public String getAssertionConsumerURL(String sp) throws MetadataProviderException { EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(sp); SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS); List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); Optional<AssertionConsumerService> defaultService = assertionConsumerServices.stream().filter(acs -> acs.isDefault()).findFirst(); if (defaultService.isPresent()) { return defaultService.get().getLocation(); } else { return assertionConsumerServices.get(0).getLocation(); } }
if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) || svc.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { acsUrl = svc.getLocation(); break;
assertionConsumerService.setIndex(1); assertionConsumerService.setIsDefault(true); assertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); assertionConsumerService.setLocation(spMetadata.getSsoUrl()); spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService); assertionConsumerService2.setIndex(2); assertionConsumerService2.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); assertionConsumerService2.setLocation(spMetadata.getSsoUrl()); spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService2);
@Override public SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign) throws SAMLException, MetadataProviderException, MessageEncodingException { Endpoint endpoint = samlContext.getPeerEntityEndpoint(); SAMLBinding binding = getBinding(endpoint); samlContext.setLocalEntityId(spConfiguration.getEntityId()); samlContext.getLocalEntityMetadata().setEntityID(spConfiguration.getEntityId()); samlContext.getPeerEntityEndpoint().setLocation(spConfiguration.getIdpSSOServiceURL()); SPSSODescriptor roleDescriptor = (SPSSODescriptor) samlContext.getLocalEntityMetadata().getRoleDescriptors().get(0); AssertionConsumerService assertionConsumerService = roleDescriptor.getAssertionConsumerServices().stream().filter(service -> service.isDefault()).findAny().orElseThrow(() -> new RuntimeException("No default ACS")); assertionConsumerService.setBinding(spConfiguration.getProtocolBinding()); assertionConsumerService.setLocation(spConfiguration.getAssertionConsumerServiceURL()); return super.sendMessage(samlContext, spConfiguration.isNeedsSigning(), binding); } }
/** * Fills the request with assertion consumer service url and protocol binding based on assertionConsumer * to be used to deliver response from the IDP. * * @param request request * @param service service to deliver response to, building is skipped when null * @throws MetadataProviderException error retrieving metadata information */ protected void buildReturnAddress(AuthnRequest request, AssertionConsumerService service) throws MetadataProviderException { if (service != null) { // AssertionConsumerServiceURL + ProtocolBinding is mutually exclusive with AssertionConsumerServiceIndex, we use the first one here if (service.getResponseLocation() != null) { request.setAssertionConsumerServiceURL(service.getResponseLocation()); } else { request.setAssertionConsumerServiceURL(service.getLocation()); } request.setProtocolBinding(getEndpointBinding(service)); } }
AssertionConsumerService assertionConsumerService = (AssertionConsumerService) context.getLocalEntityEndpoint(); if (request.getAssertionConsumerServiceIndex() != null) { if (!request.getAssertionConsumerServiceIndex().equals(assertionConsumerService.getIndex())) { log.info("Response was received at a different endpoint index than was requested"); if (requestedResponseURL != null) { String responseLocation; if (assertionConsumerService.getResponseLocation() != null) { responseLocation = assertionConsumerService.getResponseLocation(); } else { responseLocation = assertionConsumerService.getLocation();
protected org.opensaml.liberty.paos.Request getPAOSRequest(AssertionConsumerService assertionConsumer) { SAMLObjectBuilder<org.opensaml.liberty.paos.Request> paosRequestBuilder = (SAMLObjectBuilder<org.opensaml.liberty.paos.Request>) builderFactory.getBuilder(org.opensaml.liberty.paos.Request.DEFAULT_ELEMENT_NAME); org.opensaml.liberty.paos.Request paosRequest = paosRequestBuilder.buildObject(); paosRequest.setSOAP11Actor(Request.SOAP11_ACTOR_NEXT); paosRequest.setSOAP11MustUnderstand(true); paosRequest.setResponseConsumerURL(assertionConsumer.getLocation()); paosRequest.setService(SAMLConstants.SAML20ECP_NS); return paosRequest; }
/** * Determines whether given AssertionConsumerService can be used to deliver messages consumable by this profile. Bindings * POST and Artifact are supported for WebSSO. * * @param endpoint endpoint * @return true if endpoint is supported * @throws MetadataProviderException in case system can't verify whether endpoint is supported or not */ protected boolean isEndpointSupported(AssertionConsumerService endpoint) throws MetadataProviderException { return org.opensaml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI.equals(endpoint.getBinding()) | org.opensaml.common.xml.SAMLConstants.SAML2_ARTIFACT_BINDING_URI.equals(endpoint.getBinding()); }
/** * Loads the assertionConsumerIndex designated by the index. In case an index is specified the consumer * is located and returned, otherwise default consumer is used. * * @param ssoDescriptor descriptor * @param index to load, can be null * @return consumer service * @throws org.opensaml.common.SAMLRuntimeException * in case assertionConsumerService with given index isn't found */ public static AssertionConsumerService getConsumerService(SPSSODescriptor ssoDescriptor, Integer index) { if (index != null) { for (AssertionConsumerService service : ssoDescriptor.getAssertionConsumerServices()) { if (index.equals(service.getIndex())) { log.debug("Found assertionConsumerService with index {} and binding {}", index, service.getBinding()); return service; } } throw new SAMLRuntimeException("AssertionConsumerService with index " + index + " wasn't found for ServiceProvider " + ssoDescriptor.getID() + ", please check your metadata"); } log.debug("Index for AssertionConsumerService not specified, returning default"); return ssoDescriptor.getDefaultAssertionConsumerService(); }
if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) || svc.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { acsUrl = svc.getLocation(); break;
protected AssertionConsumerService getAssertionConsumerService(String entityBaseURL, String entityAlias, boolean isDefault, int index, String filterURL, String binding) { SAMLObjectBuilder<AssertionConsumerService> builder = (SAMLObjectBuilder<AssertionConsumerService>) builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME); AssertionConsumerService consumer = builder.buildObject(); consumer.setLocation(getServerURL(entityBaseURL, entityAlias, filterURL)); consumer.setBinding(binding); if (isDefault) { consumer.setIsDefault(true); } consumer.setIndex(index); return consumer; }
@Override protected boolean isEndpointSupported(AssertionConsumerService endpoint) { return SAMLConstants.SAML2_PAOS_BINDING_URI.equals(endpoint.getBinding()); }
if (options.getAssertionConsumerIndex().equals(service.getIndex())) { if (!isEndpointSupported(service)) { throw new MetadataProviderException("Endpoint designated by the value in the WebSSOProfileOptions is not supported by this profile"); } else { log.debug("Using consumer service determined by user preference with binding {}", service.getBinding()); return service; log.debug("Using default consumer service with binding {}", service.getBinding()); return service; for (AssertionConsumerService service : services) { if (isEndpointSupported(service)) { log.debug("Using first available consumer service with binding {}", service.getBinding()); return service;
@Test public void get_assertion_consumer_service_url() throws Exception { String entityID = "validEntityID"; EntityDescriptor entityDescriptor = mock(EntityDescriptor.class); when(metadataManager.getEntityDescriptor(eq(entityID))).thenReturn(entityDescriptor); SPSSODescriptor spssoDescriptor = mock(SPSSODescriptor.class); when(entityDescriptor.getSPSSODescriptor(eq(SAML20P_NS))).thenReturn(spssoDescriptor); AssertionConsumerService service = mock(AssertionConsumerService.class); when(service.getLocation()).thenReturn("service-location"); when(service.isDefault()).thenReturn(false); AssertionConsumerService defaultService = mock(AssertionConsumerService.class); when(defaultService.getLocation()).thenReturn("default-location"); when(defaultService.isDefault()).thenReturn(true); when(spssoDescriptor.getAssertionConsumerServices()).thenReturn(Arrays.asList(service, defaultService)); String url = controller.getAssertionConsumerURL(entityID); assertEquals("default-location", url); when(defaultService.isDefault()).thenReturn(false); url = controller.getAssertionConsumerURL(entityID); assertEquals("service-location", url); }
SPSSODescriptor spssoDescriptor = (SPSSODescriptor) context.getLocalEntityRoleMetadata(); for (AssertionConsumerService service : spssoDescriptor.getAssertionConsumerServices()) { if (context.getInboundSAMLProtocol().equals(service.getBinding()) && service.getLocation().equals(data.getRecipient())) { confirmed = true;
@Override protected boolean isEndpointSupported(AssertionConsumerService endpoint) throws MetadataProviderException { // Only HoK endpoints are supported if (!SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI.equals(endpoint.getBinding())) { return false; } String binding = SAMLUtil.getBindingForEndpoint(endpoint); return org.opensaml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI.equals(binding) || org.opensaml.common.xml.SAMLConstants.SAML2_ARTIFACT_BINDING_URI.equals(binding); }
private void setAssertionConsumerUrl(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){ //Assertion Consumer URL //search for the url with the post binding, if there is no post binding select the default url List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); if (assertionConsumerServices!=null && assertionConsumerServices.size()>0) { List<String> acs = new ArrayList<>(); boolean foundAssertionConsumerUrl = false; for (AssertionConsumerService assertionConsumerService : assertionConsumerServices) { acs.add(assertionConsumerService.getLocation()); if (assertionConsumerService.isDefault()) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerService.getLocation());//changed samlssoServiceProviderDO.setAssertionConsumerUrl(assertionConsumerService.getLocation());//changed foundAssertionConsumerUrl = true; } } samlssoServiceProviderDO.setAssertionConsumerUrls(acs); //select atleast one if (!foundAssertionConsumerUrl) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerServices.get(0).getLocation()); } } } private void setIssuer(EntityDescriptor entityDescriptor , SAMLSSOServiceProviderDO samlssoServiceProviderDO){
if (SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI.equals(consumerService.getBinding())) { if (webSSOprofileHoK == null) { log.warn("WebSSO HoK profile was specified to be used, but profile is not configured in the EntryPoint, HoK will be skipped");
private void setAssertionConsumerUrl(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO) throws InvalidMetadataException { //Assertion Consumer URL //search for the url with the post binding, if there is no post binding select the default url List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); if (assertionConsumerServices != null && assertionConsumerServices.size() > 0) { List<String> acs = new ArrayList<>(); boolean foundAssertionConsumerUrl = false; for (AssertionConsumerService assertionConsumerService : assertionConsumerServices) { acs.add(assertionConsumerService.getLocation()); if (assertionConsumerService.isDefault()) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerService.getLocation());//changed samlssoServiceProviderDO.setAssertionConsumerUrl(assertionConsumerService.getLocation());//changed foundAssertionConsumerUrl = true; } } samlssoServiceProviderDO.setAssertionConsumerUrls(acs); //select atleast one if (!foundAssertionConsumerUrl) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerServices.get(0).getLocation()); } } else { throw new InvalidMetadataException("Invalid metadata content, no Assertion Consumer URL found"); } }