@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
final SAMLBindingContext bindingContext = arg.messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null;
/** * Get the SAML protocol relay state from a message context. * * @param messageContext the message context on which to operate * @return the relay state or null */ @Nullable @NotEmpty public static String getRelayState(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); if (bindingContext == null) { return null; } else { return bindingContext.getRelayState(); } }
@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
@Override public SAML2Credentials extract(final WebContext context) { final boolean logoutEndpoint = context.getRequestParameter(SAML2ServiceProviderMetadataResolver.LOGOUT_ENDPOINT_PARAMETER) != null; final SAML2MessageContext samlContext = this.contextProvider.buildContext(context); if (logoutEndpoint) { // SAML logout request/response this.logoutProfileHandler.receive(samlContext); // return a logout response if necessary final LogoutResponse logoutResponse = this.saml2LogoutResponseBuilder.build(samlContext); this.saml2LogoutResponseMessageSender.sendMessage(samlContext, logoutResponse, samlContext.getSAMLBindingContext().getRelayState()); final Pac4jSAMLResponse adapter = samlContext.getProfileRequestContextOutboundMessageTransportResponse(); if (spLogoutResponseBindingType.equalsIgnoreCase(SAMLConstants.SAML2_POST_BINDING_URI)) { final String content = adapter.getOutgoingContent(); throw HttpAction.ok(context, content); } else { final String location = adapter.getRedirectUrl(); throw HttpAction.redirect(context, location); } } else { // SAML authn response final SAML2Credentials credentials = (SAML2Credentials) this.profileHandler.receive(samlContext); return credentials; } }
final SAMLBindingContext bindingContext = arg.messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null;
decodedCtx.getSAMLBindingContext().setIntendedDestinationEndpointURIRequired(bindingContext .isIntendedDestinationEndpointURIRequired()); final String relayState = bindingContext.getRelayState(); decodedCtx.getSAMLBindingContext().setRelayState(relayState); context.getSAMLBindingContext().setRelayState(relayState);