/** {@inheritDoc} */ @Override @Nonnull @NotEmpty public String generate(@Nonnull @NotEmpty final String relyingPartyId, @Nonnull @NotEmpty final String principalName) throws SAMLException { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); final StringBuilder principalTokenIdBuilder = new StringBuilder(); principalTokenIdBuilder.append(relyingPartyId).append("!").append(principalName); try { return dataSealer.wrap(principalTokenIdBuilder.toString(), System.currentTimeMillis() + idLifetime); } catch (final DataSealerException e) { throw new SAMLException("Exception wrapping principal identifier", e); } }
/** {@inheritDoc} */ @Override @Nullable public NameIdType generate(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty final String theFormat) throws SAMLException { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); if (!Objects.equals(format, theFormat)) { throw new SAMLException("The format to generate does not match the value configured"); } else if (!apply(profileRequestContext)) { return null; } return doGenerate(profileRequestContext); }
throw new SAMLException("Generation blocked by exception rule"); return Base64Support.encode(md.digest(effectiveSalt), Base64Support.UNCHUNKED); } else { throw new SAMLException("Desired encoding was not recognized, unable to compute ID"); throw new SAMLException("Digest algorithm was not supported, unable to compute ID", e);
/** {@inheritDoc} */ @Override @Nonnull @NotEmpty public String generate(@Nonnull @NotEmpty final String assertingPartyId, @Nonnull @NotEmpty final String relyingPartyId, @Nonnull @NotEmpty final String principalName, @Nonnull @NotEmpty final String sourceId) throws SAMLException { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); try { final PersistentIdEntry idEntry = pidStore.getBySourceValue(assertingPartyId, relyingPartyId, sourceId, principalName, true, computedIdStrategy); if (idEntry == null) { log.debug("No persistent ID returned from storage for '{}'", principalName); throw new SAMLException("No persistent ID returned from storage"); } log.debug("Obtained persistent ID entry: {}", idEntry); final String pid = StringSupport.trimOrNull(idEntry.getPersistentId()); if (null == pid) { log.debug("Returned persistent ID was null"); throw new SAMLException("Returned persistent ID was null"); } return pid; } catch (final IOException e) { log.debug("ID storage error obtaining persistent identifier", e); throw new SAMLException("ID storage error obtaining persistent identifier", e); } }
/** * Verify authentication context signature. * * @param ctx the authentication context * @param request the request * @param authnRequest the authn request * @param adaptor the adaptor * @throws Exception the exception */ protected void verifyAuthenticationContextSignature(final MessageContext ctx, final HttpServletRequest request, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws Exception { if (!SAMLBindingSupport.isMessageSigned(ctx)) { LOGGER.debug("The authentication context is not signed"); if (adaptor.isAuthnRequestsSigned()) { LOGGER.error("Metadata for [{}] says authentication requests are signed, yet authentication request is not", adaptor.getEntityId()); throw new SAMLException("AuthN request is not signed but should be"); } LOGGER.debug("Authentication request is not signed, so there is no need to verify its signature."); } else { LOGGER.debug("The authentication context is signed; Proceeding to validate signatures..."); this.samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(authnRequest, adaptor, request, ctx); } }
/** {@inheritDoc} */ @Override @Nullable public NameIdentifier generate(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty final String format) throws SAMLException { ServiceableComponent<NameIdentifierGenerationService> component = null; try { component = generatorService.getServiceableComponent(); if (component == null) { throw new SAMLException("Invalid NameIdentifierGenerationService configuration"); } return component.getComponent().getSAML1NameIdentifierGenerator().generate(profileRequestContext, format); } finally { if (null != component) { component.unpinComponent(); } } }
/** {@inheritDoc} */ @Override @Nullable public NameID generate(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty final String format) throws SAMLException { ServiceableComponent<NameIdentifierGenerationService> component = null; try { component = generatorService.getServiceableComponent(); if (component == null) { throw new SAMLException("Invalid NameIdentifierGenerationService configuration"); } return component.getComponent().getSAML2NameIDGenerator().generate(profileRequestContext, format); } finally { if (null != component) { component.unpinComponent(); } } }
throw new SAMLException("Exceeded allowable number of collisions"); } catch (final IOException e) { throw new SAMLException(e);
throw new SAMLException("Logout request is not signed but should be.");