@SuppressWarnings("unchecked") protected void buildResponse(Authentication authentication, SAMLMessageContext context, IdpWebSSOProfileOptions options) throws MetadataProviderException, SecurityException, MarshallingException, SignatureException, SAMLException { IDPSSODescriptor idpDescriptor = (IDPSSODescriptor) context.getLocalEntityRoleMetadata(); SPSSODescriptor spDescriptor = (SPSSODescriptor) context.getPeerEntityRoleMetadata(); AuthnRequest authnRequest = (AuthnRequest) context.getInboundSAMLMessage(); AssertionConsumerService assertionConsumerService = getAssertionConsumerService(options, idpDescriptor, spDescriptor); context.setPeerEntityEndpoint(assertionConsumerService); Assertion assertion = buildAssertion(authentication, authnRequest, options, context.getPeerEntityId(), context.getLocalEntityId()); if (options.isAssertionsSigned() || spDescriptor.getWantAssertionsSigned()) { signAssertion(assertion, context.getLocalSigningCredential()); } Response samlResponse = createResponse(context, assertionConsumerService, assertion, authnRequest); context.setOutboundMessage(samlResponse); context.setOutboundSAMLMessage(samlResponse); }
private void setDoSignAssertions (SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){ samlssoServiceProviderDO.setDoSignAssertions(spssoDescriptor.getWantAssertionsSigned()); } private void setDoValidateSignatureInRequests(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){
private void setDoSignAssertions(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO) { samlssoServiceProviderDO.setDoSignAssertions(spssoDescriptor.getWantAssertionsSigned()); }
/** * Verifies signature of the assertion. In case signature is not present and SP required signatures in metadata * the exception is thrown. * @param signature signature to verify * @param context context * @throws SAMLException signature missing although required * @throws org.opensaml.xml.security.SecurityException signature can't be validated * @throws ValidationException signature is malformed */ protected void verifyAssertionSignature(Signature signature, BasicSAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException { SPSSODescriptor roleMetadata = (SPSSODescriptor) context.getLocalEntityRoleMetadata(); boolean wantSigned = roleMetadata.getWantAssertionsSigned(); if (signature != null && wantSigned) { verifySignature(signature, context.getPeerEntityMetadata().getEntityID()); } else if (wantSigned) { System.out.println("Assertion must be signed, but is not"); throw new SAMLException("SAML Assertion is invalid"); } }
/** * Verifies signature of the assertion. In case signature is not present and SP required signatures in metadata * the exception is thrown. * * @param signature signature to verify * @param context context * @throws SAMLException signature missing although required * @throws org.opensaml.xml.security.SecurityException * signature can't be validated * @throws ValidationException signature is malformed */ protected void verifyAssertionSignature(Signature signature, SAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException { SPSSODescriptor roleMetadata = (SPSSODescriptor) context.getLocalEntityRoleMetadata(); boolean wantSigned = roleMetadata.getWantAssertionsSigned(); if (signature != null) { verifySignature(signature, context.getPeerEntityMetadata().getEntityID(), context.getLocalTrustEngine()); } else if (wantSigned) { if (!context.isInboundSAMLMessageAuthenticated()) { throw new SAMLException("Metadata includes wantAssertionSigned, but neither Response nor included Assertion is signed"); } } }