Search in sources :

Example 6 with Builder

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestResolver method resolve.

<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request, BiConsumer<RelyingPartyRegistration, AuthnRequest> authnRequestConsumer) {
    RequestMatcher.MatchResult result = this.requestMatcher.matcher(request);
    if (!result.isMatch()) {
        return null;
    }
    String registrationId = result.getVariables().get("registrationId");
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
    if (registration == null) {
        return null;
    }
    AuthnRequest authnRequest = this.authnRequestBuilder.buildObject();
    authnRequest.setForceAuthn(Boolean.FALSE);
    authnRequest.setIsPassive(Boolean.FALSE);
    authnRequest.setProtocolBinding(registration.getAssertionConsumerServiceBinding().getUrn());
    Issuer iss = this.issuerBuilder.buildObject();
    iss.setValue(registration.getEntityId());
    authnRequest.setIssuer(iss);
    authnRequest.setDestination(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
    authnRequest.setAssertionConsumerServiceURL(registration.getAssertionConsumerServiceLocation());
    authnRequestConsumer.accept(registration, authnRequest);
    if (authnRequest.getID() == null) {
        authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
    }
    String relayState = UUID.randomUUID().toString();
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleSignOnServiceBinding();
    if (binding == Saml2MessageBinding.POST) {
        if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            OpenSamlSigningUtils.sign(authnRequest, registration);
        }
        String xml = serialize(authnRequest);
        String encoded = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
        return (T) Saml2PostAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(encoded).relayState(relayState).build();
    } else {
        String xml = serialize(authnRequest);
        String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
        Saml2RedirectAuthenticationRequest.Builder builder = Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(deflatedAndEncoded).relayState(relayState);
        if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            Map<String, String> parameters = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState).parameters();
            builder.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE));
        }
        return (T) builder.build();
    }
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)

Aggregations

Saml2Exception (org.springframework.security.saml2.Saml2Exception)4 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)4 X509Certificate (java.security.cert.X509Certificate)3 List (java.util.List)3 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)3 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)3 InputStream (java.io.InputStream)2 CertificateException (java.security.cert.CertificateException)2 CertificateFactory (java.security.cert.CertificateFactory)2 ArrayList (java.util.ArrayList)2 Map (java.util.Map)2 StringUtils (org.apache.commons.lang3.StringUtils)2 InMemoryRelyingPartyRegistrationRepository (org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository)2 AuthUtil (com.evolveum.midpoint.authentication.api.util.AuthUtil)1 MidpointAssertingPartyMetadataConverter (com.evolveum.midpoint.authentication.impl.saml.MidpointAssertingPartyMetadataConverter)1 AuthSequenceUtil.getBasePath (com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil.getBasePath)1 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)1 Protector (com.evolveum.midpoint.prism.crypto.Protector)1 Trace (com.evolveum.midpoint.util.logging.Trace)1 TraceManager (com.evolveum.midpoint.util.logging.TraceManager)1