/** * Default constructor. */ public IdpMetadataGenerator() { this.builderFactory = Configuration.getBuilderFactory(); }
protected KeyDescriptor getKeyDescriptor(UsageType type, KeyInfo key) { @SuppressWarnings("unchecked") SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>) Configuration.getBuilderFactory() .getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME); KeyDescriptor descriptor = builder.buildObject(); descriptor.setUse(type); descriptor.setKeyInfo(key); return descriptor; }
private void signAssertion(Assertion assertion, Credential credential) throws SecurityException, MarshallingException, SignatureException { SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory .getBuilder(Signature.DEFAULT_ELEMENT_NAME); Signature signature = signatureBuilder.buildObject(); signature.setSigningCredential(credential); SecurityHelper.prepareSignatureParams(signature, credential, null, null); assertion.setSignature(signature); Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion); marshaller.marshall(assertion); Signer.signObject(signature); }
profile.buildResponse(authentication, context, options); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); DateTime until = new DateTime().plusHours(1); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint); assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID); assertion.getIssuer().setValue(issuerEntityId); assertion.getSubject().getNameID().setValue(username); assertion.getSubject().getNameID().setFormat(format); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null); assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until); assertion.getConditions().setNotOnOrAfter(until); SamlConfig config = new SamlConfig(); config.addAndActivateKey("active-key", new SamlKey(privateKey, keyPassword, certificate)); KeyManager keyManager = SamlKeyManagerFactory.getKeyManager(config); SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME); Signature signature = signatureBuilder.buildObject(); final Credential defaultCredential = keyManager.getDefaultCredential(); signature.setSigningCredential(defaultCredential); SecurityHelper.prepareSignatureParams(signature, defaultCredential, null, null); assertion.setSignature(signature); Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion); marshaller.marshall(assertion); Signer.signObject(signature); return assertion;
private XMLObject unmarshallObject(String xmlString) throws UnmarshallingException, XMLParserException, UnsupportedEncodingException { BasicParserPool parser = new BasicParserPool(); parser.setNamespaceAware(true); /* Base64URL encoded */ byte bytes[] = xmlString.getBytes("utf-8"); if (bytes == null || bytes.length == 0) throw new InsufficientAuthenticationException("Invalid assertion encoding"); Reader reader = new InputStreamReader(new ByteArrayInputStream(bytes)); Document doc = parser.parse(reader); Element samlElement = doc.getDocumentElement(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(samlElement); if (unmarshaller == null) { throw new InsufficientAuthenticationException("Unsuccessful to unmarshal assertion string"); } return unmarshaller.unmarshall(samlElement); }
public static String encodeSAMLRequest(XMLObject authnRequest) throws MarshallingException, IOException { Marshaller marshaller = Configuration.getMarshallerFactory() .getMarshaller(authnRequest); Element authDOM = marshaller.marshall(authnRequest); StringWriter requestWriter = new StringWriter(); XMLHelper.writeNode(authDOM, requestWriter); String requestMessage = requestWriter.toString(); Deflater deflater = new Deflater(Deflater.DEFLATED, true); ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater); deflaterOutputStream.write(requestMessage.getBytes(Charset.forName("UTF-8"))); deflaterOutputStream.close(); String encodedRequestMessage = Base64.encodeBytes(byteArrayOutputStream.toByteArray(), Base64.DONT_BREAK_LINES); encodedRequestMessage = URLEncoder.encode(encodedRequestMessage, HttpUtils.UTF_8).trim(); return encodedRequestMessage; }
public static Response decodeSAMLResponse(String responseMessage) throws ConfigurationException, ParserConfigurationException, SAXException, IOException, UnmarshallingException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); byte[] base64DecodedResponse = Base64.decode(responseMessage); Document document = docBuilder.parse(new ByteArrayInputStream(base64DecodedResponse)); Element element = document.getDocumentElement(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element); return (Response) unmarshaller.unmarshall(element); }
@BeforeClass public static void initVM() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); }
@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAML_METADATA_KEY_INFO_GENERATOR); }
DefaultBootstrap.bootstrap(); } catch (ConfigurationException | FactoryConfigurationError e) { s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage()); final String samlResponse = ((String[])params.get(SAMLPluginConstants.SAML_RESPONSE))[0]; Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse); String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue(); if (!statusCode.equals(StatusCode.SUCCESS_URI)) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(),
DefaultBootstrap.bootstrap(); if (idpMetaDataUrl.startsWith("http")) { _idpMetaDataProvider = new HTTPMetadataProvider(_timer, client, idpMetaDataUrl); } else { File metadataFile = PropertiesUtil.findConfigFile(idpMetaDataUrl); _idpMetaDataProvider = new FilesystemMetadataProvider(_timer, metadataFile); _idpMetaDataProvider.setRequireValidMetadata(true); _idpMetaDataProvider.setParserPool(new BasicParserPool()); _idpMetaDataProvider.initialize(); _timer.scheduleAtFixedRate(new MetadataRefreshTask(), 0, _refreshInterval * 1000); s_logger.error("Unable to read SAML2 IDP MetaData URL, error:" + e.getMessage()); s_logger.error("SAML2 Authentication may be unavailable"); return false;
@Test public void testDoGetMetadata() throws Exception { String metadataString = new Scanner(new File("../uaa/src/main/resources/idp.xml")).useDelimiter("\\Z").next(); ConfigMetadataProvider provider = new ConfigMetadataProvider(IdentityZone.getUaa().getId(), "testalias", metadataString); ConfigMetadataProvider provider2 = new ConfigMetadataProvider(IdentityZone.getUaa().getId(), "testalias", metadataString); DefaultBootstrap.bootstrap(); provider.setParserPool(new BasicParserPool()); XMLObject xmlObject = provider.doGetMetadata(); assertNotNull(xmlObject); assertEquals("http://openam.example.com:8181/openam", ((EntityDescriptorImpl) xmlObject).getEntityID()); assertEquals(provider, provider2); } }
@BeforeAll public static void initializeOpenSAML() throws Exception { if (!org.apache.xml.security.Init.isInitialized()) { DefaultBootstrap.bootstrap(); } }
@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR); }
public void initializeSimple() throws ConfigurationException { builderFactory = Configuration.getBuilderFactory(); }
public Response processSAMLResponse(String responseMessage) { Response responseObject = null; try { DefaultBootstrap.bootstrap(); responseObject = SAMLUtils.decodeSAMLResponse(responseMessage); } catch (ConfigurationException | FactoryConfigurationError | ParserConfigurationException | SAXException | IOException | UnmarshallingException e) { s_logger.error("SAMLResponse processing error: " + e.getMessage()); } return responseObject; }
@Before public void setup() { try { DefaultBootstrap.bootstrap(); } catch (ConfigurationException e) { } tokenServices = mock(AuthorizationServerTokenServices.class);
public void initialize() throws ConfigurationException { IdentityZone.getUaa().getConfig().getSamlConfig().setPrivateKey(PROVIDER_PRIVATE_KEY); IdentityZone.getUaa().getConfig().getSamlConfig().setPrivateKeyPassword(PROVIDER_PRIVATE_KEY_PASSWORD); IdentityZone.getUaa().getConfig().getSamlConfig().setCertificate(PROVIDER_CERTIFICATE); AddBcProvider.noop(); DefaultBootstrap.bootstrap(); initializeSimple(); }
public OpenSAMLContext(Properties properties, Provisioner provisioner) { // Bootstrap openSAML try { DefaultBootstrap.bootstrap(); } catch (ConfigurationException e) { throw new RuntimeException(e); } replayCacheDuration = Long.parseLong(properties.getProperty("replayCacheDuration", "14400000")); maxParserPoolSize = Integer.parseInt(properties.getProperty("maxParserPoolSize", "2")); entityId = properties.getProperty("entityId", "no-property-named-entityId"); clockSkew = Integer.parseInt(properties.getProperty("clockSkew", "90")); newExpires = Integer.parseInt(properties.getProperty("newExpires", "300")); assertionConsumerURI = properties.getProperty("assertionConsumerURI", DEFAULT_ASSERTION_CONSUMER_URI); idpEntityId = properties.getProperty("idpEntityId", "no-property-named-idpEntityId"); idpCertificate = properties.getProperty("idpCertificate", "no-property-named-idpCertificate"); idpUrl = properties.getProperty("idpUrl", "no-property-named-idpUrl"); spPrivateKey = properties.getProperty("spPrivateKey", "no-property-named-spPrivateKey"); spCertificate = properties.getProperty("spCertificate", "no-property-named-spCertificate"); this.provisioner = provisioner; samlMessageHandler = new SAMLMessageHandlerImpl(samlMessageDecoder(), securityPolicyResolver()); samlMessageHandler.setEntityId(entityId); samlMessageHandler.setVelocityEngine(velocityEngine()); samlMessageHandler.setNeedsSigning(true); validatorSuite = new SAML2ValidatorSuite(); }
public static String buildAuthnRequestUrl(final String authnId, final SAMLProviderMetadata spMetadata, final SAMLProviderMetadata idpMetadata, final String signatureAlgorithm) { String redirectUrl = ""; try { DefaultBootstrap.bootstrap(); AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(authnId, spMetadata.getEntityId(), idpMetadata.getSsoUrl(), spMetadata.getSsoUrl()); PrivateKey privateKey = null; if (spMetadata.getKeyPair() != null) { privateKey = spMetadata.getKeyPair().getPrivate(); } redirectUrl = idpMetadata.getSsoUrl() + "?" + SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest), privateKey, signatureAlgorithm); } catch (ConfigurationException | FactoryConfigurationError | MarshallingException | IOException | NoSuchAlgorithmException | InvalidKeyException | java.security.SignatureException e) { s_logger.error("SAML AuthnRequest message building error: " + e.getMessage()); } return redirectUrl; }