Search in sources :

Example 1 with Endpoint

use of org.springframework.security.saml.saml2.metadata.Endpoint in project cas by apereo.

the class SamlIdPUtils method determineEndpointForRequest.

/**
 * Determine assertion consumer service assertion consumer service.
 *
 * @param authnContext the authn context
 * @param adaptor      the adaptor
 * @param binding      the binding
 * @return the assertion consumer service
 */
public static Endpoint determineEndpointForRequest(final Pair<? extends RequestAbstractType, MessageContext> authnContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) {
    var endpoint = (Endpoint) null;
    val authnRequest = authnContext.getLeft();
    if (authnRequest instanceof LogoutRequest) {
        endpoint = adaptor.getSingleLogoutService(binding);
    } else {
        val acsEndpointFromReq = getAssertionConsumerServiceFromRequest(authnRequest, binding, adaptor);
        val acsEndpointFromMetadata = adaptor.getAssertionConsumerService(binding);
        endpoint = determineEndpointForRequest(authnRequest, adaptor, binding, acsEndpointFromReq, acsEndpointFromMetadata, authnContext.getRight());
    }
    if (endpoint == null) {
        throw new SamlException("Endpoint for " + authnRequest.getSchemaType() + " is not available or does not define a binding for " + binding);
    }
    val missingLocation = StringUtils.isBlank(endpoint.getResponseLocation()) && StringUtils.isBlank(endpoint.getLocation());
    if (StringUtils.isBlank(endpoint.getBinding()) || missingLocation) {
        throw new SamlException("Endpoint for " + authnRequest.getSchemaType() + " does not define a binding or location for binding " + binding);
    }
    return endpoint;
}
Also used : lombok.val(lombok.val) Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)

Example 2 with Endpoint

use of org.springframework.security.saml.saml2.metadata.Endpoint in project cas by apereo.

the class SamlIdPUtils method preparePeerEntitySamlEndpointContext.

/**
     * Prepare peer entity saml endpoint.
     *
     * @param outboundContext the outbound context
     * @param adaptor         the adaptor
     * @throws SamlException the saml exception
     */
public static void preparePeerEntitySamlEndpointContext(final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final List<AssertionConsumerService> assertionConsumerServices = adaptor.getAssertionConsumerServices();
    if (assertionConsumerServices.isEmpty()) {
        throw new SamlException("No assertion consumer service could be found for entity " + adaptor.getEntityId());
    }
    final SAMLPeerEntityContext peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true);
    if (peerEntityContext == null) {
        throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + adaptor.getEntityId());
    }
    final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
    if (endpointContext == null) {
        throw new SamlException("SAMLEndpointContext could not be defined for entity " + adaptor.getEntityId());
    }
    final Endpoint endpoint = assertionConsumerServices.get(0);
    if (StringUtils.isBlank(endpoint.getBinding()) || StringUtils.isBlank(endpoint.getLocation())) {
        throw new SamlException("Assertion consumer service does not define a binding or location for " + adaptor.getEntityId());
    }
    LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding());
    endpointContext.setEndpoint(endpoint);
}
Also used : SAMLEndpointContext(org.opensaml.saml.common.messaging.context.SAMLEndpointContext) Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)

Example 3 with Endpoint

use of org.springframework.security.saml.saml2.metadata.Endpoint in project pac4j by pac4j.

the class SAML2LogoutResponseValidator method isValidBearerSubjectConfirmationData.

/**
 * Validate Bearer subject confirmation data
 *  - notBefore
 *  - NotOnOrAfter
 *  - recipient
 *
 * @param data the data
 * @param context the context
 * @return true if all Bearer subject checks are passing
 */
protected final boolean isValidBearerSubjectConfirmationData(final SubjectConfirmationData data, final SAML2MessageContext context) {
    if (data == null) {
        logger.debug("SubjectConfirmationData cannot be null for Bearer confirmation");
        return false;
    }
    if (data.getNotBefore() != null) {
        logger.debug("SubjectConfirmationData notBefore must be null for Bearer confirmation");
        return false;
    }
    if (data.getNotOnOrAfter() == null) {
        logger.debug("SubjectConfirmationData notOnOrAfter cannot be null for Bearer confirmation");
        return false;
    }
    if (data.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) {
        logger.debug("SubjectConfirmationData notOnOrAfter is too old");
        return false;
    }
    try {
        if (data.getRecipient() == null) {
            logger.debug("SubjectConfirmationData recipient cannot be null for Bearer confirmation");
            return false;
        } else {
            final Endpoint endpoint = context.getSAMLEndpointContext().getEndpoint();
            if (endpoint == null) {
                logger.warn("No endpoint was found in the SAML endpoint context");
                return false;
            }
            final URI recipientUri = new URI(data.getRecipient());
            final URI appEndpointUri = new URI(endpoint.getLocation());
            if (!UriUtils.urisEqualAfterPortNormalization(recipientUri, appEndpointUri)) {
                logger.debug("SubjectConfirmationData recipient {} does not match SP assertion consumer URL, found. " + "SP ACS URL from context: {}", recipientUri, appEndpointUri);
                return false;
            }
        }
    } catch (URISyntaxException use) {
        logger.error("Unable to check SubjectConfirmationData recipient, a URI has invalid syntax.", use);
        return false;
    }
    return true;
}
Also used : Endpoint(org.opensaml.saml.saml2.metadata.Endpoint) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI)

Example 4 with Endpoint

use of org.springframework.security.saml.saml2.metadata.Endpoint in project MaxKey by dromara.

the class AssertionEndpoint method assertion.

@RequestMapping(value = "/authz/saml20/assertion")
public ModelAndView assertion(HttpServletRequest request, HttpServletResponse response) throws Exception {
    logger.debug("saml20 assertion start.");
    bindingAdapter = (BindingAdapter) request.getSession().getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
    logger.debug("saml20 assertion get session samlv20Adapter " + bindingAdapter);
    AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
    logger.debug("saml20Details " + saml20Details.getExtendAttr());
    AuthnRequestInfo authnRequestInfo = bindingAdapter.getAuthnRequestInfo();
    if (authnRequestInfo == null) {
        logger.warn("Could not find AuthnRequest on the request.  Responding with SC_FORBIDDEN.");
        throw new Exception();
    }
    logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
    HashMap<String, String> attributeMap = new HashMap<String, String>();
    attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId());
    // saml20Details
    Response authResponse = authnResponseGenerator.generateAuthnResponse(saml20Details, authnRequestInfo, attributeMap, bindingAdapter);
    Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());
    request.getSession().removeAttribute(AuthnRequestInfo.class.getName());
    // request issuer...
    try {
        bindingAdapter.sendSAMLMessage(authResponse, endpoint, request, response);
    } catch (MessageEncodingException mee) {
        logger.error("Exception encoding SAML message", mee);
        throw new Exception(mee);
    }
    return null;
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(org.opensaml.saml2.core.Response) AppsSAML20Details(org.maxkey.entity.apps.AppsSAML20Details) Endpoint(org.opensaml.saml2.metadata.Endpoint) HashMap(java.util.HashMap) AuthnRequestInfo(org.maxkey.authz.saml.common.AuthnRequestInfo) SigninPrincipal(org.maxkey.authn.SigninPrincipal) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with Endpoint

use of org.springframework.security.saml.saml2.metadata.Endpoint in project MaxKey by dromara.

the class EndpointGenerator method generateEndpoint.

public Endpoint generateEndpoint(String location) {
    logger.debug("end point location: {}", location);
    Endpoint samlEndpoint = new AssertionConsumerServiceBuilder().buildObject();
    samlEndpoint.setLocation(location);
    return samlEndpoint;
}
Also used : Endpoint(org.opensaml.saml2.metadata.Endpoint) AssertionConsumerServiceBuilder(org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder)

Aggregations

Endpoint (org.opensaml.saml.saml2.metadata.Endpoint)6 URI (java.net.URI)3 Endpoint (org.opensaml.saml2.metadata.Endpoint)3 URISyntaxException (java.net.URISyntaxException)2 SAMLEndpointContext (org.opensaml.saml.common.messaging.context.SAMLEndpointContext)2 SAMLPeerEntityContext (org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)2 AssertionConsumerServiceBuilder (org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 lombok.val (lombok.val)1 DateTime (org.joda.time.DateTime)1 SigninPrincipal (org.maxkey.authn.SigninPrincipal)1 AuthnRequestInfo (org.maxkey.authz.saml.common.AuthnRequestInfo)1 AppsSAML20Details (org.maxkey.entity.apps.AppsSAML20Details)1 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)1 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)1 Response (org.opensaml.saml2.core.Response)1 MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)1 ExternalIdentityProviderConfiguration (org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration)1