@Override protected String getPassiveIDP(HttpServletRequest request) { String paramName = request.getParameter(RETURN_ID_PARAM); //we have received the alias in our request //so we need to translate that into an entityID String idpAlias = request.getParameter(paramName==null?"idp":paramName); if ( idpAlias!=null ) { Set<String> idps = metadata.getIDPEntityNames(); for (String idp : idps) { try { ExtendedMetadata emd = metadata.getExtendedMetadata(idp); if (emd!=null && idpAlias.equals(emd.getAlias())) { return idp; } } catch (MetadataProviderException e) { String message = "Unable to read extended metadata for alias["+idpAlias+"] IDP["+idp+"]"; throw new UnableToFindSamlIDPException(message, e); } } } throw new UnableToFindSamlIDPException("Unable to locate IDP provider for alias:"+idpAlias); //return super.getPassiveIDP(request); }
protected void populatePeerContext(SAMLMessageContext samlContext) throws MetadataProviderException { String peerEntityId = samlContext.getPeerEntityId(); QName peerEntityRole = samlContext.getPeerEntityRole(); if (peerEntityId == null) { throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested"); } EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(peerEntityId); RoleDescriptor roleDescriptor = metadataManager.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadataManager.getExtendedMetadata(peerEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException( "Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found"); } samlContext.setPeerEntityMetadata(entityDescriptor); samlContext.setPeerEntityRoleMetadata(roleDescriptor); samlContext.setPeerExtendedMetadata(extendedMetadata); }
entityId = metadata.getEntityIdForAlias(localAlias); context.setLocalEntityId(metadata.getDefaultIDP()); context.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
extendedMetadata = (IdpExtendedMetadata) metadataManager.getExtendedMetadata(context.getLocalEntityId()); } catch (MetadataProviderException e) { throw new ServletException("Failed to obtain local SAML IdP extended metadata.", e);
@RequestMapping(value = "/discovery", method = RequestMethod.GET) public String idpSelection(HttpServletRequest request, Model model) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth == null) LOG.debug("Current authentication instance from security context is null"); else LOG.debug("Current authentication instance from security context: " + this.getClass().getSimpleName()); if (auth == null || (auth instanceof AnonymousAuthenticationToken)) { Set<String> idps = metadata.getIDPEntityNames(); for (String idp : idps) LOG.info("Configured Identity Provider for SSO: " + idp); model.addAttribute("idps", idps); return "pages/discovery"; } else { LOG.warn("The current user is already logged."); return "redirect:/landing"; } }
List<String> stringSet = parseProvider(provider); ExtendedMetadata extendedMetadata = getExtendedMetadata(key, provider); if (spRoleDescriptor != null && getHostedSPName() == null) { setHostedSPName(key);
if (metadataManager == null) { metadataManager = createDefaultMetadataManager(); metadataManager.setDefaultIDP(Optional.ofNullable(defaultIDP).orElseGet(managerConfig::getDefaultIdp)); metadataManager.setHostedSPName(Optional.ofNullable(hostedSPName).orElseGet(managerConfig::getHostedSpName)); metadataManager.setRefreshCheckInterval(Optional.ofNullable(refreshCheckInterval).orElseGet(managerConfig::getRefreshCheckInterval)); if(metadataManager.getProviders() == null || metadataManager.getProviders().size() == 0) { if (metadataProviders.size() == 0 && metadataProviderLocations.size() > 0) { for (String metadataLocation : metadataProviderLocations) { metadataManager.setProviders(extendedMetadataDelegates); builder.setSharedObject(MetadataManager.class, metadataManager);
/** * Tries to locate ExtendedMetadata by trying one provider after another. Only providers implementing * ExtendedMetadataProvider are considered. * <p> * In case none of the providers can supply the extended version, the default is used. * <p> * A copy of the internal representation is always returned, modifying the returned object will not be reflected * in the subsequent calls. * * @param entityID entity ID to load extended metadata for * @return extended metadata or defaults * @throws MetadataProviderException never thrown */ public ExtendedMetadata getExtendedMetadata(String entityID) throws MetadataProviderException { try { lock.readLock().lock(); for (MetadataProvider provider : getProviders()) { ExtendedMetadata extendedMetadata = getExtendedMetadata(entityID, provider); if (extendedMetadata != null) { return extendedMetadata; } } return getDefaultExtendedMetadata().clone(); } finally { lock.readLock().unlock(); } }
EntityDescriptor idpEntityDescriptor = metadata.getEntityDescriptor(decodedArtifact.getSourceID()); ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(idpEntityDescriptor.getEntityID()); IDPSSODescriptor idpssoDescriptor = SAMLUtil.getIDPSSODescriptor(idpEntityDescriptor); ArtifactResolutionService artifactResolutionService = SAMLUtil.getArtifactResolutionService(idpssoDescriptor, endpointIndex);
public String getAssertionConsumerURL(String sp) throws MetadataProviderException { EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(sp); SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS); List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); Optional<AssertionConsumerService> defaultService = assertionConsumerServices.stream().filter(acs -> acs.isDefault()).findFirst(); if (defaultService.isPresent()) { return defaultService.get().getLocation(); } else { return assertionConsumerServices.get(0).getLocation(); } }
if (manager.getHostedSPName() == null) { if (manager.getHostedSPName() == null) { MetadataProvider metadataProvider = new ExtendedMetadataDelegate(memoryProvider, extendedMetadata); manager.addMetadataProvider(metadataProvider); manager.setHostedSPName(descriptor.getEntityID()); manager.refreshMetadata();
ArtifactResolutionProfile artifactProfile = getSharedObject(ArtifactResolutionProfile.class); metadataManager.setKeyManager(keyManager); metadataManager.setTLSConfigurer(tlsProtocolConfigurer); metadataManager.setRefreshRequired(true); metadataManager.afterPropertiesSet();
/** * Method writes metadata document into given writer object. * * @param spEntityName id of entity to display metadata for * @param writer output for metadata * @throws ServletException error retrieving or writing the metadata */ protected void displayMetadata(String spEntityName, PrintWriter writer) throws ServletException { try { EntityDescriptor descriptor = manager.getEntityDescriptor(spEntityName); if (descriptor == null) { throw new ServletException("Metadata entity with ID " + manager.getHostedSPName() + " wasn't found"); } else { writer.print(getMetadataAsString(descriptor)); } } catch (MarshallingException e) { log.error("Error marshalling entity descriptor", e); throw new ServletException(e); } catch (MetadataProviderException e) { log.error("Error retrieving metadata", e); throw new ServletException("Error retrieving metadata", e); } }
@Override public void run() { try { log.trace("Executing metadata refresh task"); // Invoking getMetadata performs a refresh in case it's needed // Potentially expensive operation, but other threads can still load existing cached data for (MetadataProvider provider : getProviders()) { provider.getMetadata(); } // Refresh the metadataManager if needed if (isRefreshRequired()) { if (isRefreshNowAndClear()) { refreshMetadata(); } } } catch (Throwable e) { log.warn("Metadata refreshing has failed", e); } }
/** * Loads IDP descriptor for entity with the given entityID. Fails when it can't be found. * @param metadata metadata manager * @param idpId entity ID * @return descriptor * @throws MetadataProviderException in case descriptor can't be found */ public static IDPSSODescriptor getIDPDescriptor(MetadataManager metadata, String idpId) throws MetadataProviderException { if (!metadata.isIDPValid(idpId)) { log.debug("IDP name of the authenticated user is not valid", idpId); throw new MetadataProviderException("IDP with name " + idpId + " wasn't found in the list of configured IDPs"); } IDPSSODescriptor idpssoDescriptor = (IDPSSODescriptor) metadata.getRole(idpId, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS); if (idpssoDescriptor == null) { throw new MetadataProviderException("Given IDP " + idpId + " doesn't contain any IDPSSODescriptor element"); } return idpssoDescriptor; }
/** * Stops and removes the timer in case it was started. Cleans all metadata objects. */ public void destroy() { try { refreshLock.writeLock().lock(); lock.writeLock().lock(); for (MetadataProvider provider : getProviders()) { if (provider instanceof ExtendedMetadataDelegate) { ((ExtendedMetadataDelegate) provider).destroy(); } } super.destroy(); if (timer != null) { timer.cancel(); timer.purge(); timer = null; } // Workaround for Tomcat detection of terminated threads try { Thread.sleep(1000); } catch (InterruptedException ie) { } setRefreshRequired(false); } finally { lock.writeLock().unlock(); refreshLock.writeLock().unlock(); } }
public void setKeyManager(KeyManager keyManager) { this.keyManager = keyManager; super.setKeyManager(keyManager); }
@Override protected void displayMetadata(String spEntityName, PrintWriter writer) throws ServletException { try { EntityDescriptor descriptor = getGenerator().generateMetadata(); if (descriptor == null) { throw new ServletException("Metadata entity with ID " + manager.getHostedSPName() + " wasn't found"); } else { writer.print(getMetadataAsString(descriptor)); } } catch (MarshallingException e) { log.error("Error marshalling entity descriptor", e); throw new ServletException(e); } catch (Exception e) { log.error("Error retrieving metadata", e); throw new ServletException("Error retrieving metadata", e); } } }
/** * Returns IDP to be used in passive mode. By default the default IDP designated so in metadata is used. * * @param request IDP discovery request * @return IDP configured as default or null when no such exists */ protected String getPassiveIDP(HttpServletRequest request) { try { return metadata.getDefaultIDP(); } catch (MetadataProviderException e) { return null; } }
entityId = metadata.getEntityIdForAlias(localAlias);