use of org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial in project spring-security by spring-projects.
the class OpenSamlLogoutResponseResolver method resolve.
Saml2LogoutResponse resolve(HttpServletRequest request, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutResponse> logoutResponseConsumer) {
String registrationId = getRegistrationId(authentication);
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
if (registration == null) {
return null;
}
if (registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation() == null) {
return null;
}
String serialized = request.getParameter(Saml2ParameterNames.SAML_REQUEST);
byte[] b = Saml2Utils.samlDecode(serialized);
LogoutRequest logoutRequest = parse(inflateIfRequired(registration, b));
LogoutResponse logoutResponse = this.logoutResponseBuilder.buildObject();
logoutResponse.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
Issuer issuer = this.issuerBuilder.buildObject();
issuer.setValue(registration.getEntityId());
logoutResponse.setIssuer(issuer);
StatusCode code = this.statusCodeBuilder.buildObject();
code.setValue(StatusCode.SUCCESS);
Status status = this.statusBuilder.buildObject();
status.setStatusCode(code);
logoutResponse.setStatus(status);
logoutResponse.setInResponseTo(logoutRequest.getID());
if (logoutResponse.getID() == null) {
logoutResponse.setID("LR" + UUID.randomUUID());
}
logoutResponseConsumer.accept(registration, logoutResponse);
Saml2LogoutResponse.Builder result = Saml2LogoutResponse.withRelyingPartyRegistration(registration);
if (registration.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
String xml = serialize(OpenSamlSigningUtils.sign(logoutResponse, registration));
String samlResponse = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
result.samlResponse(samlResponse);
if (request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
result.relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE));
}
return result.build();
} else {
String xml = serialize(logoutResponse);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
result.samlResponse(deflatedAndEncoded);
QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_RESPONSE, deflatedAndEncoded);
if (request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
partial.param(Saml2ParameterNames.RELAY_STATE, request.getParameter(Saml2ParameterNames.RELAY_STATE));
}
return result.parameters((params) -> params.putAll(partial.parameters())).build();
}
}
use of org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial in project spring-security by spring-projects.
the class OpenSamlLogoutRequestResolver method resolve.
Saml2LogoutRequest resolve(HttpServletRequest request, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutRequest> logoutRequestConsumer) {
String registrationId = getRegistrationId(authentication);
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
if (registration == null) {
return null;
}
if (registration.getAssertingPartyDetails().getSingleLogoutServiceLocation() == null) {
return null;
}
LogoutRequest logoutRequest = this.logoutRequestBuilder.buildObject();
logoutRequest.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
Issuer issuer = this.issuerBuilder.buildObject();
issuer.setValue(registration.getEntityId());
logoutRequest.setIssuer(issuer);
NameID nameId = this.nameIdBuilder.buildObject();
nameId.setValue(authentication.getName());
logoutRequest.setNameID(nameId);
if (authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal) {
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
for (String index : principal.getSessionIndexes()) {
SessionIndex sessionIndex = this.sessionIndexBuilder.buildObject();
sessionIndex.setSessionIndex(index);
logoutRequest.getSessionIndexes().add(sessionIndex);
}
}
logoutRequestConsumer.accept(registration, logoutRequest);
if (logoutRequest.getID() == null) {
logoutRequest.setID("LR" + UUID.randomUUID());
}
String relayState = UUID.randomUUID().toString();
Saml2LogoutRequest.Builder result = Saml2LogoutRequest.withRelyingPartyRegistration(registration).id(logoutRequest.getID());
if (registration.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
String xml = serialize(OpenSamlSigningUtils.sign(logoutRequest, registration));
String samlRequest = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
return result.samlRequest(samlRequest).relayState(relayState).build();
} else {
String xml = serialize(logoutRequest);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
result.samlRequest(deflatedAndEncoded);
QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState);
return result.parameters((params) -> params.putAll(partial.parameters())).build();
}
}
use of org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial in project spring-security by spring-projects.
the class OpenSaml4AuthenticationRequestFactory method createRedirectAuthenticationRequest.
/**
* {@inheritDoc}
*/
@Override
public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context) {
AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
RelyingPartyRegistration registration = context.getRelyingPartyRegistration();
String xml = OpenSamlSigningUtils.serialize(authnRequest);
Saml2RedirectAuthenticationRequest.Builder result = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
result.samlRequest(deflatedAndEncoded).relayState(context.getRelayState());
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded);
if (StringUtils.hasText(context.getRelayState())) {
partial.param(Saml2ParameterNames.RELAY_STATE, context.getRelayState());
}
Map<String, String> parameters = partial.parameters();
return result.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE)).build();
}
return result.build();
}
use of org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestFactory method createRedirectAuthenticationRequest.
@Override
public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext context) {
AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
RelyingPartyRegistration registration = context.getRelyingPartyRegistration();
String xml = OpenSamlSigningUtils.serialize(authnRequest);
Saml2RedirectAuthenticationRequest.Builder result = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
result.samlRequest(deflatedAndEncoded).relayState(context.getRelayState());
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded);
if (StringUtils.hasText(context.getRelayState())) {
partial.param(Saml2ParameterNames.RELAY_STATE, context.getRelayState());
}
Map<String, String> parameters = partial.parameters();
return result.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE)).build();
}
return result.build();
}
Aggregations