public void doSAMLRedirect(final HttpServletResponse response, final String relayState) throws SAMLException, MessageEncodingException { final String requestId = SAMLUtils.generateRequestId(); final AuthnRequest authnRequest = createAuthnRequest(requestId); final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(response, true); final BasicSAMLMessageContext<SAMLObject, AuthnRequest, SAMLObject> context = new BasicSAMLMessageContext<>(); final Endpoint endpoint = new SingleSignOnServiceBuilder().buildObject(); endpoint.setLocation(getIdPConfig().getLoginUrl()); context.setPeerEntityEndpoint(endpoint); context.setOutboundSAMLMessage(authnRequest); context.setOutboundSAMLMessageSigningCredential(authnRequest.getSignature().getSigningCredential()); context.setOutboundMessageTransport(responseAdapter); context.setRelayState(relayState == null ? "/" : relayState); final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); encoder.encode(context); }
protected void verifyAuthenticationStatement(AuthnStatement auth, BasicSAMLMessageContext context) throws Exception { // Validate that user wasn't authenticated too long time ago if (!isDateTimeSkewValid(MAX_AUTHENTICATION_TIME, auth.getAuthnInstant())) { System.out.println("Authentication statement is too old to be used"+auth.getAuthnInstant()); throw new Exception("Users authentication data is too old"); } // Validate users session is still valid if (auth.getSessionNotOnOrAfter() != null && auth.getSessionNotOnOrAfter().isAfter(new Date().getTime())) { System.out.println("Authentication session is not valid anymore"+auth.getSessionNotOnOrAfter()); throw new Exception("Users authentication is expired"); } if (auth.getSubjectLocality() != null) { HTTPInTransport httpInTransport = (HTTPInTransport) context.getInboundMessageTransport(); if (auth.getSubjectLocality().getAddress() != null) { if (!httpInTransport.getPeerAddress().equals(auth.getSubjectLocality().getAddress())) { throw new Exception("User is accessing the service from invalid address"); } } } }
protected void renderMergedOutputModel( final Map<String, Object> model, final HttpServletRequest request, final HttpServletResponse response) throws Exception { response.setCharacterEncoding(this.encoding); final WebApplicationService service = this.samlArgumentExtractor.extractService(request); final String serviceId = service != null ? service.getId() : "UNKNOWN"; try { final Response samlResponse = newSamlObject(Response.class); samlResponse.setID(generateId()); samlResponse.setIssueInstant(new DateTime()); samlResponse.setVersion(SAMLVersion.VERSION_11); samlResponse.setRecipient(serviceId); if (service instanceof SamlService) { final SamlService samlService = (SamlService) service; if (samlService.getRequestID() != null) { samlResponse.setInResponseTo(samlService.getRequestID()); } } prepareResponse(samlResponse, model); final BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext.setOutboundMessageTransport(new HttpServletResponseAdapter(response, request.isSecure())); messageContext.setOutboundSAMLMessage(samlResponse); this.encoder.encode(messageContext); } catch (final Exception e) { this.log.error("Error generating SAML response for service {}.", serviceId); throw e; } }
throws AuthenticationResponseProcessorException { BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( request)); SAMLObject samlObject = messageContext.getInboundSAMLMessage(); LOG.debug("SAML object class: " + samlObject.getClass().getName()); if (!(samlObject instanceof Response)) {
@SuppressWarnings("unchecked") public void sendAuthnResponse(SAMLPrincipal principal, HttpServletResponse response) throws MarshallingException, SignatureException, MessageEncodingException { Status status = buildStatus(StatusCode.SUCCESS_URI); String entityId = idpConfiguration.getEntityId(); Credential signingCredential = resolveCredential(entityId); Response authResponse = buildSAMLObject(Response.class, Response.DEFAULT_ELEMENT_NAME); Issuer issuer = buildIssuer(entityId); authResponse.setIssuer(issuer); authResponse.setID(SAMLBuilder.randomSAMLId()); authResponse.setIssueInstant(new DateTime()); authResponse.setInResponseTo(principal.getRequestID()); Assertion assertion = buildAssertion(principal, status, entityId); signAssertion(assertion, signingCredential); authResponse.getAssertions().add(assertion); authResponse.setDestination(principal.getAssertionConsumerServiceURL()); authResponse.setStatus(status); Endpoint endpoint = buildSAMLObject(Endpoint.class, SingleSignOnService.DEFAULT_ELEMENT_NAME); endpoint.setLocation(principal.getAssertionConsumerServiceURL()); HttpServletResponseAdapter outTransport = new HttpServletResponseAdapter(response, false); BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext.setOutboundMessageTransport(outTransport); messageContext.setPeerEntityEndpoint(endpoint); messageContext.setOutboundSAMLMessage(authResponse); messageContext.setOutboundSAMLMessageSigningCredential(signingCredential); messageContext.setOutboundMessageIssuer(entityId); messageContext.setRelayState(principal.getRelayState()); encoder.encode(messageContext); }
true); BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext.setOutboundMessageTransport(outTransport); messageContext.setPeerEntityEndpoint(samlEndpoint); messageContext.setOutboundSAMLMessage(authnRequest); messageContext.setRelayState(relayState); factory.setEmitEntityCertificateChain(true); messageContext.setOutboundSAMLMessageSigningCredential(credential);