@Override public CompletionStage<Void> beforeInitiatingSso(ServiceRequestContext ctx, HttpRequest req, MessageContext<AuthnRequest> message, SamlIdentityProviderConfig idpConfig) { final String requestedPath = req.path(); if (requestedPath.length() <= 80) { // Relay the requested path by default. final SAMLBindingContext sub = message.getSubcontext(SAMLBindingContext.class, true); assert sub != null : "SAMLBindingContext"; sub.setRelayState(requestedPath); } return CompletableFuture.completedFuture(null); }
@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(MessageContext<SAMLObject> messageContext) { SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI()); bindingContext.setBindingDescriptor(bindingDescriptor); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired(false); }
.getSubcontext(SAMLBindingContext.class); decodedCtx.getSAMLBindingContext().setBindingDescriptor(bindingContext.getBindingDescriptor()); decodedCtx.getSAMLBindingContext().setBindingUri(bindingContext.getBindingUri()); decodedCtx.getSAMLBindingContext().setHasBindingSignature(bindingContext.hasBindingSignature()); decodedCtx.getSAMLBindingContext().setIntendedDestinationEndpointURIRequired(bindingContext .isIntendedDestinationEndpointURIRequired()); final String relayState = bindingContext.getRelayState(); decodedCtx.getSAMLBindingContext().setRelayState(relayState); context.getSAMLBindingContext().setRelayState(relayState);
final SAMLBindingContext bindingCtx = profileRequestContext.getInboundMessageContext().getSubcontext(SAMLBindingContext.class); if (bindingCtx != null && bindingCtx.getBindingUri() != null) { final Optional<BindingDescriptor> binding = Iterables.tryFind(bindingDescriptors, new Predicate<BindingDescriptor>() { outboundCtx.setRelayState(SAMLBindingSupport.getRelayState( profileRequestContext.getInboundMessageContext())); outboundCtx.setBindingDescriptor(binding.get()); return true;
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(final SAML2MessageContext messageContext) { SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI(messageContext)); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired(SAMLBindingSupport.isMessageSigned(messageContext)); }
bindingCtx.setRelayState(SAMLBindingSupport.getRelayState(profileRequestContext.getInboundMessageContext())); bindingCtx.setBindingDescriptor(bindingDescriptor.get()); } else { bindingCtx.setBindingUri(resolvedEndpoint.getBinding());
bindingCtx.setRelayState(SAMLBindingSupport.getRelayState( profileRequestContext.getInboundMessageContext())); bindingCtx.setBindingUri(outboundBinding);
@Override public boolean apply(final BindingDescriptor input) { return input.getId().equals(bindingCtx.getBindingUri()); } });
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final SAMLBindingContext input) { if (input != null) { if (useShortName) { final BindingDescriptor descriptor = input.getBindingDescriptor(); if (descriptor != null && descriptor.getShortName() != null) { return descriptor.getShortName(); } } return input.getBindingUri(); } else { return null; } }
@Override protected Event doExecute( final @Nonnull RequestContext springRequestContext, final @Nonnull ProfileRequestContext profileRequestContext) { final MessageContext<SAMLObject> msgContext = new MessageContext<>(); try { msgContext.setMessage(buildSamlResponse(springRequestContext, profileRequestContext)); } catch (final IllegalStateException e) { return ProtocolError.IllegalState.event(this); } final SAMLBindingContext bindingContext = new SAMLBindingContext(); bindingContext.setBindingUri(SAMLConstants.SAML1_SOAP11_BINDING_URI); msgContext.addSubcontext(bindingContext); // Ensure message uses SOAP-ENV ns prefix required by old/broken CAS clients final Envelope envelope = (Envelope) XMLObjectSupport.buildXMLObject(envelopeName); envelope.setBody((Body) XMLObjectSupport.buildXMLObject(bodyName)); final SOAP11Context soapCtx = new SOAP11Context(); soapCtx.setEnvelope(envelope); msgContext.addSubcontext(soapCtx); profileRequestContext.setOutboundMessageContext(msgContext); return ActionSupport.buildProceedEvent(this); }
ctx.getSubcontext(SAMLBindingContext.class, true).setHasBindingSignature(false); SAMLBindingSupport.setRelayState(ctx, target);
/** * Determine whether the SAML binding to be used by the message context supports signatures * at the binding layer. * * <p> * The capability of the binding is determined by extracting a {@link BindingDescriptor} from a * {@link SAMLBindingContext}. * </p> * * @param messageContext current message context * @return true if the message is considered to be digitally signed, false otherwise */ public static boolean isSigningCapableBinding(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); if (bindingContext != null && bindingContext.getBindingDescriptor() != null) { return bindingContext.getBindingDescriptor().isSignatureCapable(); } else { return false; } }
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(final MessageContext<SAMLObject> messageContext) { final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI()); bindingContext.setBindingDescriptor(bindingDescriptor); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired(false); }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final ProfileRequestContext input) { final MessageContext inMsgCtx = input.getInboundMessageContext(); if (inMsgCtx == null) { log.debug("No inbound message context available"); return null; } if (!suppressForBindings.isEmpty()) { final SAMLBindingContext bindingCtx = inMsgCtx.getSubcontext(SAMLBindingContext.class); if (bindingCtx != null && bindingCtx.getBindingUri() != null && suppressForBindings.contains(bindingCtx.getBindingUri())) { log.debug("Inbound binding {} is suppressed, ignoring request ID", bindingCtx.getBindingUri()); return null; } } final SAMLMessageInfoContext infoCtx = inMsgCtx.getSubcontext(SAMLMessageInfoContext.class, true); if (infoCtx == null) { log.debug("No inbound SAMLMessageInfoContext available"); return null; } return infoCtx.getMessageId(); } }
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(MessageContext<SAMLObject> messageContext) { SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI()); bindingContext.setBindingDescriptor(bindingDescriptor); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired(false); }
@Override public CompletionStage<Void> beforeInitiatingSso(ServiceRequestContext ctx, HttpRequest req, MessageContext<AuthnRequest> message, SamlIdentityProviderConfig idpConfig) { message.getSubcontext(SAMLBindingContext.class, true) .setRelayState(req.path()); return CompletableFuture.completedFuture(null); }
if (bindingContext == null || bindingContext.getBindingUri() == null) { log.warn("Binding URI was not available, unable to lookup message encoder"); return null; log.debug("Looking up message encoder based on binding URI: {}", bindingContext.getBindingUri()); final List<BindingDescriptor> bindings = bindingMap.get(bindingContext.getBindingUri()); for (final BindingDescriptor binding : bindings) { if (binding.getEncoderBeanId() != null) { log.warn("Failed to find a message encoder based on binding URI: {}", bindingContext.getBindingUri()); return null;
final SAMLBindingContext bindingContext = arg.messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null;
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(MessageContext<SAMLObject> messageContext) { SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI()); bindingContext.setBindingDescriptor(bindingDescriptor); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired(false); }