public void refreshKeyLocatorConfiguration() { this.signatureValidationKeyLocator.clear(); // When key is set, use that (and only that), otherwise configure dynamic key locator if (! this.signatureValidationKeys.isEmpty()) { this.signatureValidationKeyLocator.add(new HardcodedKeyLocator(this.signatureValidationKeys)); } else if (this.singleSignOnService != null) { String samlDescriptorUrl = singleSignOnService.getRequestBindingUrl() + "/descriptor"; HttpClient httpClient = getClient(); SamlDescriptorPublicKeyLocator samlDescriptorPublicKeyLocator = new SamlDescriptorPublicKeyLocator( samlDescriptorUrl, this.minTimeBetweenDescriptorRequests, DEFAULT_CACHE_TTL, httpClient); this.signatureValidationKeyLocator.add(samlDescriptorPublicKeyLocator); } }
public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment deployment) { String issuerURL = deployment.getEntityID(); String nameIDPolicyFormat = deployment.getNameIDPolicyFormat(); if (nameIDPolicyFormat == null) { nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get(); } SingleSignOnService sso = deployment.getIDP().getSingleSignOnService(); SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder() .destination(sso.getRequestBindingUrl()) .issuer(issuerURL) .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive()) .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat)); if (sso.getResponseBinding() != null) { String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get(); if (sso.getResponseBinding() == SamlDeployment.Binding.POST) { protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get(); } authnRequestBuilder.protocolBinding(protocolBinding); } if (sso.getAssertionConsumerServiceUrl() != null) { authnRequestBuilder.assertionConsumerUrl(sso.getAssertionConsumerServiceUrl()); } return authnRequestBuilder; }
private void createEcpRequestHeader(SOAPEnvelope envelope) throws SOAPException { SOAPHeader headers = envelope.getHeader(); SOAPHeaderElement ecpRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PROFILE_ECP)); ecpRequestHeader.setMustUnderstand(true); ecpRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next"); ecpRequestHeader.addAttribute(envelope.createName("ProviderName"), deployment.getEntityID()); ecpRequestHeader.addAttribute(envelope.createName("IsPassive"), "0"); ecpRequestHeader.addChildElement(envelope.createQName("Issuer", "saml")).setValue(deployment.getEntityID()); ecpRequestHeader.addChildElement(envelope.createQName("IDPList", "samlp")) .addChildElement(envelope.createQName("IDPEntry", "samlp")) .addAttribute(envelope.createName("ProviderID"), deployment.getIDP().getEntityID()) .addAttribute(envelope.createName("Name"), deployment.getIDP().getEntityID()) .addAttribute(envelope.createName("Loc"), deployment.getIDP().getSingleSignOnService().getRequestBindingUrl()); }
@Override protected void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException { if (isAutodetectedBearerOnly(httpFacade.getRequest())) { httpFacade.getResponse().setStatus(401); httpFacade.getResponse().end(); } else { Document document = authnRequestBuilder.toDocument(); SamlDeployment.Binding samlBinding = deployment.getIDP().getSingleSignOnService().getRequestBinding(); SamlUtil.sendSaml(true, httpFacade, deployment.getIDP().getSingleSignOnService().getRequestBindingUrl(), binding, document, samlBinding); } } };