/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage); Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue()); samlMsgCtx.setInboundMessage(response); samlMsgCtx.setInboundSAMLMessage(response); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
@Override protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException { InTransport inTransport = messageContext.getInboundMessageTransport(); if (inTransport instanceof LocationAwareInTransport) { return ((LocationAwareInTransport)inTransport).getLocalAddress(); } else { return super.getActualReceiverEndpointURI(messageContext); } }
/** * Process the incoming artifacts by decoding the artifacts, dereferencing them from the artifact source and * storing the resulting response (with assertions) in the message context. * * @param samlMsgCtx current message context * * @throws MessageDecodingException thrown if there is a problem decoding or dereferencing the artifacts */ protected void processArtifacts(SAMLMessageContext samlMsgCtx) throws MessageDecodingException { HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); List<String> encodedArtifacts = inTransport.getParameterValues("SAMLart"); if (encodedArtifacts == null || encodedArtifacts.size() == 0) { log.error("URL SAMLart parameter was missing or did not contain a value."); throw new MessageDecodingException("URL SAMLart parameter was missing or did not contain a value."); } // TODO decode artifact(s); resolve issuer resolution endpoint; dereference using // Request/AssertionArtifact(s) over synchronous backchannel binding; // store response as the inbound SAML message. }
/** * Extract the transport endpoint at which this message was received. * * <p>This default implementation assumes an underlying message context {@link InTransport} type * of {@link HttpServletRequestAdapter} and returns the string representation of the underlying * request URL as constructed via {@link HttpServletRequest#getRequestURL()}.</p> * * <p>Subclasses should override if binding-specific behavior or support for other transport * typs is required. In this case, see also {@link #compareEndpointURIs(String, String)}.</p> * * * @param messageContext current message context * @return string representing the transport endpoint URI at which the current message was received * @throws MessageDecodingException thrown if the endpoint can not be extracted from the message * context and converted to a string representation */ protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException { InTransport inTransport = messageContext.getInboundMessageTransport(); if (! (inTransport instanceof HttpServletRequestAdapter)) { log.error("Message context InTransport instance was an unsupported type: {}", inTransport.getClass().getName()); throw new MessageDecodingException("Message context InTransport instance was an unsupported type"); } HttpServletRequest httpRequest = ((HttpServletRequestAdapter)inTransport).getWrappedRequest(); StringBuffer urlBuilder = httpRequest.getRequestURL(); return urlBuilder.toString(); }
/** {@inheritDoc} */ protected boolean isMessageSigned(SAMLMessageContext messageContext) { HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); return (!DatatypeHelper.isEmpty(sigParam)) || super.isMessageSigned(messageContext); }
/** {@inheritDoc} */ protected boolean isMessageSigned(SAMLMessageContext messageContext) { HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); return (!DatatypeHelper.isEmpty(sigParam)) || super.isMessageSigned(messageContext); }
/** * Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and * storing the resulting protocol message in the message context. * * @param samlMsgCtx current message context * * @throws MessageDecodingException thrown if there is a problem decoding or dereferencing the artifact */ protected void processArtifact(SAMLMessageContext samlMsgCtx) throws MessageDecodingException { HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String encodedArtifact = DatatypeHelper.safeTrimOrNullString(inTransport.getParameterValue("SAMLart")); if (encodedArtifact == null) { log.error("URL SAMLart parameter was missing or did not contain a value."); throw new MessageDecodingException("URL TARGET parameter was missing or did not contain a value."); } // TODO decode artifact; resolve issuer resolution endpoint; dereference using ArtifactResolve // over synchronous backchannel binding; store resultant protocol message as the inbound SAML message. } }
/** * Decodes the TARGET parameter and adds it to the message context. * * @param samlMsgCtx current message context * * @throws MessageDecodingException thrown if there is a problem decoding the TARGET parameter. */ protected void decodeTarget(SAMLMessageContext samlMsgCtx) throws MessageDecodingException { HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String target = DatatypeHelper.safeTrim(inTransport.getParameterValue("TARGET")); if (target == null) { log.error("URL TARGET parameter was missing or did not contain a value."); throw new MessageDecodingException("URL TARGET parameter was missing or did not contain a value."); } samlMsgCtx.setRelayState(target); }
HTTPInTransport inTransport = (HTTPInTransport) context.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); boolean bSignatureParam = !DatatypeHelper.isEmpty(sigParam);
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String relayState = DatatypeHelper.safeTrim(inTransport.getParameterValue("RelayState")); samlMsgCtx.setRelayState(relayState); processArtifact(samlMsgCtx); populateMessageContext(samlMsgCtx); }
/** * Determine whether the inbound message is signed. * * @param messageContext the message context being evaluated * @return true if the inbound message is signed, otherwise false */ protected boolean isMessageSigned(SAMLMessageContext messageContext) { // TODO this really should be determined by the decoders and supplied to the rule // in some fashion, to handle binding-specific signature mechanisms. See JIRA issue JOWS-4. // // For now evaluate here inline for XML Signature and HTTP-Redirect and HTTP-Post-SimpleSign. SAMLObject samlMessage = messageContext.getInboundSAMLMessage(); if (samlMessage instanceof SignableSAMLObject) { SignableSAMLObject signableMessage = (SignableSAMLObject) samlMessage; if (signableMessage.isSigned()) { return true; } } // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings. HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); return !DatatypeHelper.isEmpty(sigParam); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); SAMLObject inboundMessage = (SAMLObject) unmarshallMessage(base64DecodedMessage); samlMsgCtx.setInboundMessage(inboundMessage); samlMsgCtx.setInboundSAMLMessage(inboundMessage); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method");
HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method");
HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method");
HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState);