@Override public CompletionStage<Void> beforeInitiatingSso(ServiceRequestContext ctx, HttpRequest req, MessageContext<AuthnRequest> message, SamlIdentityProviderConfig idpConfig) { final String requestedPath = req.path(); if (requestedPath.length() <= 80) { // Relay the requested path by default. final SAMLBindingContext sub = message.getSubcontext(SAMLBindingContext.class, true); assert sub != null : "SAMLBindingContext"; sub.setRelayState(requestedPath); } return CompletableFuture.completedFuture(null); }
@Override public CompletionStage<Void> beforeInitiatingSso(ServiceRequestContext ctx, HttpRequest req, MessageContext<AuthnRequest> message, SamlIdentityProviderConfig idpConfig) { message.getSubcontext(SAMLBindingContext.class, true) .setRelayState(req.path()); return CompletableFuture.completedFuture(null); }
final SAMLBindingContext context = messageContext.getSubcontext(SAMLBindingContext.class, true); assert context != null; context.setRelayState(relayState);
@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
/** * Converts an {@link AggregatedHttpMessage} which is received from the remote entity to * a {@link SAMLObject}. */ static <T extends SAMLObject> MessageContext<T> toSamlObject(AggregatedHttpMessage msg, String name) { final SamlParameters parameters = new SamlParameters(msg); final byte[] decoded; try { decoded = Base64.getMimeDecoder().decode(parameters.getFirstValue(name)); } catch (IllegalArgumentException e) { throw new SamlException("failed to decode a base64 string of the parameter: " + name, e); } @SuppressWarnings("unchecked") final T message = (T) deserialize(decoded); final MessageContext<T> messageContext = new MessageContext<>(); messageContext.setMessage(message); final String relayState = parameters.getFirstValueOrNull(RELAY_STATE); if (relayState != null) { final SAMLBindingContext context = messageContext.getSubcontext(SAMLBindingContext.class, true); assert context != null; context.setRelayState(relayState); } return messageContext; }
}).thenApply(arg -> { final SAMLBindingContext bindingContext = arg.messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null;
/** {@inheritDoc} */ @Override protected void doInvoke(MessageContext messageContext) throws MessageHandlerException { messageContext.getSubcontext(SAMLProtocolContext.class, true).setProtocol(samlProtocol); messageContext.getSubcontext(entityContextClass, true).setRole(peerRole); }
/** * Get the SAML artifact type from the message context. * * @param messageContext the message context * * @return the artifact type */ @Nullable private byte[] getSAMLArtifactType(@Nonnull final MessageContext<SAMLObject> messageContext) { return messageContext.getSubcontext(SAMLArtifactContext.class, true).getArtifactType(); }
/** {@inheritDoc} */ @Override @Nullable public Boolean apply(@Nullable final MessageContext input) { if (input != null) { final AbstractAuthenticatableSAMLEntityContext entityCtx = input.getSubcontext(entityContextClass); if (entityCtx != null) { return entityCtx.isAuthenticated(); } } return null; }
/** * Store the SAML artifact type in the message context. * * @param messageContext the message context * * @param artifactType the artifact type to store */ private void storeSAMLArtifactType(@Nonnull final MessageContext<SAMLObject> messageContext, @Nonnull @NotEmpty final byte[] artifactType) { messageContext.getSubcontext(SAMLArtifactContext.class, true).setArtifactType(artifactType); }
/** {@inheritDoc} */ @Override @Nullable protected TrustEngine<Signature> resolveTrustEngine(@Nonnull final MessageContext messageContext) { final SecurityParametersContext secParams = messageContext.getSubcontext(SecurityParametersContext.class); if (secParams == null || secParams.getSignatureValidationParameters() == null) { return null; } else { return secParams.getSignatureValidationParameters().getSignatureTrustEngine(); } }
/** * Store the constructed SOAP envelope in the message context for later encoding. * * @param envelope the SOAP envelope */ protected void storeSOAPEnvelope(final Envelope envelope) { getMessageContext().getSubcontext(SOAP11Context.class, true).setEnvelope(envelope); }
/** * Retrieve the previously stored SOAP envelope from the message context. * * @return the previously stored SOAP envelope */ protected Envelope getSOAPEnvelope() { return getMessageContext().getSubcontext(SOAP11Context.class, true).getEnvelope(); }
/** {@inheritDoc} */ @Override protected XMLObject getMessageToLog() { return getMessageContext().getSubcontext(SOAP11Context.class, true).getEnvelope(); }
/** * Retrieve the previously stored SOAP envelope from the message context. * * @return the previously stored SOAP envelope */ protected Envelope getSOAPEnvelope() { return getMessageContext().getSubcontext(SOAP11Context.class, true).getEnvelope(); }
/** {@inheritDoc} */ @Override protected XMLObject getMessageToLog() { return getMessageContext().getSubcontext(SOAP11Context.class, true).getEnvelope(); }
/** {@inheritDoc} */ protected void doInvoke(MessageContext messageContext) throws MessageHandlerException { Envelope env = (Envelope) messageContext.getSubcontext(SOAP11Context.class).getEnvelope(); List<XMLObject> bodyChildren = env.getBody().getUnknownXMLObjects(); if (bodyChildren == null || bodyChildren.isEmpty()) { throw new MessageHandlerException("SOAP Envelope Body contained no children"); } else if (bodyChildren.size() > 1) { log.warn("SOAP Envelope Body contained more than one child. Returning the first as the message"); } messageContext.setMessage(env.getBody().getUnknownXMLObjects().get(0)); }
/** {@inheritDoc} */ protected void doInvoke(final MessageContext messageContext) throws MessageHandlerException { final Sender header = getSender(messageContext); final String headerValue = header != null ? StringSupport.trimOrNull(header.getProviderID()) : null; log.debug("Extracted inbound Liberty ID-WSF Sender providerId value: {}", headerValue); if (header != null && headerValue != null) { messageContext.getSubcontext(SAMLPresenterEntityContext.class, true).setEntityId(headerValue); SOAPMessagingSupport.registerUnderstoodHeader(messageContext, header); } }
/** {@inheritDoc} */ protected void doInvoke(MessageContext messageContext) throws MessageHandlerException { MessageID header = getMessageID(messageContext); String headerValue = header != null ? StringSupport.trimOrNull(header.getValue()) : null; log.debug("Extracted inbound WS-Addressing MessageID value: {}", headerValue); if (header != null && headerValue != null) { messageContext.getSubcontext(WSAddressingContext.class, true).setMessageIDURI(headerValue); SOAPMessagingSupport.registerUnderstoodHeader(messageContext, header); } }
/** * Populate the context which carries information specific to this binding. * * @param messageContext the current message context */ protected void populateBindingContext(MessageContext<SAMLObject> messageContext) { SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); bindingContext.setBindingUri(getBindingURI()); bindingContext.setBindingDescriptor(bindingDescriptor); bindingContext.setHasBindingSignature(false); bindingContext.setIntendedDestinationEndpointURIRequired(SAMLBindingSupport.isMessageSigned(messageContext)); }