issuer = ((RequestAbstractType) message).getIssuer(); } else if (message instanceof StatusResponseType) { issuer = ((StatusResponseType) message).getIssuer();
/** * Resolve the SAML entity ID from a SAML 2 request. * * @param request the request * * @return the entity ID, or null if it could not be resolved */ @Nullable protected String processSaml2Request( @Nonnull final org.opensaml.saml.saml2.core.RequestAbstractType request) { if (request.getIssuer() != null) { return processSaml2Issuer(request.getIssuer()); } return null; }
/** * Gets issuer from saml request. * * @param request the request * @return the issuer from saml request */ private static String getIssuerFromSamlRequest(final RequestAbstractType request) { return request.getIssuer().getValue(); }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final ProfileRequestContext profileRequestContext) { final RequestAbstractType request = requestLookupStrategy.apply(profileRequestContext); if (request != null && request.getIssuer() != null) { final Issuer issuer = request.getIssuer(); if (issuer.getFormat() == null || NameID.ENTITY.equals(issuer.getFormat())) { return issuer.getValue(); } } return null; }
/** * This method is used to get issuer from full qualified issuer value * @param request Assertion query request * @return String issuer value */ private String getIssuer(RequestAbstractType request) { String fullQualifiedIssuer = request.getIssuer().getValue(); return MultitenantUtils.getTenantAwareUsername(fullQualifiedIssuer); }
/** * This method is used to get issuer name from full qualified issuer value * @param request Assertion request message * @return String issuer name */ protected String getIssuer(RequestAbstractType request) { String fullQualifiedIssuer = request.getIssuer().getValue(); return MultitenantUtils.getTenantAwareUsername(fullQualifiedIssuer); }
/** * This method is used to get tenant domain from full qualified issuer value * @param request Assertion request message * @return String tenant domain value */ protected String getTenantDomain(RequestAbstractType request) { String fullQualifiedIssuer = request.getIssuer().getValue(); return MultitenantUtils.getTenantDomain(fullQualifiedIssuer); }
/** * This method is used to get tenant domain from full qualified issuer * @param request Assertion query request * @return String tenant domain value */ private String getTenantDomain(RequestAbstractType request) { String fullQualifiedIssuer = request.getIssuer().getValue(); return MultitenantUtils.getTenantDomain(fullQualifiedIssuer); }
/** * Gets issuer from saml object. * * @param object the object * @return the issuer from saml object */ public static String getIssuerFromSamlObject(final SAMLObject object) { if (object instanceof RequestAbstractType) { return RequestAbstractType.class.cast(object).getIssuer().getValue(); } if (object instanceof StatusResponseType) { return StatusResponseType.class.cast(object).getIssuer().getValue(); } return null; }
final RoleDescriptorResolver roleDescriptorResolver) throws Exception { val validator = new SAMLSignatureProfileValidator(); LOGGER.debug("Validating profile signature for [{}] via [{}]...", profileRequest.getIssuer(), validator.getClass().getSimpleName()); validator.validate(signature); LOGGER.debug("Successfully validated profile signature for [{}].", profileRequest.getIssuer()); LOGGER.error("No valid credentials could be found to verify the signature for [{}]", profileRequest.getIssuer()); throw new SamlException("No valid signing credentials for validation could not be resolved");
private void validateRequest(RequestAbstractType parsedRequest) throws ProcessingException { if (parsedRequest.getIssuer() == null) { LOG.debug("No Issuer is present in the AuthnRequest/LogoutRequest"); throw new ProcessingException(TYPE.BAD_REQUEST); } String format = parsedRequest.getIssuer().getFormat(); if (format != null && !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) { LOG.debug("An invalid Format attribute was received: {}", format); throw new ProcessingException(TYPE.BAD_REQUEST); } if (parsedRequest instanceof AuthnRequest) { // No SubjectConfirmation Elements are allowed AuthnRequest authnRequest = (AuthnRequest)parsedRequest; if (authnRequest.getSubject() != null && authnRequest.getSubject().getSubjectConfirmations() != null && !authnRequest.getSubject().getSubjectConfirmations().isEmpty()) { LOG.debug("An invalid SubjectConfirmation Element was received"); throw new ProcessingException(TYPE.BAD_REQUEST); } } }
/** * This method is used to validate issuer of the request message * * @param request any type of request message * @return Boolean true, if issuer is valid * @throws IdentitySAML2QueryException If unable to collect issuer information */ protected boolean validateIssuer(RequestAbstractType request) throws IdentitySAML2QueryException { //get full quealified issuer Issuer issuer = request.getIssuer(); boolean validIssuer = false; if (issuer.getValue() == null) { throw new IdentitySAML2QueryException("Issuer value is empty. Unable to validate issuer"); } else { if (issuer.getFormat() != null && issuer.getFormat().equals(SAMLQueryRequestConstants.GenericConstants.ISSUER_FORMAT)) { ssoIdpConfig = SAMLQueryRequestUtil.getServiceProviderConfig(issuer.getValue()); if (ssoIdpConfig == null) { log.error(SAMLQueryRequestConstants.ServiceMessages.NULL_ISSUER); return validIssuer; } else { log.debug(SAMLQueryRequestConstants.ServiceMessages.SUCCESS_ISSUER + ssoIdpConfig.getIssuer()); return !validIssuer; } } else { log.error("NameID format is invalid in request ID:" + request.getID() + " and issuer: " + issuer.getValue()); return validIssuer; } } }
LOGGER.debug("Invoking [{}] to handle signature validation for [{}]", handler.getClass().getSimpleName(), peerEntityId); handler.invoke(context); LOGGER.debug("Successfully validated request signature for [{}].", profileRequest.getIssuer()); LOGGER.error("No valid credentials could be found to verify the signature for [{}]", profileRequest.getIssuer()); throw new SamlException("No valid signing credentials for validation could not be resolved");
getValidatingCertificate(idp, parsedRequest.getIssuer().getValue()); Crypto issuerCrypto = new CertificateStore(new X509Certificate[] {validatingCert}); validateRequestSignature(parsedRequest.getSignature(), issuerCrypto); samlRequest, parsedRequest.getIssuer().getValue()); } else if (requireSignature) { LOG.debug("No signature is present, therefore the request is rejected");
issuer = ((RequestAbstractType) message).getIssuer(); } else if (message instanceof StatusResponseType) { issuer = ((StatusResponseType) message).getIssuer();