public EntityDescriptor generateMetadata() { boolean wantAuthnRequestSigned = isWantAuthnRequestSigned(); Collection<String> includedNameID = getNameID(); String entityId = getEntityId(); String entityBaseURL = getEntityBaseURL(); String entityAlias = getEntityAlias(); validateRequiredAttributes(entityId, entityBaseURL); if (id == null) { // Use entityID cleaned as NCName for ID in case no value is provided id = SAMLUtil.getNCNameString(entityId); } @SuppressWarnings("unchecked") SAMLObjectBuilder<EntityDescriptor> builder = (SAMLObjectBuilder<EntityDescriptor>) builderFactory .getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME); EntityDescriptor descriptor = builder.buildObject(); if (id != null) { descriptor.setID(id); } descriptor.setEntityID(entityId); IDPSSODescriptor ssoDescriptor = buildIDPSSODescriptor(entityBaseURL, entityAlias, wantAuthnRequestSigned, includedNameID); if (ssoDescriptor != null) { descriptor.getRoleDescriptors().add(ssoDescriptor); } return descriptor; }
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
/** * Checks that an AffiliationDescriptor OR one or more RoleDescriptors are present. * * @param entityDescriptor * @throws ValidationException */ protected void validateDescriptors(EntityDescriptor entityDescriptor) throws ValidationException { if ((entityDescriptor.getRoleDescriptors() == null || entityDescriptor.getRoleDescriptors().size() < 1) && entityDescriptor.getAffiliationDescriptor() == null) { throw new ValidationException("Must have an AffiliationDescriptor or one or more RoleDescriptors."); } if (entityDescriptor.getAffiliationDescriptor() != null && entityDescriptor.getRoleDescriptors() != null && entityDescriptor.getRoleDescriptors().size() > 0) { throw new ValidationException("Cannot have an AffiliationDescriptor AND RoleDescriptors"); } } }
/** * Gets the identified roles from an EntityDescriptor. This method should not check if the provider is initialized, * if arguments are null, if the roles are valid, etc. All of this is done by the invoker of this method. * * @param entityID ID of the entity from which to retrieve the roles, never null * @param roleName name of the roles to search for, never null * * @return the modifiable list of identified roles or an empty list if no roles exists * * @throws MetadataProviderException thrown if there is a problem searching for the roles */ protected List<RoleDescriptor> doGetRole(String entityID, QName roleName) throws MetadataProviderException { EntityDescriptor entity = doGetEntityDescriptor(entityID); if (entity == null) { log.debug("Metadata document did not contain a descriptor for entity {}", entityID); return Collections.emptyList(); } List<RoleDescriptor> descriptors = entity.getRoleDescriptors(roleName); if (descriptors != null && !descriptors.isEmpty()) { return new ArrayList<RoleDescriptor>(descriptors); } return Collections.emptyList(); }
/** * Filters entity descriptor roles. * * @param descriptor entity descriptor to filter * * @throws FilterException thrown if an effective role name can not be determined */ protected void filterEntityDescriptor(EntityDescriptor descriptor) throws FilterException { List<RoleDescriptor> roles = descriptor.getRoleDescriptors(); if (roles != null && !roles.isEmpty()) { Iterator<RoleDescriptor> rolesItr = roles.iterator(); QName roleName; while (rolesItr.hasNext()) { roleName = getRoleName(rolesItr.next()); if (!roleWhiteList.contains(roleName)) { log.trace("Filtering out role {} from entity {}", roleName, descriptor.getEntityID()); rolesItr.remove(); } } } }
public void signMetadata(EntityDescriptor baseDescriptor) throws MetadataException { // Add key descriptors for each element in base descriptor. List<RoleDescriptor> roleDescriptors = baseDescriptor.getRoleDescriptors(); if (roleDescriptors.size() > 0) { for (RoleDescriptor roleDesc : roleDescriptors) { roleDesc.getKeyDescriptors().add(createKeyDescriptor()); } } if (log.isDebugEnabled()) { log.debug("Key Descriptors set for all the role descriptor types"); } // Remove namespace of Signature element try { org.apache.xml.security.utils.ElementProxy.setDefaultPrefix(ConfigElements.XMLSIGNATURE_NS, ""); } catch (XMLSecurityException e) { throw new MetadataException("Unable to set default prefix for signature element", e); } org.apache.xml.security.Init.init(); } /**
filterEntityDescriptor(entityDescriptor); if (getRemoveRolelessEntityDescriptors()) { entityRoles = entityDescriptor.getRoleDescriptors(); if (entityRoles == null || entityRoles.isEmpty()) { log.trace("Filtering out entity descriptor {} from entity group {}", entityDescriptor
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { EntityDescriptor entityDescriptor = (EntityDescriptor) parentSAMLObject; if (childSAMLObject instanceof Extensions) { entityDescriptor.setExtensions((Extensions) childSAMLObject); } else if (childSAMLObject instanceof Signature) { entityDescriptor.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof RoleDescriptor) { entityDescriptor.getRoleDescriptors().add((RoleDescriptor) childSAMLObject); } else if (childSAMLObject instanceof AffiliationDescriptor) { entityDescriptor.setAffiliationDescriptor((AffiliationDescriptor) childSAMLObject); } else if (childSAMLObject instanceof Organization) { entityDescriptor.setOrganization((Organization) childSAMLObject); } else if (childSAMLObject instanceof ContactPerson) { entityDescriptor.getContactPersons().add((ContactPerson) childSAMLObject); } else if (childSAMLObject instanceof AdditionalMetadataLocation) { entityDescriptor.getAdditionalMetadataLocations().add((AdditionalMetadataLocation) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
@Override public SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign) throws SAMLException, MetadataProviderException, MessageEncodingException { Endpoint endpoint = samlContext.getPeerEntityEndpoint(); SAMLBinding binding = getBinding(endpoint); samlContext.setLocalEntityId(spConfiguration.getEntityId()); samlContext.getLocalEntityMetadata().setEntityID(spConfiguration.getEntityId()); samlContext.getPeerEntityEndpoint().setLocation(spConfiguration.getIdpSSOServiceURL()); SPSSODescriptor roleDescriptor = (SPSSODescriptor) samlContext.getLocalEntityMetadata().getRoleDescriptors().get(0); AssertionConsumerService assertionConsumerService = roleDescriptor.getAssertionConsumerServices().stream().filter(service -> service.isDefault()).findAny().orElseThrow(() -> new RuntimeException("No default ACS")); assertionConsumerService.setBinding(spConfiguration.getProtocolBinding()); assertionConsumerService.setLocation(spConfiguration.getAssertionConsumerServiceURL()); return super.sendMessage(samlContext, spConfiguration.isNeedsSigning(), binding); } }
List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole, SAMLConstants.SAML11P_NS); if (roles != null && roles.size() > 0) {
/** * Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the * peer's role descriptor if the entity metadata was available and the role name is present in the message context. * * @param messageContext current message context * * @throws MessageDecodingException thrown if there is a problem populating the message context */ protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException { MetadataProvider metadataProvider = messageContext.getMetadataProvider(); try { if (metadataProvider != null) { EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext .getInboundMessageIssuer()); messageContext.setPeerEntityMetadata(relyingPartyMD); QName relyingPartyRole = messageContext.getPeerEntityRole(); if (relyingPartyMD != null && relyingPartyRole != null) { List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole, SAMLConstants.SAML11P_NS); if (roles != null && roles.size() > 0) { messageContext.setPeerEntityRoleMetadata(roles.get(0)); } } } } catch (MetadataProviderException e) { log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e); throw new MessageDecodingException("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e); } }
Iterator<RoleDescriptor> roleIter = entityDescriptor.getRoleDescriptors().iterator(); while (roleIter.hasNext()) { RoleDescriptor roleChild = roleIter.next();
public String build(FederatedAuthenticatorConfig samlFederatedAuthenticatorConfig) throws MetadataException { EntityDescriptor entityDescriptor = buildEntityDescriptor(samlFederatedAuthenticatorConfig); IDPSSODescriptor idpSsoDesc = buildIDPSSODescriptor(); buildValidityPeriod(idpSsoDesc); buildSupportedProtocol(idpSsoDesc); buildSingleSignOnService(idpSsoDesc, samlFederatedAuthenticatorConfig); buildNameIdFormat(idpSsoDesc); buildSingleLogOutService(idpSsoDesc, samlFederatedAuthenticatorConfig); entityDescriptor.getRoleDescriptors().add(idpSsoDesc); buildKeyDescriptor(entityDescriptor); buildExtensions(idpSsoDesc); return marshallDescriptor(entityDescriptor); }
public EntityDescriptor generateMetadata() { boolean requestSigned = isRequestSigned(); boolean assertionSigned = isWantAssertionSigned(); Collection<String> includedNameID = getNameID(); String entityId = getEntityId(); String entityBaseURL = getEntityBaseURL(); String entityAlias = getEntityAlias(); validateRequiredAttributes(entityId, entityBaseURL); if (id == null) { // Use entityID cleaned as NCName for ID in case no value is provided id = SAMLUtil.getNCNameString(entityId); } SAMLObjectBuilder<EntityDescriptor> builder = (SAMLObjectBuilder<EntityDescriptor>) builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME); EntityDescriptor descriptor = builder.buildObject(); if (id != null) { descriptor.setID(id); } descriptor.setEntityID(entityId); SPSSODescriptor ssoDescriptor = buildSPSSODescriptor(entityBaseURL, entityAlias, requestSigned, assertionSigned, includedNameID); if (ssoDescriptor != null) { descriptor.getRoleDescriptors().add(ssoDescriptor); } return descriptor; }
if (entityDescriptor != null) { this.setIssuer(entityDescriptor,samlssoServiceProviderDO); List<RoleDescriptor> roleDescriptors = entityDescriptor.getRoleDescriptors();
if (entityDescriptor != null) { this.setIssuer(entityDescriptor, samlssoServiceProviderDO); List<RoleDescriptor> roleDescriptors = entityDescriptor.getRoleDescriptors();
entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
List<RoleDescriptor> roleDescriptors = entityDescriptor.getRoleDescriptors();