Example 1 with InboundResponseFromIdpData
use of uk.gov.ida.saml.core.domain.InboundResponseFromIdpData in project verify-hub by alphagov.
the class InboundResponseFromIdpDataGenerator method generate.
public InboundResponseFromIdpData generate(InboundResponseFromIdp idaResponseFromIdp, String matchingServiceEntityId) {
Optional<String> principalIpAddressFromIdp = empty();
Optional<String> persistentId = empty();
Optional<String> idpFraudEventId = empty();
Optional<String> fraudIndicator = empty();
String levelOfAssurance = null;
if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
final PassthroughAssertion authnStatementAssertion = idaResponseFromIdp.getAuthnStatementAssertion().get();
principalIpAddressFromIdp = authnStatementAssertion.getPrincipalIpAddressAsSeenByIdp();
persistentId = Optional.ofNullable(authnStatementAssertion.getPersistentId().getNameId());
if (authnStatementAssertion.getAuthnContext().isPresent()) {
levelOfAssurance = authnStatementAssertion.getAuthnContext().get().name();
}
if (authnStatementAssertion.getFraudDetectedDetails().isPresent()) {
idpFraudEventId = Optional.of(authnStatementAssertion.getFraudDetectedDetails().get().getIdpFraudEventId());
fraudIndicator = Optional.of(authnStatementAssertion.getFraudDetectedDetails().get().getFraudIndicator());
}
}
Optional<String> encryptedMatchingDatasetAssertion = idaResponseFromIdp.getMatchingDatasetAssertion().map(PassthroughAssertion::getUnderlyingAssertionBlob).map(blob -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, blob));
Optional<String> encryptedAuthnAssertion = idaResponseFromIdp.getAuthnStatementAssertion().map(PassthroughAssertion::getUnderlyingAssertionBlob).map(blob -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, blob));
return new InboundResponseFromIdpData(idaResponseFromIdp.getStatus().getStatusCode(), idaResponseFromIdp.getStatus().getMessage(), idaResponseFromIdp.getIssuer(), encryptedAuthnAssertion, encryptedMatchingDatasetAssertion, persistentId, principalIpAddressFromIdp, levelOfAssurance, idpFraudEventId, fraudIndicator, idaResponseFromIdp.getNotOnOrAfter());
}
Also used :
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
InboundResponseFromIdpData(uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)
Example 2 with InboundResponseFromIdpData
use of uk.gov.ida.saml.core.domain.InboundResponseFromIdpData in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorService method translate.
public InboundResponseFromIdpDto translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
Response response = stringToOpenSamlResponseTransformer.apply(samlResponseDto.getSamlResponse());
MdcHelper.addContextToMdc(response);
try {
InboundResponseFromIdp idaResponseFromIdp = samlResponseToIdaResponseIssuedByIdpTransformer.apply(response);
UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(idaResponseFromIdp);
if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
Assertion authnStatementAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getAuthnStatementAssertion().get().getUnderlyingAssertionBlob());
logAnalytics(authnStatementAssertion, AUTHN_STATEMENT);
}
Assertion matchingDatasetAssertion = null;
if (idaResponseFromIdp.getMatchingDatasetAssertion().isPresent()) {
matchingDatasetAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getMatchingDatasetAssertion().get().getUnderlyingAssertionBlob());
logAnalytics(matchingDatasetAssertion, MATCHING_DATASET);
}
InboundResponseFromIdpData inboundResponseFromIdpData = inboundResponseFromIdpDataGenerator.generate(idaResponseFromIdp, samlResponseDto.getMatchingServiceEntityId());
Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
if (!Strings.isNullOrEmpty(inboundResponseFromIdpData.getLevelOfAssurance())) {
levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(inboundResponseFromIdpData.getLevelOfAssurance()));
}
logVerifiedAttributes(idaResponseFromIdp, matchingDatasetAssertion, levelOfAssurance);
return new InboundResponseFromIdpDto(inboundResponseFromIdpData.getStatus(), inboundResponseFromIdpData.getStatusMessage(), inboundResponseFromIdpData.getIssuer(), inboundResponseFromIdpData.getEncryptedAuthnAssertion(), inboundResponseFromIdpData.getEncryptedMatchingDatasetAssertion(), inboundResponseFromIdpData.getPersistentId(), inboundResponseFromIdpData.getPrincipalIpAddressAsSeenByIdp(), levelOfAssurance, inboundResponseFromIdpData.getIdpFraudEventId(), inboundResponseFromIdpData.getFraudIndicator(), inboundResponseFromIdpData.getNotOnOrAfter());
} catch (SamlTransformationErrorException e) {
throw new SamlContextException(response.getID(), response.getIssuer().getValue(), e);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
SamlContextException(uk.gov.ida.hub.samlengine.exceptions.SamlContextException)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp)
Assertion(org.opensaml.saml.saml2.core.Assertion)
InboundResponseFromIdpData(uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)
Aggregations
InboundResponseFromIdpData (uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)2
Assertion (org.opensaml.saml.saml2.core.Assertion)1
Response (org.opensaml.saml.saml2.core.Response)1
InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)1
LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)1
SamlContextException (uk.gov.ida.hub.samlengine.exceptions.SamlContextException)1
PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)1
SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1
InboundResponseFromIdp (uk.gov.ida.saml.hub.domain.InboundResponseFromIdp)1
