use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class SAML2SSOTestBase method sendSAMLAuthenticationRequest.
/**
* Send SAML2 Authentication request and get the SessionDataKey from IDP.
*
* @param client Closable HTTP Client.
* @param saml2AuthRequest SAML2 authentication request.
* @param samlConfig SAML configuration.
* @param samlssoServiceProviderDTO SAMLSSO Service Provider DTO.
* @param x509Credential x509Credential implementation.
* @param userAgent
* @return HTTP Response with SessionDataKey from the IDP.
* @throws Exception
*/
public HttpResponse sendSAMLAuthenticationRequest(CloseableHttpClient client, AuthnRequest saml2AuthRequest, SAMLConfig samlConfig, SAMLSSOServiceProviderDTO samlssoServiceProviderDTO, X509Credential x509Credential, String userAgent) throws Exception {
HttpResponse response;
if (SAMLConstants.SAML2_POST_BINDING_URI.equals(samlConfig.getHttpBinding())) {
String samlPostRequest = buildSAMLPOSTRequest(saml2AuthRequest, samlConfig, x509Credential);
response = sendSAMLPostMessage(client, samlSSOIDPUrl, SAML_REQUEST_PARAM, samlPostRequest, samlConfig, userAgent);
EntityUtils.consume(response.getEntity());
response = sendRedirectRequest(response, userAgent, samlssoServiceProviderDTO.getDefaultAssertionConsumerUrl(), client);
} else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(samlConfig.getHttpBinding())) {
String redirectRequest = buildRedirectRequest(saml2AuthRequest, samlConfig, samlSSOIDPUrl, x509Credential);
response = sendGetRequest(client, redirectRequest, null, new Header[] { new BasicHeader(HttpHeaders.USER_AGENT, userAgent) });
} else {
throw new Exception("Unsupported HTTP binding format " + samlConfig.getHttpBinding());
}
return response;
}
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class SAML2SSOTestBase method addDeflateSignatureToHTTPQueryString.
private void addDeflateSignatureToHTTPQueryString(StringBuilder httpQueryString, String signatureAlg, String xmlSignatureAlg, X509Credential cred) throws Exception {
doBootstrap();
if (StringUtils.isEmpty(xmlSignatureAlg)) {
xmlSignatureAlg = XMLSignature.ALGO_ID_SIGNATURE_RSA;
}
if (StringUtils.isEmpty(signatureAlg)) {
signatureAlg = SIGNATURE_ALGORITHM_SHA1_RSA;
}
try {
httpQueryString.append("&SigAlg=" + URLEncoder.encode(xmlSignatureAlg, StandardCharsets.UTF_8.name()).trim());
java.security.Signature signature = java.security.Signature.getInstance(signatureAlg);
signature.initSign(cred.getPrivateKey());
signature.update(httpQueryString.toString().getBytes(Charset.forName(StandardCharsets.UTF_8.name())));
byte[] signatureByteArray = signature.sign();
String signatureBase64encodedString = Base64.encodeBytes(signatureByteArray, Base64.DONT_BREAK_LINES);
httpQueryString.append("&Signature=" + URLEncoder.encode(signatureBase64encodedString, StandardCharsets.UTF_8.name()).trim());
} catch (Exception e) {
throw new Exception("Error applying SAML2 Redirect Binding signature", e);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project carbon-identity-framework by wso2.
the class LoginContextManagementUtil method getRelyingPartyRedirectUrl.
/**
* Returns the redirect url configured in the registry against relying party.
* This is a deprecated functionality. Use the getAccessURLFromApplication method instead of this method
* @param relyingParty Name of the relying party
* @param tenantDomain Tenant Domain.
* @return Redirect URL.
*/
@Deprecated
public static String getRelyingPartyRedirectUrl(String relyingParty, String tenantDomain) {
if (log.isDebugEnabled()) {
log.debug("Retrieving configured url against relying party : " + relyingParty + "for tenant domain : " + tenantDomain);
}
ServiceProvider sp;
String redirectUrl = null;
// Retrieve an application of which oauth2 is configured as the inbound auth config.
sp = getServiceProviderByRelyingParty(relyingParty, tenantDomain, OAUTH2);
if (sp == null) {
// Retrieve an application of which saml2 is configured as the inbound auth config.
sp = getServiceProviderByRelyingParty(relyingParty, tenantDomain, SAML2);
}
if (sp != null) {
redirectUrl = sp.getAccessUrl();
}
if (log.isDebugEnabled() && StringUtils.isNotEmpty(redirectUrl)) {
log.debug("Redirect URL is: " + redirectUrl + " for the the relyingParty: " + relyingParty + " in tenant: " + tenantDomain);
}
return redirectUrl;
}
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project carbon-identity-framework by wso2.
the class SAMLSSOServiceProviderDAO method addServiceProvider.
/**
* Add the service provider information to the registry.
* @param serviceProviderDO Service provider information object.
* @return True if addition successful.
* @throws IdentityException Error while persisting to the registry.
*/
public boolean addServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) throws IdentityException {
if (serviceProviderDO == null || serviceProviderDO.getIssuer() == null || StringUtils.isBlank(serviceProviderDO.getIssuer())) {
throw new IdentityException("Issuer cannot be found in the provided arguments.");
}
// If an issuer qualifier value is specified, it is appended to the end of the issuer value.
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
serviceProviderDO.setIssuer(getIssuerWithQualifier(serviceProviderDO.getIssuer(), serviceProviderDO.getIssuerQualifier()));
}
String path = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(serviceProviderDO.getIssuer());
boolean isTransactionStarted = Transaction.isStarted();
boolean isErrorOccurred = false;
try {
if (registry.resourceExists(path)) {
if (log.isDebugEnabled()) {
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
log.debug("SAML2 Service Provider already exists with the same issuer name " + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO.getIssuerQualifier());
} else {
log.debug("SAML2 Service Provider already exists with the same issuer name " + serviceProviderDO.getIssuer());
}
}
return false;
}
Resource resource = createResource(serviceProviderDO);
if (!isTransactionStarted) {
registry.beginTransaction();
}
registry.put(path, resource);
if (log.isDebugEnabled()) {
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " with issuer " + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier " + serviceProviderDO.getIssuerQualifier() + " is added successfully.");
} else {
log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " is added successfully.");
}
}
return true;
} catch (RegistryException e) {
isErrorOccurred = true;
String msg;
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
msg = "Error while adding SAML2 Service Provider for issuer: " + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO.getIssuerQualifier();
} else {
msg = "Error while adding SAML2 Service Provider for issuer: " + serviceProviderDO.getIssuer();
}
log.error(msg, e);
throw IdentityException.error(msg, e);
} finally {
commitOrRollbackTransaction(isErrorOccurred);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project carbon-identity-framework by wso2.
the class SAMLSSOServiceProviderDAO method uploadServiceProvider.
/**
* Upload service Provider using metadata file..
* @param serviceProviderDO Service provider information object.
* @return True if upload success.
* @throws IdentityException Error occurred while adding the information to registry.
*/
public SAMLSSOServiceProviderDO uploadServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) throws IdentityException {
if (serviceProviderDO == null || serviceProviderDO.getIssuer() == null) {
throw new IdentityException("Issuer cannot be found in the provided arguments.");
}
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
serviceProviderDO.setIssuer(getIssuerWithQualifier(serviceProviderDO.getIssuer(), serviceProviderDO.getIssuerQualifier()));
}
if (serviceProviderDO.getDefaultAssertionConsumerUrl() == null) {
throw new IdentityException("No default assertion consumer URL provided for service provider :" + serviceProviderDO.getIssuer());
}
String path = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(serviceProviderDO.getIssuer());
boolean isTransactionStarted = Transaction.isStarted();
boolean isErrorOccurred = false;
try {
if (registry.resourceExists(path)) {
if (log.isDebugEnabled()) {
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
log.debug("SAML2 Service Provider already exists with the same issuer name " + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO.getIssuerQualifier());
} else {
log.debug("SAML2 Service Provider already exists with the same issuer name " + serviceProviderDO.getIssuer());
}
}
throw IdentityException.error("A Service Provider already exists.");
}
if (!isTransactionStarted) {
registry.beginTransaction();
}
Resource resource = createResource(serviceProviderDO);
registry.put(path, resource);
if (log.isDebugEnabled()) {
if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " with issuer " + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier " + serviceProviderDO.getIssuerQualifier() + " is added successfully.");
} else {
log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " is added successfully.");
}
}
return serviceProviderDO;
} catch (RegistryException e) {
isErrorOccurred = true;
throw IdentityException.error("Error while adding Service Provider.", e);
} finally {
commitOrRollbackTransaction(isErrorOccurred);
}
}
Aggregations