Examples with SAMLMessageStorage org.pac4j.saml.storage.SAMLMessageStorage used on opensource projects

Search in sources :

Example 1 with SAMLMessageStorage

use of org.pac4j.saml.storage.SAMLMessageStorage in project pac4j by pac4j.

the class SAML2LogoutResponseValidator method validateSamlProtocolResponse.

/**
 * Validates the SAML protocol response:
 *  - IssueInstant
 *  - Issuer
 *  - StatusCode
 *  - Signature
 *
 * @param response the response
 * @param context the context
 * @param engine the engine
 */
protected final void validateSamlProtocolResponse(final Response response, final SAML2MessageContext context, final SignatureTrustEngine engine) {
    if (!StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) {
        String status = response.getStatus().getStatusCode().getValue();
        if (response.getStatus().getStatusMessage() != null) {
            status += " / " + response.getStatus().getStatusMessage().getMessage();
        }
        throw new SAMLException("Logout response is not success ; actual " + status);
    }
    if (response.getSignature() != null) {
        final String entityId = context.getSAMLPeerEntityContext().getEntityId();
        validateSignature(response.getSignature(), entityId, engine);
        context.getSAMLPeerEntityContext().setAuthenticated(true);
    }
    if (!isIssueInstantValid(response.getIssueInstant())) {
        throw new SAMLIssueInstantException("Response issue instant is too old or in the future");
    }
    final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
    if (messageStorage != null && response.getInResponseTo() != null) {
        final XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
        if (xmlObject == null) {
            throw new SAMLInResponseToMismatchException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
        } else if (!(xmlObject instanceof LogoutRequest)) {
            throw new SAMLInResponseToMismatchException("Sent request was of different type than the expected LogoutRequest " + response.getInResponseTo());
        }
    }
    verifyEndpoint(context.getSAMLEndpointContext().getEndpoint(), response.getDestination());
    if (response.getIssuer() != null) {
        validateIssuer(response.getIssuer(), context);
    }
}
Also used : SAMLInResponseToMismatchException(org.pac4j.saml.exceptions.SAMLInResponseToMismatchException) XMLObject(org.opensaml.core.xml.XMLObject) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) SAMLIssueInstantException(org.pac4j.saml.exceptions.SAMLIssueInstantException) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Example 2 with SAMLMessageStorage

use of org.pac4j.saml.storage.SAMLMessageStorage in project pac4j by pac4j.

the class SAML2WebSSOMessageSender method sendMessage.

@Override
public void sendMessage(final SAML2MessageContext context, final AuthnRequest authnRequest, final Object relayState) {
    final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
    final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
    final SingleSignOnService ssoService = context.getIDPSingleSignOnService(destinationBindingType);
    final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
    final MessageEncoder encoder = getMessageEncoder(context);
    final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
    outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
    outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
    outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
    outboundContext.setMessage(authnRequest);
    outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
    outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoService);
    outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
    outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
    outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
    outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
    if (relayState != null) {
        outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
    }
    try {
        invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
        encoder.setMessageContext(outboundContext);
        encoder.initialize();
        encoder.prepareContext();
        encoder.encode();
        final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
        if (messageStorage != null) {
            messageStorage.storeMessage(authnRequest.getID(), authnRequest);
        }
    } catch (final MessageEncodingException e) {
        throw new SAMLException("Error encoding saml message", e);
    } catch (final ComponentInitializationException e) {
        throw new SAMLException("Error initializing saml encoder", e);
    }
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) MessageEncoder(org.opensaml.messaging.encoder.MessageEncoder) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Example 3 with SAMLMessageStorage

use of org.pac4j.saml.storage.SAMLMessageStorage in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method validateSamlProtocolResponse.

/**
 * Validates the SAML protocol response:
 * - IssueInstant
 * - Issuer
 * - StatusCode
 * - Signature
 *
 * @param response the response
 * @param context  the context
 * @param engine   the engine
 */
protected final void validateSamlProtocolResponse(final Response response, final SAML2MessageContext context, final SignatureTrustEngine engine) {
    if (!StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) {
        String status = response.getStatus().getStatusCode().getValue();
        if (response.getStatus().getStatusMessage() != null) {
            status += " / " + response.getStatus().getStatusMessage().getMessage();
        }
        throw new SAMLException("Authentication response is not success ; actual " + status);
    }
    if (response.getSignature() != null) {
        final String entityId = context.getSAMLPeerEntityContext().getEntityId();
        validateSignature(response.getSignature(), entityId, engine);
        context.getSAMLPeerEntityContext().setAuthenticated(true);
    }
    if (!isIssueInstantValid(response.getIssueInstant())) {
        throw new SAMLIssueInstantException("Response issue instant is too old or in the future");
    }
    AuthnRequest request = null;
    final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
    if (messageStorage != null && response.getInResponseTo() != null) {
        final XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
        if (xmlObject == null) {
            throw new SAMLInResponseToMismatchException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
        } else if (xmlObject instanceof AuthnRequest) {
            request = (AuthnRequest) xmlObject;
        } else {
            throw new SAMLInResponseToMismatchException("Sent request was of different type than the expected AuthnRequest " + response.getInResponseTo());
        }
    }
    verifyEndpoint(context.getSAMLEndpointContext().getEndpoint(), response.getDestination());
    if (request != null) {
        verifyRequest(request, context);
    }
    if (response.getIssuer() != null) {
        validateIssuer(response.getIssuer(), context);
    }
}
Also used : SAMLInResponseToMismatchException(org.pac4j.saml.exceptions.SAMLInResponseToMismatchException) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) XMLObject(org.opensaml.core.xml.XMLObject) SAMLIssueInstantException(org.pac4j.saml.exceptions.SAMLIssueInstantException) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Example 4 with SAMLMessageStorage

use of org.pac4j.saml.storage.SAMLMessageStorage in project pac4j by pac4j.

the class SAML2LogoutMessageSender method sendMessage.

@Override
public void sendMessage(final SAML2MessageContext context, final LogoutRequest logoutRequest, final Object relayState) {
    final SPSSODescriptor spDescriptor = context.getSPSSODescriptor();
    final IDPSSODescriptor idpssoDescriptor = context.getIDPSSODescriptor();
    final SingleLogoutService ssoLogoutService = context.getIDPSingleLogoutService(destinationBindingType);
    final AssertionConsumerService acsService = context.getSPAssertionConsumerService();
    final MessageEncoder encoder = getMessageEncoder(context);
    final SAML2MessageContext outboundContext = new SAML2MessageContext(context);
    outboundContext.getProfileRequestContext().setProfileId(context.getProfileRequestContext().getProfileId());
    outboundContext.getProfileRequestContext().setInboundMessageContext(context.getProfileRequestContext().getInboundMessageContext());
    outboundContext.getProfileRequestContext().setOutboundMessageContext(context.getProfileRequestContext().getOutboundMessageContext());
    outboundContext.setMessage(logoutRequest);
    outboundContext.getSAMLEndpointContext().setEndpoint(acsService);
    outboundContext.getSAMLPeerEndpointContext().setEndpoint(ssoLogoutService);
    outboundContext.getSAMLPeerEntityContext().setRole(context.getSAMLPeerEntityContext().getRole());
    outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId());
    outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol());
    outboundContext.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
    if (relayState != null) {
        outboundContext.getSAMLBindingContext().setRelayState(relayState.toString());
    }
    invokeOutboundMessageHandlers(spDescriptor, idpssoDescriptor, outboundContext);
    try {
        encoder.setMessageContext(outboundContext);
        encoder.initialize();
        encoder.prepareContext();
        encoder.encode();
        final SAMLMessageStorage messageStorage = context.getSAMLMessageStorage();
        if (messageStorage != null) {
            messageStorage.storeMessage(logoutRequest.getID(), logoutRequest);
        }
    } catch (final MessageEncodingException e) {
        throw new SAMLException("Error encoding saml message", e);
    } catch (final ComponentInitializationException e) {
        throw new SAMLException("Error initializing saml encoder", e);
    }
}
Also used : SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) ComponentInitializationException(net.shibboleth.utilities.java.support.component.ComponentInitializationException) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) MessageEncoder(org.opensaml.messaging.encoder.MessageEncoder) SAMLMessageStorage(org.pac4j.saml.storage.SAMLMessageStorage) MessageEncodingException(org.opensaml.messaging.encoder.MessageEncodingException) SAMLException(org.pac4j.saml.exceptions.SAMLException)

Aggregations

SAMLException (org.pac4j.saml.exceptions.SAMLException)4 SAMLMessageStorage (org.pac4j.saml.storage.SAMLMessageStorage)4 ComponentInitializationException (net.shibboleth.utilities.java.support.component.ComponentInitializationException)2 XMLObject (org.opensaml.core.xml.XMLObject)2 MessageEncoder (org.opensaml.messaging.encoder.MessageEncoder)2 MessageEncodingException (org.opensaml.messaging.encoder.MessageEncodingException)2 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 SAML2MessageContext (org.pac4j.saml.context.SAML2MessageContext)2 SAMLInResponseToMismatchException (org.pac4j.saml.exceptions.SAMLInResponseToMismatchException)2 SAMLIssueInstantException (org.pac4j.saml.exceptions.SAMLIssueInstantException)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)1 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)1 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)1 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial