Examples with SAMAssertionSubjectException org.pac4j.saml.exceptions.SAMAssertionSubjectException used on opensource projects

Search in sources :

Example 1 with SAMAssertionSubjectException

use of org.pac4j.saml.exceptions.SAMAssertionSubjectException in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method validateSamlSSOResponse.

/**
 * Validates the SAML SSO response by finding a valid assertion with authn statements.
 * Populates the {@link SAML2MessageContext} with a subjectAssertion and a subjectNameIdentifier.
 *
 * @param response  the response
 * @param context   the context
 * @param engine    the engine
 * @param decrypter the decrypter
 */
protected final void validateSamlSSOResponse(final Response response, final SAML2MessageContext context, final SignatureTrustEngine engine, final Decrypter decrypter) {
    final List<SAMLException> errors = new ArrayList<>();
    for (final Assertion assertion : response.getAssertions()) {
        if (!assertion.getAuthnStatements().isEmpty()) {
            try {
                validateAssertion(assertion, context, engine, decrypter);
            } catch (final SAMLException e) {
                logger.error("Current assertion validation failed, continue with the next one", e);
                errors.add(e);
                continue;
            }
            context.setSubjectAssertion(assertion);
            break;
        }
    }
    if (!errors.isEmpty()) {
        throw errors.get(0);
    }
    if (context.getSubjectAssertion() == null) {
        throw new SAMAssertionSubjectException("No valid subject assertion found in response");
    }
    // We do not check EncryptedID here because it has been already decrypted and stored into NameID
    final List<SubjectConfirmation> subjectConfirmations = context.getSubjectConfirmations();
    final NameID nameIdentifier = (NameID) context.getSAMLSubjectNameIdentifierContext().getSubjectNameIdentifier();
    if ((nameIdentifier == null || nameIdentifier.getValue() == null) && context.getBaseID() == null && (subjectConfirmations == null || subjectConfirmations.isEmpty())) {
        throw new SAMLException("Subject NameID, BaseID and EncryptedID cannot be all null at the same time if there are no Subject Confirmations.");
    }
}
Also used : SAMAssertionSubjectException(org.pac4j.saml.exceptions.SAMAssertionSubjectException) SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) NameID(org.opensaml.saml.saml2.core.NameID) ArrayList(java.util.ArrayList) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Aggregations

ArrayList (java.util.ArrayList)1 Assertion (org.opensaml.saml.saml2.core.Assertion)1 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)1 NameID (org.opensaml.saml.saml2.core.NameID)1 SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)1 SAMAssertionSubjectException (org.pac4j.saml.exceptions.SAMAssertionSubjectException)1 SAMLException (org.pac4j.saml.exceptions.SAMLException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial