/** * Invoked when the SAML authentication process is finished and a user is authenticated. You can get * information about the authenticated user from the {@link Response}, especially his or her login name. * In this example, an email address is used as a login name. The login name is transferred to a web * browser via {@code Set-Cookie} header. */ @Override public HttpResponse loginSucceeded(ServiceRequestContext ctx, AggregatedHttpMessage req, MessageContext<Response> message, @Nullable String sessionIndex, @Nullable String relayState) { final String username = getNameId(message.getMessage(), SamlNameIdFormat.EMAIL).map(NameIDType::getValue) .orElse(null); if (username == null) { return HttpResponse.of(HttpStatus.UNAUTHORIZED, MediaType.HTML_UTF_8, "<html><body>Username is not found.</body></html>"); } logger.info("{} user '{}' has been logged in.", ctx, username); final Cookie cookie = new DefaultCookie("username", username); cookie.setHttpOnly(true); cookie.setDomain("localhost"); cookie.setMaxAge(60); cookie.setPath("/"); return HttpResponse.of( HttpHeaders.of(HttpStatus.OK) .contentType(MediaType.HTML_UTF_8) .add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.LAX.encode(cookie)), HttpData.ofUtf8("<html><body onLoad=\"window.location.href='/welcome'\"></body></html>")); }
@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
if (endpoint.bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { return responseWithLocation(toRedirectionUrl( arg.messageContext.getMessage(), endpoint.toUriString(), SAML_REQUEST, signingCredential, sp.signatureAlgorithm(), } else { final String value = toSignedBase64( arg.messageContext.getMessage(), signingCredential, sp.signatureAlgorithm());
final LogoutRequest logoutRequest = messageContext.getMessage(); final SamlIdentityProviderConfig idp = validateAndGetIdPConfig(logoutRequest, endpointUri);
/** {@inheritDoc} */ @Override public Integer apply(@Nullable final MessageContext input) { if (input != null) { final Object message = input.getMessage(); if (message != null && message instanceof AuthnRequest) { return ((AuthnRequest) message).getAttributeConsumingServiceIndex(); } } return null; }
MessageContext msgContext = _call.getMessageContext(); MimeHeaders hd = msgContext.getMessage().getMimeHeaders(); hd.addHeader("SessionID", sessionId);
/** {@inheritDoc} */ @Override protected boolean doPreInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { if (!super.doPreInvoke(messageContext) || messageContext.getMessage() == null) { return false; } else if (!SAMLBindingSupport.isMessageSigned(messageContext)) { log.debug("Message was not signed, cannot extract ChannelBindings from it"); return false; } return true; }
/** {@inheritDoc} */ @Override @Nullable protected String getMessageToLog() { return "SAML 1 IdP-initiated request was: " + getMessageContext().getMessage().toString(); }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final MessageContext inCtx = profileRequestContext.getInboundMessageContext(); if (inCtx == null || !(inCtx.getMessage() instanceof Envelope)) { log.debug("{} Inbound message context missing or doesn't contain a SOAP Envelope", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS); return false; } inboundMessage = (Envelope) inCtx.getMessage(); return super.doPreExecute(profileRequestContext, authenticationContext); }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final ProfileRequestContext input) { if (input != null && input.getInboundMessageContext() != null) { final Object request = input.getInboundMessageContext().getMessage(); if (request != null && request instanceof ResolverTestRequest) { return ((ResolverTestRequest) request).getPrincipal(); } } return null; }
@Override protected void doEncode() throws MessageEncodingException { MessageContext<SAMLObject> messageContext = getMessageContext(); SAMLObject outboundMessage = messageContext.getMessage(); if (outboundMessage == null) { throw new MessageEncodingException("No outbound SAML message contained in message context"); } String endpointURL = getEndpointURL(messageContext).toString(); postEncode(messageContext, endpointURL); }
/** {@inheritDoc} */ protected void doEncode() throws MessageEncodingException { MessageContext<SAMLObject> messageContext = getMessageContext(); SAMLObject outboundMessage = messageContext.getMessage(); if (outboundMessage == null) { throw new MessageEncodingException("No outbound SAML message contained in message context"); } String endpointURL = getEndpointURL(messageContext).toString(); postEncode(messageContext, endpointURL); }
/** {@inheritDoc} */ protected void doEncode() throws MessageEncodingException { MessageContext<SAMLObject> messageContext = getMessageContext(); SAMLObject outboundMessage = messageContext.getMessage(); if (outboundMessage == null) { throw new MessageEncodingException("No outbound SAML message contained in message context"); } String endpointURL = getEndpointURL(messageContext).toString(); postEncode(messageContext, endpointURL); }
/** {@inheritDoc} */ protected void doDecode() throws MessageDecodingException { super.doDecode(); populateBindingContext(getMessageContext()); SAMLObject samlMessage = getMessageContext().getMessage(); log.debug("Decoded SOAP messaged which included SAML message of type {}", samlMessage.getElementQName()); }
/** {@inheritDoc} */ protected void doDecode() throws MessageDecodingException { super.doDecode(); populateBindingContext(getMessageContext()); SAMLObject samlMessage = getMessageContext().getMessage(); log.debug("Decoded SOAP messaged which included SAML message of type {}", samlMessage.getElementQName()); }
/** {@inheritDoc} */ protected void doDecode() throws MessageDecodingException { super.doDecode(); populateBindingContext(getMessageContext()); SAMLObject samlMessage = getMessageContext().getMessage(); log.debug("Decoded SOAP messaged which included SAML message of type {}", samlMessage.getElementQName()); }
/** {@inheritDoc} */ protected void doDecode() throws MessageDecodingException { super.doDecode(); populateBindingContext(getMessageContext()); SAMLObject samlMessage = getMessageContext().getMessage(); log.debug("Decoded SOAP messaged which included SAML message of type {}", samlMessage.getElementQName()); }
/** {@inheritDoc} */ public void prepareContext() throws MessageEncodingException { MessageContext<MessageType> messageContext = getMessageContext(); MessageType message = messageContext.getMessage(); if (message == null) { throw new MessageEncodingException("No outbound message contained in message context"); } if (message instanceof Envelope) { storeSOAPEnvelope((Envelope) message); } else { buildAndStoreSOAPMessage(message); } }
@Override protected void doEncode() throws MessageEncodingException { final MessageContext messageContext = this.getMessageContext(); final SAMLObject outboundMessage = (SAMLObject)messageContext.getMessage(); final String endpointURL = this.getEndpointURL(messageContext).toString(); if (!this.isAuthnRequestSigned) { this.removeSignature(outboundMessage); } final String encodedMessage = this.deflateAndBase64Encode(outboundMessage); final String redirectURL = this.buildRedirectURL(messageContext, endpointURL, encodedMessage); responseAdapter.init(); responseAdapter.setRedirectUrl(redirectURL); }
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(MessageContext<SAMLObject> messageContext) { SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI()); bindingContext.setBindingDescriptor(bindingDescriptor); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired( messageContext.getMessage() instanceof ResponseAbstractType); }