.saml.context.SAMLMessageContext)2
List (java.util.List)1
Optional (java.util.Optional)1
ServletException (javax.servlet.ServletException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
QName (javax.xml.namespace.QName)1
UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)1
SAMLConstants (org.opensaml.common.xml.SAMLConstants)1
AuthnRequest (org.opensaml.saml2.core.AuthnRequest)1
AssertionConsumerService (org.opensaml.saml2.metadata.AssertionConsumerService)1
EntityDescriptor (org.opensaml.saml2.metadata.EntityDescriptor)1
IndexedEndpoint (org.opensaml.saml2.metadata.IndexedEndpoint)1
SPSSODescriptor (org.opensaml.saml2.metadata.SPSSODescriptor)1
