@VisibleForTesting protected SAMLProcessorImpl createDefaultSamlProcessor(List<SAMLBinding> bindings) { return new SAMLProcessorImpl(bindings); }
public SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign, String bindingName) throws SAMLException, MetadataProviderException, MessageEncodingException { return sendMessage(samlContext, sign, getBinding(bindingName)); }
/** * Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it. * * @param samlContext saml context * @param binding to use for message extraction * @return SAML message context with filled information about the message * @throws org.opensaml.common.SAMLException * error retrieving the message from the request * @throws org.opensaml.saml2.metadata.provider.MetadataProviderException * error retrieving metadat * @throws org.opensaml.ws.message.decoder.MessageDecodingException * error decoding the message * @throws org.opensaml.xml.security.SecurityException * error verifying message */ public SAMLMessageContext retrieveMessage(SAMLMessageContext samlContext, String binding) throws SAMLException, MetadataProviderException, MessageDecodingException, org.opensaml.xml.security.SecurityException { return retrieveMessage(samlContext, getBinding(binding)); }
@Override public SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign) throws SAMLException, MetadataProviderException, MessageEncodingException { Endpoint endpoint = samlContext.getPeerEntityEndpoint(); SAMLBinding binding = getBinding(endpoint); samlContext.setLocalEntityId(spConfiguration.getEntityId()); samlContext.getLocalEntityMetadata().setEntityID(spConfiguration.getEntityId()); samlContext.getPeerEntityEndpoint().setLocation(spConfiguration.getIdpSSOServiceURL()); SPSSODescriptor roleDescriptor = (SPSSODescriptor) samlContext.getLocalEntityMetadata().getRoleDescriptors().get(0); AssertionConsumerService assertionConsumerService = roleDescriptor.getAssertionConsumerServices().stream().filter(service -> service.isDefault()).findAny().orElseThrow(() -> new RuntimeException("No default ACS")); assertionConsumerService.setBinding(spConfiguration.getProtocolBinding()); assertionConsumerService.setLocation(spConfiguration.getAssertionConsumerServiceURL()); return super.sendMessage(samlContext, spConfiguration.isNeedsSigning(), binding); } }
verifyContext(samlContext); populateSecurityPolicy(samlContext, binding);
/** * Determines binding to be used for the given endpoint. By default binding returned from getBinding call on the * endpoint is used. Speciall handling is used for Holder of Key WebSSO profile endpoints where real binding * is stored under hoksso:ProtocolBinding attribute. * * @param endpoint endpoint t * @return binding * @throws SAMLException in case binding can't be found * @throws MetadataProviderException in case binding of the endpoint can't be determined * @see SAMLUtil#getBindingForEndpoint(org.opensaml.saml2.metadata.Endpoint) */ protected SAMLBinding getBinding(Endpoint endpoint) throws SAMLException, MetadataProviderException { return getBinding(SAMLUtil.getBindingForEndpoint(endpoint)); }
/** * Sends SAML message using the given binding. Context is expected to contain outboundMessageTransport. In case localEntityId or localEntityRole * is set, it is used, default SP is used otherwise. * * @param samlContext context * @param sign if true sent message is signed * @param binding binding to use * @return context * @throws SAMLException in case message can't be sent * @throws MessageEncodingException in case message encoding fails * @throws MetadataProviderException in case metadata for required entities is not found */ protected SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign, SAMLBinding binding) throws SAMLException, MetadataProviderException, MessageEncodingException { verifyContext(samlContext); if (sign) { Assert.notNull(samlContext.getLocalSigningCredential(), "Cannot sign outgoing message as no signing credential is set in the context"); samlContext.setOutboundSAMLMessageSigningCredential(samlContext.getLocalSigningCredential()); } MessageEncoder encoder = binding.getMessageEncoder(); encoder.encode(samlContext); return samlContext; }
private SAMLProcessor samlProcessor() { Collection<SAMLBinding> bindings = new ArrayList<>(); bindings.add(httpRedirectDeflateBinding(parserPool)); bindings.add(httpPostBinding(parserPool)); return new SAMLProcessorImpl(bindings); }
/** * Method sends SAML message contained in the context to the specified peerEntityEnpoint. Binding is automatically * determined based on the selected endpoint. * * @param samlContext context * @param sign true when sent message should be signed * @return resulting context, might be a copy */ public SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign) throws SAMLException, MetadataProviderException, MessageEncodingException { Endpoint endpoint = samlContext.getPeerEntityEndpoint(); if (endpoint == null) { throw new SAMLException("Could not get peer entity endpoint"); } return sendMessage(samlContext, sign, getBinding(endpoint)); }
/** * Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it. * * @param samlContext saml context * @return SAML message context with filled information about the message * @throws org.opensaml.common.SAMLException * error retrieving the message from the request * @throws org.opensaml.saml2.metadata.provider.MetadataProviderException * error retrieving metadat * @throws org.opensaml.ws.message.decoder.MessageDecodingException * error decoding the message * @throws org.opensaml.xml.security.SecurityException * error verifying message */ public SAMLMessageContext retrieveMessage(SAMLMessageContext samlContext) throws SAMLException, MetadataProviderException, MessageDecodingException, org.opensaml.xml.security.SecurityException { return retrieveMessage(samlContext, getBinding(samlContext.getInboundMessageTransport())); }
@Bean public SAMLProcessorImpl processor() { Collection<SAMLBinding> bindings = new ArrayList<SAMLBinding>(); bindings.add(httpRedirectDeflateBinding()); bindings.add(httpPostBinding()); bindings.add(artifactBinding(parserPool(), velocityEngine())); bindings.add(httpSOAP11Binding()); bindings.add(httpPAOS11Binding()); return new SAMLProcessorImpl(bindings); }
@Bean public SAMLProcessorImpl processor() { Collection<SAMLBinding> bindings = new ArrayList<SAMLBinding>(); bindings.add(httpPostBinding()); bindings.add(httpRedirectDeflateBinding()); bindings.add(artifactBinding(parserPool(), velocityEngine())); bindings.add(httpSOAP11Binding()); bindings.add(httpPAOS11Binding()); return new SAMLProcessorImpl(bindings); }
private ArtifactResolutionProfile artifactResolutionProfile() { final ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient()); artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding())); return artifactResolutionProfile; }
private ArtifactResolutionProfile artifactResolutionProfile() { final ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient()); artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding())); return artifactResolutionProfile; }
private ArtifactResolutionProfile artifactResolutionProfile() { final ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient()); artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding())); return artifactResolutionProfile; }
@Bean public SAMLProcessorImpl processor() { HttpClient httpClient = new HttpClient(new MultiThreadedHttpConnectionManager()); ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient); HTTPSOAP11Binding soapBinding = new HTTPSOAP11Binding(parserPool()); artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding)); VelocityEngine velocityEngine = VelocityFactory.getEngine(); Collection<SAMLBinding> bindings = new ArrayList<>(); bindings.add(new HTTPRedirectDeflateBinding(parserPool())); bindings.add(new HTTPPostBinding(parserPool(), velocityEngine)); bindings.add(new HTTPArtifactBinding(parserPool(), velocityEngine, artifactResolutionProfile)); bindings.add(new HTTPSOAP11Binding(parserPool())); bindings.add(new HTTPPAOS11Binding(parserPool())); return new SAMLProcessorImpl(bindings); }
/** * The SAML processor that includes bindings for various communication protocols with the IDP. * * @return The saml processor * @see SAMLProcessorImpl */ @Bean public SAMLProcessorImpl processor() { final List<SAMLBinding> bindings = Lists.newArrayList( httpRedirectDeflateBinding(), httpPostBinding(), artifactBinding(parserPool(), velocityEngine()), httpSOAP11Binding(), httpPAOS11Binding() ); return new SAMLProcessorImpl(bindings); }
@VisibleForTesting protected HTTPArtifactBinding createDefaultArtifactBinding(ServiceProviderBuilder builder) { HttpClientParams params = new HttpClientParams(); params.setIntParameter(HttpConnectionParams.CONNECTION_TIMEOUT, 60000); HttpClient httpClient = new HttpClient(params, new MultiThreadedHttpConnectionManager()); ArtifactResolutionProfileImpl artifactResolutionProfile = new ArtifactResolutionProfileImpl(httpClient); builder.setSharedObject(ArtifactResolutionProfile.class, artifactResolutionProfile); HTTPSOAP11Binding soapBinding = new HTTPSOAP11Binding(parserPool); artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding)); return new HTTPArtifactBinding(parserPool, getVelocityEngine(), artifactResolutionProfile); }