Search in sources :

Example 1 with SAML2CredentialsExtractor

use of org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor in project hive by apache.

the class HiveSaml2Client method validate.

/**
 * Given a response which may contain a SAML Assertion, validates it. If the validation
 * is successful, it extracts the nameId from the assertion which is used as the
 * identity of the end user.
 *
 * @param request
 * @param response
 * @return the NameId as received in the assertion if the assertion was valid.
 * @throws HttpSamlAuthenticationException In case the assertion is not present or is
 *                                         invalid.
 */
public String validate(HttpServletRequest request, HttpServletResponse response) throws HttpSamlAuthenticationException {
    Optional<SAML2Credentials> credentials;
    try {
        SAML2CredentialsExtractor credentialsExtractor = new SAML2CredentialsExtractor(this);
        credentials = credentialsExtractor.extract(new JEEContext(request, response));
    } catch (Exception ex) {
        throw new HttpSamlAuthenticationException("Could not validate the SAML response", ex);
    }
    if (!credentials.isPresent()) {
        throw new HttpSamlAuthenticationException("Credentials could not be extracted");
    }
    String nameId = credentials.get().getNameId().getValue();
    if (!groupNameFilter.apply(credentials.get().getAttributes())) {
        LOG.warn("Could not match any groups for the nameid {}", nameId);
        throw new HttpSamlNoGroupsMatchedException("None of the configured groups match for the user");
    }
    return nameId;
}
Also used : SAML2Credentials(org.pac4j.saml.credentials.SAML2Credentials) SAML2CredentialsExtractor(org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor) JEEContext(org.pac4j.core.context.JEEContext) IOException(java.io.IOException)

Aggregations

IOException (java.io.IOException)1 JEEContext (org.pac4j.core.context.JEEContext)1 SAML2Credentials (org.pac4j.saml.credentials.SAML2Credentials)1 SAML2CredentialsExtractor (org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor)1