private Response extractSamlResponse(HttpServletRequest request) { SAMLMessageContext messageContext; final SAMLMessageHandler samlMessageHandler = openSAMLContext.samlMessageHandler(); try { messageContext = samlMessageHandler.extractSAMLMessageContext(request); } catch (MessageDecodingException me) { throw new ServiceProviderAuthenticationException("Could not decode SAML Response", me); } catch (org.opensaml.xml.security.SecurityException se) { throw new ServiceProviderAuthenticationException("Could not decode SAML Response", se); } LOG.debug("Message received from issuer: " + messageContext.getInboundMessageIssuer()); if (!(messageContext.getInboundSAMLMessage() instanceof Response)) { throw new ServiceProviderAuthenticationException("SAML Message was not a Response."); } final Response inboundSAMLMessage = (Response) messageContext.getInboundSAMLMessage(); try { openSAMLContext.validatorSuite().validate(inboundSAMLMessage); return inboundSAMLMessage; } catch (ValidationException ve) { LOG.warn("Response Message failed Validation", ve); throw new RuntimeException("Invalid SAML Response Message", ve); } }
/** * Extract the issuer, and populate message context, as the relying party corresponding to the first * AssertionArtifact in the message. * * @param messageContext current message context * @param artifacts AssertionArtifacts in the request */ protected void extractAssertionArtifactInfo(SAMLMessageContext messageContext, List<AssertionArtifact> artifacts) { if (artifacts.size() == 0) { return; } log.debug("Attempting to extract issuer based on first AssertionArtifact in request"); AssertionArtifact artifact = artifacts.get(0); SAMLArtifactMapEntry artifactEntry = artifactMap.get(artifact.getAssertionArtifact()); messageContext.setInboundMessageIssuer(artifactEntry.getRelyingPartyId()); log.debug("Extracted issuer from SAML 1.x AssertionArtifact: {}", messageContext.getInboundMessageIssuer()); }
if (metadataProvider != null) { EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext .getInboundMessageIssuer()); messageContext.setPeerEntityMetadata(relyingPartyMD); log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e); throw new MessageDecodingException("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
/** * Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the * peer's role descriptor if the entity metadata was available and the role name is present in the message context. * * @param messageContext current message context * * @throws MessageDecodingException thrown if there is a problem populating the message context */ protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException { MetadataProvider metadataProvider = messageContext.getMetadataProvider(); try { if (metadataProvider != null) { EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext .getInboundMessageIssuer()); messageContext.setPeerEntityMetadata(relyingPartyMD); QName relyingPartyRole = messageContext.getPeerEntityRole(); if (relyingPartyMD != null && relyingPartyRole != null) { List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole, SAMLConstants.SAML11P_NS); if (roles != null && roles.size() > 0) { messageContext.setPeerEntityRoleMetadata(roles.get(0)); } } } } catch (MetadataProviderException e) { log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e); throw new MessageDecodingException("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e); } }
throws SecurityPolicyException { String contextIssuer = samlMsgCtx.getInboundMessageIssuer(); if (contextIssuer != null) { String msgType = signableObject.getElementQName().toString();
if (samlMsgCtx.getInboundMessageIssuer() == null) { log.warn("Issuer could not be extracted from SAML 2 message");
String sRequestor = context.getInboundMessageIssuer();
String messageIssuer = samlMsgCtx.getInboundMessageIssuer(); if (DatatypeHelper.isEmpty(messageIssuer)) { log.warn("Inbound message issuer was empty, unable to evaluate rule");
String messageIsuer = DatatypeHelper.safeTrimOrNullString(samlMsgCtx.getInboundMessageIssuer()); if (messageIsuer == null) { if (requiredRule) {
String contextIssuer = samlMsgCtx.getInboundMessageIssuer();
artifactMap.put(encodedArtifact, artifactContext.getInboundMessageIssuer(), artifactContext .getOutboundMessageIssuer(), artifactContext.getOutboundSAMLMessage()); } catch (MarshallingException e) {
.getInboundMessageIssuer()); outTransport.sendRedirect(urlBuilder.buildURL());