@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { String servletPath = request.getServletPath(); if (servletPath == null || !servletPath.endsWith("SingleSignOnService") || request.getMethod().equalsIgnoreCase("GET")) { chain.doFilter(request, response); return; } SAMLMessageContext messageContext; try { messageContext = samlMessageHandler.extractSAMLMessageContext(request, response, request.getMethod().equalsIgnoreCase("POST")); } catch (Exception e) { throw new IllegalArgumentException(e); } AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage(); if (authnRequest.isForceAuthn()) { SecurityContextHolder.getContext().setAuthentication(null); } chain.doFilter(request, response); } }
public boolean isForce(IdentityProviderConfig identityProviderConfig, AuthenticationContext context) { String force = (String) getAuthenticatorConfigProperties(identityProviderConfig).get(SAML2AuthConstants .Config.Name.FORCE); boolean isForce = false; if (Boolean.parseBoolean(force)) { isForce = true; } else if (SAML2AuthConstants.Config.Value.AS_REQUEST.equals(force)) { ClientAuthenticationRequest clientAuthenticationRequest = context.getInitialAuthenticationRequest(); if (clientAuthenticationRequest instanceof SPInitRequest) { SPInitRequest samlspInitRequest = (SPInitRequest) clientAuthenticationRequest; String samlRequest = samlspInitRequest.getSAMLRequest(); String decodedReq = null; if (samlspInitRequest.isRedirect()) { decodedReq = SAML2AuthUtils.decodeForRedirect(samlRequest); } else { decodedReq = SAML2AuthUtils.decodeForPost(samlRequest); } AuthnRequest clientAuthnRequest = (AuthnRequest) SAML2AuthUtils.unmarshall(decodedReq); isForce = clientAuthnRequest.isForceAuthn(); } } return isForce; }
messageContext.addParameter(InboundConstants.ForceAuth, authnReq.isForceAuthn()); messageContext.addParameter(InboundConstants.PassiveAuth, authnReq.isPassive()); Integer index = authnReq.getAttributeConsumingServiceIndex();
validationResponse.setValid(true); validationResponse.setPassive(authnReq.isPassive()); validationResponse.setForceAuthn(authnReq.isForceAuthn()); Integer index = authnReq.getAttributeConsumingServiceIndex(); if (index !=null && !(index < 1)){ //according the spec, should be an unsigned short
saml2SSOContext.setForce(authnReq.isForceAuthn()); saml2SSOContext.setPassive(authnReq.isPassive());