String encodedMessage = transport.getParameterValue("assertion");
@Test public void supports() throws Exception { HTTPInTransport transport = mock(HTTPInTransport.class); assertFalse(binding.supports(transport)); when(transport.getHTTPMethod()).thenReturn("POST"); assertFalse(binding.supports(transport)); when(transport.getParameterValue("assertion")).thenReturn("some assertion"); assertTrue(binding.supports(transport)); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage); Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue()); samlMsgCtx.setInboundMessage(response); samlMsgCtx.setInboundSAMLMessage(response); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
public boolean supports(InTransport transport) { if (transport instanceof HTTPInTransport) { HTTPInTransport t = (HTTPInTransport) transport; return t.getParameterValue("SAMLart") != null; } else { return false; } }
/** * True value indicates that request is a response from the discovery profile. We use the value to * prevent repeated invocation of the discovery service upon failure. * * @param context context with request and response included * @return true if this HttpRequest is a response from IDP discovery profile. */ private boolean isDiscoResponse(SAMLMessageContext context) { HTTPInTransport request = (HTTPInTransport) context.getInboundMessageTransport(); String disco = request.getParameterValue(DISCOVERY_RESPONSE_PARAMETER); return (disco != null && disco.toLowerCase().trim().equals("true")); }
String encodedMessage = transport.getParameterValue("SAMLRequest"); if (DatatypeHelper.isEmpty(encodedMessage)) { encodedMessage = transport.getParameterValue("SAMLResponse");
/** {@inheritDoc} */ protected boolean isMessageSigned(SAMLMessageContext messageContext) { HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); return (!DatatypeHelper.isEmpty(sigParam)) || super.isMessageSigned(messageContext); }
/** {@inheritDoc} */ protected boolean isMessageSigned(SAMLMessageContext messageContext) { HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); return (!DatatypeHelper.isEmpty(sigParam)) || super.isMessageSigned(messageContext); }
/** * Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and * storing the resulting protocol message in the message context. * * @param samlMsgCtx current message context * * @throws MessageDecodingException thrown if there is a problem decoding or dereferencing the artifact */ protected void processArtifact(SAMLMessageContext samlMsgCtx) throws MessageDecodingException { HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String encodedArtifact = DatatypeHelper.safeTrimOrNullString(inTransport.getParameterValue("SAMLart")); if (encodedArtifact == null) { log.error("URL SAMLart parameter was missing or did not contain a value."); throw new MessageDecodingException("URL TARGET parameter was missing or did not contain a value."); } // TODO decode artifact; resolve issuer resolution endpoint; dereference using ArtifactResolve // over synchronous backchannel binding; store resultant protocol message as the inbound SAML message. } }
/** * Decodes the TARGET parameter and adds it to the message context. * * @param samlMsgCtx current message context * * @throws MessageDecodingException thrown if there is a problem decoding the TARGET parameter. */ protected void decodeTarget(SAMLMessageContext samlMsgCtx) throws MessageDecodingException { HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String target = DatatypeHelper.safeTrim(inTransport.getParameterValue("TARGET")); if (target == null) { log.error("URL TARGET parameter was missing or did not contain a value."); throw new MessageDecodingException("URL TARGET parameter was missing or did not contain a value."); } samlMsgCtx.setRelayState(target); }
String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded RelayState: {}", relayState); if (!DatatypeHelper.isEmpty(inTransport.getParameterValue("SAMLRequest"))) { samlMessageIns = decodeMessage(inTransport.getParameterValue("SAMLRequest")); } else if (!DatatypeHelper.isEmpty(inTransport.getParameterValue("SAMLResponse"))) { samlMessageIns = decodeMessage(inTransport.getParameterValue("SAMLResponse")); } else { throw new MessageDecodingException(
String sigParam = inTransport.getParameterValue("Signature"); boolean bSignatureParam = !DatatypeHelper.isEmpty(sigParam); if(bSignatureParam || message.isSigned())
String relayState = inTransport.getParameterValue("TARGET"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state (TARGET parameter) of: {}", relayState); String base64Message = inTransport.getParameterValue("SAMLResponse"); byte[] decodedBytes = Base64.decode(base64Message); if (decodedBytes == null) {
/** * First tries to find pre-configured IDP from the request attribute. If not found * loads the IDP_PARAMETER from the request and if it is not null verifies whether IDP with this value is valid * IDP in our circle of trust. Processing fails when IDP is not valid. IDP is set as PeerEntityId in the context. * <p> * If request parameter is null the default IDP is returned. * * @param context context to populate ID for * @throws MetadataProviderException in case provided IDP value is invalid */ protected void populatePeerEntityId(SAMLMessageContext context) throws MetadataProviderException { HTTPInTransport inTransport = (HTTPInTransport) context.getInboundMessageTransport(); String entityId; entityId = (String) inTransport.getAttribute(org.springframework.security.saml.SAMLConstants.PEER_ENTITY_ID); if (entityId != null) { // Pre-configured entity Id log.debug("Using protocol specified IDP {}", entityId); } else { entityId = inTransport.getParameterValue(SAMLEntryPoint.IDP_PARAMETER); if (entityId != null) { // IDP from request log.debug("Using user specified IDP {} from request", entityId); context.setPeerUserSelected(true); } else { // Default IDP entityId = metadata.getDefaultIDP(); log.debug("No IDP specified, using default {}", entityId); context.setPeerUserSelected(false); } } context.setPeerEntityId(entityId); context.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String relayState = DatatypeHelper.safeTrim(inTransport.getParameterValue("RelayState")); samlMsgCtx.setRelayState(relayState); processArtifact(samlMsgCtx); populateMessageContext(samlMsgCtx); }
/** * Determine whether the inbound message is signed. * * @param messageContext the message context being evaluated * @return true if the inbound message is signed, otherwise false */ protected boolean isMessageSigned(SAMLMessageContext messageContext) { // TODO this really should be determined by the decoders and supplied to the rule // in some fashion, to handle binding-specific signature mechanisms. See JIRA issue JOWS-4. // // For now evaluate here inline for XML Signature and HTTP-Redirect and HTTP-Post-SimpleSign. SAMLObject samlMessage = messageContext.getInboundSAMLMessage(); if (samlMessage instanceof SignableSAMLObject) { SignableSAMLObject signableMessage = (SignableSAMLObject) samlMessage; if (signableMessage.isSigned()) { return true; } } // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings. HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); String sigParam = inTransport.getParameterValue("Signature"); return !DatatypeHelper.isEmpty(sigParam); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); SAMLObject inboundMessage = (SAMLObject) unmarshallMessage(base64DecodedMessage); samlMsgCtx.setInboundMessage(inboundMessage); samlMsgCtx.setInboundSAMLMessage(inboundMessage); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
String artifactId = DatatypeHelper.safeTrimOrNullString(inTransport.getParameterValue("SAMLart")); if (artifactId == null) { log.error("SAMLart parameter was missing or did not contain a value."); samlMessageContext.setRelayState(inTransport.getParameterValue("RelayState"));