/** * Determines whether given SingleSignOn service can be used together with this profile. Bindings POST, Artifact * and Redirect are supported for WebSSO. * * @param endpoint endpoint * @return true if endpoint is supported * @throws MetadataProviderException in case system can't verify whether endpoint is supported or not */ @Override protected boolean isEndpointSupported(SingleSignOnService endpoint) throws MetadataProviderException { return SAML2_POST_BINDING_URI.equals(endpoint.getBinding()) || SAML2_REDIRECT_BINDING_URI.equals(endpoint.getBinding()); }
protected SingleSignOnService getSingleSignOnService(String entityBaseURL, String entityAlias, String filterURL, String binding) { @SuppressWarnings("unchecked") SAMLObjectBuilder<SingleSignOnService> builder = (SAMLObjectBuilder<SingleSignOnService>) builderFactory .getBuilder(SingleSignOnService.DEFAULT_ELEMENT_NAME); SingleSignOnService sso = builder.buildObject(); sso.setLocation(getServerURL(entityBaseURL, entityAlias, filterURL)); sso.setBinding(binding); return sso; }
if (idpDescriptor.getSingleSignOnServices() != null) { for (SingleSignOnService ssos : idpDescriptor.getSingleSignOnServices()) { if (ssos.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { idpMetadata.setSsoUrl(ssos.getLocation());
assertionConsumerServiceUrl = idpBinding.getLocation(); String identityProviderUrl = idpBinding.getLocation(); String responseIssuer = entityDescriptor.getEntityID();
protected void validateSingleSign(IDPSSODescriptor idpssoDescriptor) throws ValidationException { if (idpssoDescriptor.getSingleSignOnServices() != null && idpssoDescriptor.getSingleSignOnServices().size() > 0) { for (int i = 0; i < idpssoDescriptor.getSingleSignOnServices().size(); i++) { if (!DatatypeHelper.isEmpty(idpssoDescriptor.getSingleSignOnServices().get(i).getResponseLocation())) { throw new ValidationException("ResponseLocation of all SingleSignOnServices must be null"); } } } }
if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { _loginUrl = svc.getLocation(); break;
/** * Builds an IdP List out of the idpEntityNames * * @param idpEntityNames The IdPs Entity IDs to include in the IdP List, no list is created when null * @param serviceURI The binding service for an IdP for a specific binding. Should be null * if there is more than one IdP in the list or if the destination IdP is not known in * advance. * @return an IdP List or null when idpEntityNames is null */ protected IDPList buildIDPList(Set<String> idpEntityNames, SingleSignOnService serviceURI) { if (idpEntityNames == null) { return null; } SAMLObjectBuilder<IDPEntry> idpEntryBuilder = (SAMLObjectBuilder<IDPEntry>) builderFactory.getBuilder(IDPEntry.DEFAULT_ELEMENT_NAME); SAMLObjectBuilder<IDPList> idpListBuilder = (SAMLObjectBuilder<IDPList>) builderFactory.getBuilder(IDPList.DEFAULT_ELEMENT_NAME); IDPList idpList = idpListBuilder.buildObject(); for (String entityID : idpEntityNames) { IDPEntry idpEntry = idpEntryBuilder.buildObject(); idpEntry.setProviderID(entityID); idpList.getIDPEntrys().add(idpEntry); // The service URI would be null if the SP does not know in advance // to which IdP the request is sent to. if (serviceURI != null) { idpEntry.setLoc(serviceURI.getLocation()); } } return idpList; }
if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { loginUrl = svc.getLocation(); break;
public void buildSingleSignOnService(IDPSSODescriptor idpSsoDesc, FederatedAuthenticatorConfig samlFederatedAuthenticatorConfig) throws MetadataException { SingleSignOnService ssoHTTPPost = BuilderUtil .createSAMLObject(ConfigElements.FED_METADATA_NS, ConfigElements.SSOSERVICE_DESCRIPTOR, ""); ssoHTTPPost.setBinding(IDPMetadataConstant.HTTP_BINDING_POST_SAML2); ssoHTTPPost.setLocation( getFederatedAuthenticatorConfigProperty(samlFederatedAuthenticatorConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL) .getValue()); idpSsoDesc.getSingleSignOnServices().add(ssoHTTPPost); SingleSignOnService ssoHTTPRedirect = BuilderUtil .createSAMLObject(ConfigElements.FED_METADATA_NS, ConfigElements.SSOSERVICE_DESCRIPTOR, ""); ssoHTTPRedirect.setBinding(IDPMetadataConstant.HTTP_BINDING_REDIRECT_SAML2); ssoHTTPRedirect.setLocation( getFederatedAuthenticatorConfigProperty(samlFederatedAuthenticatorConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL) .getValue()); idpSsoDesc.getSingleSignOnServices().add(ssoHTTPRedirect); }
@Test public void bindingOrderSSOList() { IdentityZoneHolder.set(otherZone); IDPSSODescriptor idpSSODescriptor = generator.buildIDPSSODescriptor( generator.getEntityBaseURL(), generator.getEntityAlias(), false, Arrays.asList("email") ); assertEquals(SAML2_POST_BINDING_URI, idpSSODescriptor.getSingleSignOnServices().get(0).getBinding());; assertEquals(SAML2_REDIRECT_BINDING_URI, idpSSODescriptor.getSingleSignOnServices().get(1).getBinding());; }
SingleSignOnService singleSignOnService = singleSignOnServices.get(j); if (singleSignOnService != null) { if (singleSignOnService.getLocation() != null) { property.setValue(singleSignOnService.getLocation()); found = true; break;
singleSignOnService.setLocation("http://localhost:" + localPort + "/SingleSignOnService"); singleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
/** * Determines whether given SingleSignOn service can be used together with this profile. Bindings POST, Artifact * and Redirect are supported for WebSSO. * * @param endpoint endpoint * @return true if endpoint is supported * @throws MetadataProviderException in case system can't verify whether endpoint is supported or not */ protected boolean isEndpointSupported(SingleSignOnService endpoint) throws MetadataProviderException { return org.opensaml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI.equals(endpoint.getBinding()) || org.opensaml.common.xml.SAMLConstants.SAML2_ARTIFACT_BINDING_URI.equals(endpoint.getBinding()) || org.opensaml.common.xml.SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(endpoint.getBinding()); }
idpssoDescriptor.getSingleSignOnServices().add(ssoService); ssoService.setBinding(binding); ssoService.setLocation(location);
@Override protected boolean isEndpointSupported(SingleSignOnService endpoint) throws MetadataProviderException { // Only HoK endpoints are supported if (!SAMLConstants.SAML2_HOK_WEBSSO_PROFILE_URI.equals(endpoint.getBinding())) { return false; } String binding = SAMLUtil.getBindingForEndpoint(endpoint); return org.opensaml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI.equals(binding) || org.opensaml.common.xml.SAMLConstants.SAML2_ARTIFACT_BINDING_URI.equals(binding) || org.opensaml.common.xml.SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(binding); }
private static SingleSignOnService getIdpBinding( IDPSSODescriptor idpSsoDescriptor, SamlIdpBinding samlBinding) throws SamlException { return idpSsoDescriptor .getSingleSignOnServices() .stream() .filter( x -> x.getBinding() .equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-" + samlBinding.toString())) .findAny() .orElseThrow(() -> new SamlException("Cannot find HTTP-POST SSO binding in metadata")); }