@Test public void bindingOrderSSOList() { IdentityZoneHolder.set(otherZone); IDPSSODescriptor idpSSODescriptor = generator.buildIDPSSODescriptor( generator.getEntityBaseURL(), generator.getEntityAlias(), false, Arrays.asList("email") ); assertEquals(SAML2_POST_BINDING_URI, idpSSODescriptor.getSingleSignOnServices().get(0).getBinding());; assertEquals(SAML2_REDIRECT_BINDING_URI, idpSSODescriptor.getSingleSignOnServices().get(1).getBinding());; }
@Test public void artifactBindingNotInSSOList() throws Exception { IdentityZoneHolder.set(otherZone); IDPSSODescriptor idpSSODescriptor = generator.buildIDPSSODescriptor( generator.getEntityBaseURL(), generator.getEntityAlias(), false, Arrays.asList("email") ); assertThat(idpSSODescriptor.getSingleSignOnServices(), not(hasItem(hasProperty("binding", equalTo(SAML2_ARTIFACT_BINDING_URI))))); }
idpDescriptor.getSingleSignOnServices().add(getSingleSignOnService(entityBaseURL, entityAlias, getSAMLWebSSOProcessingFilterPath(), SAMLConstants.SAML2_POST_BINDING_URI)); idpDescriptor.getSingleSignOnServices().add(getSingleSignOnService(entityBaseURL, entityAlias, getSAMLWebSSOProcessingFilterPath(), SAMLConstants.SAML2_REDIRECT_BINDING_URI));
/** * Checks that at least one SingleSignOnService is present. * * @param idpssoDescriptor * @throws ValidationException */ protected void validateSingleSignOnService(IDPSSODescriptor idpssoDescriptor) throws ValidationException { if (idpssoDescriptor.getSingleSignOnServices() == null || idpssoDescriptor.getSingleSignOnServices().size() < 1) { throw new ValidationException("Must have one or more SingleSignOnServices."); } } }
protected void validateSingleSign(IDPSSODescriptor idpssoDescriptor) throws ValidationException { if (idpssoDescriptor.getSingleSignOnServices() != null && idpssoDescriptor.getSingleSignOnServices().size() > 0) { for (int i = 0; i < idpssoDescriptor.getSingleSignOnServices().size(); i++) { if (!DatatypeHelper.isEmpty(idpssoDescriptor.getSingleSignOnServices().get(i).getResponseLocation())) { throw new ValidationException("ResponseLocation of all SingleSignOnServices must be null"); } } } }
if (idpDescriptor.getSingleSignOnServices() != null) { for (SingleSignOnService ssos : idpDescriptor.getSingleSignOnServices()) { if (ssos.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { idpMetadata.setSsoUrl(ssos.getLocation());
private static SingleSignOnService getIdpBinding( IDPSSODescriptor idpSsoDescriptor, SamlIdpBinding samlBinding) throws SamlException { return idpSsoDescriptor .getSingleSignOnServices() .stream() .filter( x -> x.getBinding() .equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-" + samlBinding.toString())) .findAny() .orElseThrow(() -> new SamlException("Cannot find HTTP-POST SSO binding in metadata")); }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { IDPSSODescriptor descriptor = (IDPSSODescriptor) parentObject; if (childObject instanceof SingleSignOnService) { descriptor.getSingleSignOnServices().add((SingleSignOnService) childObject); } else if (childObject instanceof NameIDMappingService) { descriptor.getNameIDMappingServices().add((NameIDMappingService) childObject); } else if (childObject instanceof AssertionIDRequestService) { descriptor.getAssertionIDRequestServices().add((AssertionIDRequestService) childObject); } else if (childObject instanceof AttributeProfile) { descriptor.getAttributeProfiles().add((AttributeProfile) childObject); } else if (childObject instanceof Attribute) { descriptor.getAttributes().add((Attribute) childObject); } else { super.processChildElement(parentObject, childObject); } }
public void buildSingleSignOnService(IDPSSODescriptor idpSsoDesc, FederatedAuthenticatorConfig samlFederatedAuthenticatorConfig) throws MetadataException { SingleSignOnService ssoHTTPPost = BuilderUtil .createSAMLObject(ConfigElements.FED_METADATA_NS, ConfigElements.SSOSERVICE_DESCRIPTOR, ""); ssoHTTPPost.setBinding(IDPMetadataConstant.HTTP_BINDING_POST_SAML2); ssoHTTPPost.setLocation( getFederatedAuthenticatorConfigProperty(samlFederatedAuthenticatorConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL) .getValue()); idpSsoDesc.getSingleSignOnServices().add(ssoHTTPPost); SingleSignOnService ssoHTTPRedirect = BuilderUtil .createSAMLObject(ConfigElements.FED_METADATA_NS, ConfigElements.SSOSERVICE_DESCRIPTOR, ""); ssoHTTPRedirect.setBinding(IDPMetadataConstant.HTTP_BINDING_REDIRECT_SAML2); ssoHTTPRedirect.setLocation( getFederatedAuthenticatorConfigProperty(samlFederatedAuthenticatorConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL) .getValue()); idpSsoDesc.getSingleSignOnServices().add(ssoHTTPRedirect); }
List<SingleSignOnService> services = idpssoDescriptor.getSingleSignOnServices(); for (SingleSignOnService service : services) { if (isEndpointSupported(service)) {
singleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
for (SingleSignOnService svc : idpDesc.getSingleSignOnServices()) { if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { _loginUrl = svc.getLocation();
SingleSignOnService.class, SingleSignOnService.DEFAULT_ELEMENT_NAME); idpssoDescriptor.getSingleSignOnServices().add(ssoService);
List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices(); if (CollectionUtils.isNotEmpty(singleSignOnServices)) { boolean found = false;
for (SingleSignOnService svc: idpDesc.getSingleSignOnServices()) { if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { loginUrl = svc.getLocation();