public String getAssertionConsumerURL(String sp) throws MetadataProviderException { EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(sp); SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS); List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); Optional<AssertionConsumerService> defaultService = assertionConsumerServices.stream().filter(acs -> acs.isDefault()).findFirst(); if (defaultService.isPresent()) { return defaultService.get().getLocation(); } else { return assertionConsumerServices.get(0).getLocation(); } }
@Override protected SPSSODescriptor buildSPSSODescriptor(String entityBaseURL, String entityAlias, boolean requestSigned, boolean wantAssertionSigned, Collection<String> includedNameID) { SPSSODescriptor result = super.buildSPSSODescriptor(entityBaseURL, entityAlias, requestSigned, wantAssertionSigned, includedNameID); //metadata should not contain inactive keys KeyManager samlSPKeyManager = IdentityZoneHolder.getSamlSPKeyManager(); if (samlSPKeyManager != null && samlSPKeyManager.getAvailableCredentials()!=null) { Set<String> allKeyAliases = new HashSet(samlSPKeyManager.getAvailableCredentials()); String activeKeyAlias = samlSPKeyManager.getDefaultCredentialName(); allKeyAliases.remove(activeKeyAlias); for (String keyAlias : allKeyAliases) { result.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, getServerKeyInfo(keyAlias))); } }//add inactive keys as signing verification keys int index = result.getAssertionConsumerServices().size(); result.getAssertionConsumerServices() .add( getAssertionConsumerService( getEntityBaseURL(), getEntityAlias(), false, index, "/oauth/token", "urn:oasis:names:tc:SAML:2.0:bindings:URI" )); return result; }
@Test public void get_assertion_consumer_service_url() throws Exception { String entityID = "validEntityID"; EntityDescriptor entityDescriptor = mock(EntityDescriptor.class); when(metadataManager.getEntityDescriptor(eq(entityID))).thenReturn(entityDescriptor); SPSSODescriptor spssoDescriptor = mock(SPSSODescriptor.class); when(entityDescriptor.getSPSSODescriptor(eq(SAML20P_NS))).thenReturn(spssoDescriptor); AssertionConsumerService service = mock(AssertionConsumerService.class); when(service.getLocation()).thenReturn("service-location"); when(service.isDefault()).thenReturn(false); AssertionConsumerService defaultService = mock(AssertionConsumerService.class); when(defaultService.getLocation()).thenReturn("default-location"); when(defaultService.isDefault()).thenReturn(true); when(spssoDescriptor.getAssertionConsumerServices()).thenReturn(Arrays.asList(service, defaultService)); String url = controller.getAssertionConsumerURL(entityID); assertEquals("default-location", url); when(defaultService.isDefault()).thenReturn(false); url = controller.getAssertionConsumerURL(entityID); assertEquals("service-location", url); }
assertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); assertionConsumerService.setLocation(spMetadata.getSsoUrl()); spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService); assertionConsumerService2.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); assertionConsumerService2.setLocation(spMetadata.getSsoUrl()); spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService2);
/** * Checks that at least one Assertion Consumer Service is present. * * @param spssoDescriptor descriptor to validate * * @throws ValidationException thrown if there is no AssertionConsumerServer within the descriptor */ protected void validateAssertionConsumerServices(SPSSODescriptor spssoDescriptor) throws ValidationException { if (spssoDescriptor.getAssertionConsumerServices() == null || spssoDescriptor.getAssertionConsumerServices().size() < 1) { throw new ValidationException("Must have one or more AssertionConsumerService."); } } }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { SPSSODescriptor descriptor = (SPSSODescriptor) parentSAMLObject; if (childSAMLObject instanceof AssertionConsumerService) { descriptor.getAssertionConsumerServices().add((AssertionConsumerService) childSAMLObject); } else if (childSAMLObject instanceof AttributeConsumingService) { descriptor.getAttributeConsumingServices().add((AttributeConsumingService) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
/** * Loads the assertionConsumerIndex designated by the index. In case an index is specified the consumer * is located and returned, otherwise default consumer is used. * * @param ssoDescriptor descriptor * @param index to load, can be null * @return consumer service * @throws org.opensaml.common.SAMLRuntimeException * in case assertionConsumerService with given index isn't found */ public static AssertionConsumerService getConsumerService(SPSSODescriptor ssoDescriptor, Integer index) { if (index != null) { for (AssertionConsumerService service : ssoDescriptor.getAssertionConsumerServices()) { if (index.equals(service.getIndex())) { log.debug("Found assertionConsumerService with index {} and binding {}", index, service.getBinding()); return service; } } throw new SAMLRuntimeException("AssertionConsumerService with index " + index + " wasn't found for ServiceProvider " + ssoDescriptor.getID() + ", please check your metadata"); } log.debug("Index for AssertionConsumerService not specified, returning default"); return ssoDescriptor.getDefaultAssertionConsumerService(); }
private void setAssertionConsumerUrl(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){ //Assertion Consumer URL //search for the url with the post binding, if there is no post binding select the default url List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); if (assertionConsumerServices!=null && assertionConsumerServices.size()>0) { List<String> acs = new ArrayList<>(); boolean foundAssertionConsumerUrl = false; for (AssertionConsumerService assertionConsumerService : assertionConsumerServices) { acs.add(assertionConsumerService.getLocation()); if (assertionConsumerService.isDefault()) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerService.getLocation());//changed samlssoServiceProviderDO.setAssertionConsumerUrl(assertionConsumerService.getLocation());//changed foundAssertionConsumerUrl = true; } } samlssoServiceProviderDO.setAssertionConsumerUrls(acs); //select atleast one if (!foundAssertionConsumerUrl) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerServices.get(0).getLocation()); } } } private void setIssuer(EntityDescriptor entityDescriptor , SAMLSSOServiceProviderDO samlssoServiceProviderDO){
private void setAssertionConsumerUrl(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO) throws InvalidMetadataException { //Assertion Consumer URL //search for the url with the post binding, if there is no post binding select the default url List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); if (assertionConsumerServices != null && assertionConsumerServices.size() > 0) { List<String> acs = new ArrayList<>(); boolean foundAssertionConsumerUrl = false; for (AssertionConsumerService assertionConsumerService : assertionConsumerServices) { acs.add(assertionConsumerService.getLocation()); if (assertionConsumerService.isDefault()) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerService.getLocation());//changed samlssoServiceProviderDO.setAssertionConsumerUrl(assertionConsumerService.getLocation());//changed foundAssertionConsumerUrl = true; } } samlssoServiceProviderDO.setAssertionConsumerUrls(acs); //select atleast one if (!foundAssertionConsumerUrl) { samlssoServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerServices.get(0).getLocation()); } } else { throw new InvalidMetadataException("Invalid metadata content, no Assertion Consumer URL found"); } }
@Override public SAMLMessageContext sendMessage(SAMLMessageContext samlContext, boolean sign) throws SAMLException, MetadataProviderException, MessageEncodingException { Endpoint endpoint = samlContext.getPeerEntityEndpoint(); SAMLBinding binding = getBinding(endpoint); samlContext.setLocalEntityId(spConfiguration.getEntityId()); samlContext.getLocalEntityMetadata().setEntityID(spConfiguration.getEntityId()); samlContext.getPeerEntityEndpoint().setLocation(spConfiguration.getIdpSSOServiceURL()); SPSSODescriptor roleDescriptor = (SPSSODescriptor) samlContext.getLocalEntityMetadata().getRoleDescriptors().get(0); AssertionConsumerService assertionConsumerService = roleDescriptor.getAssertionConsumerServices().stream().filter(service -> service.isDefault()).findAny().orElseThrow(() -> new RuntimeException("No default ACS")); assertionConsumerService.setBinding(spConfiguration.getProtocolBinding()); assertionConsumerService.setLocation(spConfiguration.getAssertionConsumerServiceURL()); return super.sendMessage(samlContext, spConfiguration.isNeedsSigning(), binding); } }
spDescriptor.getAssertionConsumerServices().add(getAssertionConsumerService(entityBaseURL, entityAlias, assertionConsumerIndex == index, index++, getSAMLWebSSOProcessingFilterPath(), SAMLConstants.SAML2_ARTIFACT_BINDING_URI)); spDescriptor.getAssertionConsumerServices().add(getAssertionConsumerService(entityBaseURL, entityAlias, assertionConsumerIndex == index, index++, getSAMLWebSSOProcessingFilterPath(), SAMLConstants.SAML2_POST_BINDING_URI)); spDescriptor.getAssertionConsumerServices().add(getAssertionConsumerService(entityBaseURL, entityAlias, assertionConsumerIndex == index, index++, getSAMLWebSSOProcessingFilterPath(), SAMLConstants.SAML2_PAOS_BINDING_URI)); spDescriptor.getAssertionConsumerServices().add(getHoKAssertionConsumerService(entityBaseURL, entityAlias, assertionConsumerIndex == index, index++, getSAMLWebSSOHoKProcessingFilterPath(), SAMLConstants.SAML2_ARTIFACT_BINDING_URI)); spDescriptor.getAssertionConsumerServices().add(getHoKAssertionConsumerService(entityBaseURL, entityAlias, assertionConsumerIndex == index, index++, getSAMLWebSSOHoKProcessingFilterPath(), SAMLConstants.SAML2_POST_BINDING_URI));
} else { SPSSODescriptor spssoDescriptor = (SPSSODescriptor) context.getLocalEntityRoleMetadata(); for (AssertionConsumerService service : spssoDescriptor.getAssertionConsumerServices()) { if (context.getInboundSAMLProtocol().equals(service.getBinding()) && service.getLocation().equals(data.getRecipient())) { confirmed = true;
for (AssertionConsumerService svc : spDesc.getAssertionConsumerServices()) { if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) || svc.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
List<AssertionConsumerService> services = spDescriptor.getAssertionConsumerServices();
for (AssertionConsumerService svc: spDesc.getAssertionConsumerServices()) { if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) || svc.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {