Example 16 with SAML2Client
use of org.pac4j.saml.client.SAML2Client in project cas by apereo.
the class SamlIdentityProviderDiscoveryFeedController method redirect.
/**
* Redirect.
*
* @param entityID the entity id
* @param httpServletRequest the http servlet request
* @param httpServletResponse the http servlet response
* @return the view
*/
@GetMapping(path = "redirect")
public View redirect(@RequestParam("entityID") final String entityID, final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) {
val idp = getDiscoveryFeed().stream().filter(entity -> entity.getEntityID().equals(entityID)).findFirst().orElseThrow();
val samlClient = clients.findAllClients().stream().filter(c -> c instanceof SAML2Client).map(SAML2Client.class::cast).peek(InitializableObject::init).filter(c -> c.getIdentityProviderResolvedEntityId().equalsIgnoreCase(idp.getEntityID())).findFirst().orElseThrow();
val webContext = new JEEContext(httpServletRequest, httpServletResponse);
val service = this.argumentExtractor.extractService(httpServletRequest);
if (delegatedAuthenticationAccessStrategyHelper.isDelegatedClientAuthorizedForService(samlClient, service, httpServletRequest)) {
val provider = DelegatedClientIdentityProviderConfigurationFactory.builder().service(service).client(samlClient).webContext(webContext).casProperties(casProperties).build().resolve();
if (provider.isPresent()) {
return new RedirectView('/' + provider.get().getRedirectUrl(), true, true, true);
}
}
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, StringUtils.EMPTY);
}
Also used :
lombok.val(lombok.val)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
RequestParam(org.springframework.web.bind.annotation.RequestParam)
ArgumentExtractor(org.apereo.cas.web.support.ArgumentExtractor)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
SAML2Client(org.pac4j.saml.client.SAML2Client)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
HashMap(java.util.HashMap)
StringUtils(org.apache.commons.lang3.StringUtils)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Clients(org.pac4j.core.client.Clients)
RedirectView(org.springframework.web.servlet.view.RedirectView)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
InitializableObject(org.pac4j.core.util.InitializableObject)
JEEContext(org.pac4j.core.context.JEEContext)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
MediaType(org.springframework.http.MediaType)
Collection(java.util.Collection)
lombok.val(lombok.val)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Set(java.util.Set)
SamlIdentityProviderEntity(org.apereo.cas.entity.SamlIdentityProviderEntity)
RestController(org.springframework.web.bind.annotation.RestController)
Collectors(java.util.stream.Collectors)
ModelAndView(org.springframework.web.servlet.ModelAndView)
Slf4j(lombok.extern.slf4j.Slf4j)
View(org.springframework.web.servlet.View)
List(java.util.List)
DelegatedAuthenticationAccessStrategyHelper(org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper)
SamlIdentityProviderEntityParser(org.apereo.cas.entity.SamlIdentityProviderEntityParser)
JEEContext(org.pac4j.core.context.JEEContext)
RedirectView(org.springframework.web.servlet.view.RedirectView)
SAML2Client(org.pac4j.saml.client.SAML2Client)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Example 17 with SAML2Client
use of org.pac4j.saml.client.SAML2Client in project cas by apereo.
the class SamlIdentityProviderDiscoveryFeedController method home.
/**
* Home.
*
* @return the model and view
*/
@GetMapping
public ModelAndView home() {
val model = new HashMap<String, Object>();
val entityIds = clients.findAllClients().stream().filter(c -> c instanceof SAML2Client).map(SAML2Client.class::cast).peek(InitializableObject::init).map(SAML2Client::getServiceProviderResolvedEntityId).collect(Collectors.toList());
LOGGER.debug("Using service provider entity id [{}]", entityIds);
model.put("entityIds", entityIds);
model.put("casServerPrefix", casProperties.getServer().getPrefix());
return new ModelAndView("saml2-discovery/casSamlIdPDiscoveryView", model);
}
Also used :
lombok.val(lombok.val)
HashMap(java.util.HashMap)
ModelAndView(org.springframework.web.servlet.ModelAndView)
SAML2Client(org.pac4j.saml.client.SAML2Client)
InitializableObject(org.pac4j.core.util.InitializableObject)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Example 18 with SAML2Client
use of org.pac4j.saml.client.SAML2Client in project cas by apereo.
the class DefaultDelegatedClientAuthenticationWebflowManager method store.
@Override
public TransientSessionTicket store(final JEEContext webContext, final Client client) throws Exception {
val ticket = storeDelegatedClientAuthenticationRequest(webContext);
rememberSelectedClientIfNecessary(webContext, client);
if (client instanceof SAML2Client) {
trackSessionIdForSAML2Client(webContext, ticket, (SAML2Client) client);
}
if (client instanceof OAuth20Client) {
trackSessionIdForOAuth20Client(webContext, (OAuth20Client) client, ticket);
}
if (client instanceof OidcClient) {
trackSessionIdForOidcClient(webContext, (OidcClient) client, ticket);
}
if (client instanceof CasClient) {
trackSessionIdForCasClient(webContext, ticket, (CasClient) client);
}
if (client instanceof OAuth10Client) {
trackSessionIdForOAuth10Client(webContext, ticket);
}
return ticket;
}
Also used :
lombok.val(lombok.val)
OAuth20Client(org.pac4j.oauth.client.OAuth20Client)
OAuth10Client(org.pac4j.oauth.client.OAuth10Client)
OidcClient(org.pac4j.oidc.client.OidcClient)
SAML2Client(org.pac4j.saml.client.SAML2Client)
CasClient(org.pac4j.cas.client.CasClient)
Example 19 with SAML2Client
use of org.pac4j.saml.client.SAML2Client in project cas by apereo.
the class DelegatedAuthenticationClientFinishLogoutAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
val context = new JEEContext(request, response);
var clientName = WebUtils.getDelegatedAuthenticationClientName(requestContext);
if (clientName == null) {
clientName = requestContext.getRequestParameters().get(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE);
if (StringUtils.isNotBlank(clientName)) {
clients.findClient(clientName).filter(client -> client instanceof SAML2Client).map(SAML2Client.class::cast).ifPresent(client -> {
try {
LOGGER.debug("Located client from relay-state: [{}]", client);
val samlContext = client.getContextProvider().buildContext(client, context, this.sessionStore);
client.getLogoutProfileHandler().receive(samlContext);
} catch (final HttpAction action) {
LOGGER.debug("Adapting logout response via [{}]", action.toString());
JEEHttpActionAdapter.INSTANCE.adapt(action, context);
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
}
});
}
} else {
clients.findClient(clientName).filter(client -> client instanceof SAML2Client).map(SAML2Client.class::cast).ifPresent(client -> {
LOGGER.debug("Located client from webflow state: [{}]", client);
val logoutRedirect = WebUtils.getLogoutRedirectUrl(requestContext, String.class);
if (logoutRedirect != null) {
val validator = client.getLogoutValidator();
validator.setPostLogoutURL(logoutRedirect);
LOGGER.debug("Captured post logout url: [{}]", logoutRedirect);
WebUtils.putLogoutRedirectUrl(requestContext, null);
}
});
}
return null;
}
Also used :
lombok.val(lombok.val)
JEEContext(org.pac4j.core.context.JEEContext)
SAML2Client(org.pac4j.saml.client.SAML2Client)
HttpAction(org.pac4j.core.exception.http.HttpAction)
Example 20 with SAML2Client
use of org.pac4j.saml.client.SAML2Client in project cas by apereo.
the class DefaultDelegatedClientAuthenticationWebflowManagerTests method verifySamlStoreOperation.
@Test
public void verifySamlStoreOperation() throws Exception {
val config = new SAML2Configuration();
val client = new SAML2Client(config);
val ticket = delegatedClientAuthenticationWebflowManager.store(context, client);
assertNotNull(ticketRegistry.getTicket(ticket.getId()));
assertEquals(ticket.getId(), delegatedClientDistributedSessionStore.get(context, SAML2StateGenerator.SAML_RELAY_STATE_ATTRIBUTE).get());
httpServletRequest.addParameter("RelayState", ticket.getId());
val service = delegatedClientAuthenticationWebflowManager.retrieve(requestContext, context, client);
assertNotNull(service);
assertNull(ticketRegistry.getTicket(ticket.getId()));
}
Also used :
lombok.val(lombok.val)
SAML2Configuration(org.pac4j.saml.config.SAML2Configuration)
SAML2Client(org.pac4j.saml.client.SAML2Client)
Test(org.junit.jupiter.api.Test)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Aggregations
SAML2Client (org.pac4j.saml.client.SAML2Client)24
lombok.val (lombok.val)16
Test (org.junit.jupiter.api.Test)6
CasClient (org.pac4j.cas.client.CasClient)6
OidcClient (org.pac4j.oidc.client.OidcClient)6
SAML2Configuration (org.pac4j.saml.config.SAML2Configuration)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6
SAML2ClientConfiguration (org.pac4j.saml.client.SAML2ClientConfiguration)5
File (java.io.File)4
Collection (java.util.Collection)4
Set (java.util.Set)4
StringUtils (org.apache.commons.lang3.StringUtils)4
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)4
MockServletContext (org.apereo.cas.util.MockServletContext)4
Clients (org.pac4j.core.client.Clients)4
JEEContext (org.pac4j.core.context.JEEContext)4
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4
Verb (com.github.scribejava.core.model.Verb)3
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)3
