use of org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor in project hive by apache.
the class HiveSaml2Client method validate.
/**
* Given a response which may contain a SAML Assertion, validates it. If the validation
* is successful, it extracts the nameId from the assertion which is used as the
* identity of the end user.
*
* @param request
* @param response
* @return the NameId as received in the assertion if the assertion was valid.
* @throws HttpSamlAuthenticationException In case the assertion is not present or is
* invalid.
*/
public String validate(HttpServletRequest request, HttpServletResponse response) throws HttpSamlAuthenticationException {
Optional<SAML2Credentials> credentials;
try {
SAML2CredentialsExtractor credentialsExtractor = new SAML2CredentialsExtractor(this);
credentials = credentialsExtractor.extract(new JEEContext(request, response));
} catch (Exception ex) {
throw new HttpSamlAuthenticationException("Could not validate the SAML response", ex);
}
if (!credentials.isPresent()) {
throw new HttpSamlAuthenticationException("Credentials could not be extracted");
}
String nameId = credentials.get().getNameId().getValue();
if (!groupNameFilter.apply(credentials.get().getAttributes())) {
LOG.warn("Could not match any groups for the nameid {}", nameId);
throw new HttpSamlNoGroupsMatchedException("None of the configured groups match for the user");
}
return nameId;
}
Aggregations