@Override public CompletionStage<Void> beforeInitiatingSso(ServiceRequestContext ctx, HttpRequest req, MessageContext<AuthnRequest> message, SamlIdentityProviderConfig idpConfig) { final String requestedPath = req.path(); if (requestedPath.length() <= 80) { // Relay the requested path by default. final SAMLBindingContext sub = message.getSubcontext(SAMLBindingContext.class, true); assert sub != null : "SAMLBindingContext"; sub.setRelayState(requestedPath); } return CompletableFuture.completedFuture(null); }
/** * Converts an {@link AggregatedHttpMessage} which is received from the remote entity to * a {@link SAMLObject}. */ static <T extends SAMLObject> MessageContext<T> toSamlObject(AggregatedHttpMessage msg, String name) { final SamlParameters parameters = new SamlParameters(msg); final byte[] decoded; try { decoded = Base64.getMimeDecoder().decode(parameters.getFirstValue(name)); } catch (IllegalArgumentException e) { throw new SamlException("failed to decode a base64 string of the parameter: " + name, e); } @SuppressWarnings("unchecked") final T message = (T) deserialize(decoded); final MessageContext<T> messageContext = new MessageContext<>(); messageContext.setMessage(message); final String relayState = parameters.getFirstValueOrNull(RELAY_STATE); if (relayState != null) { final SAMLBindingContext context = messageContext.getSubcontext(SAMLBindingContext.class, true); assert context != null; context.setRelayState(relayState); } return messageContext; }
@Override public HttpResponse serve(ServiceRequestContext ctx, AggregatedHttpMessage msg, String defaultHostname, SamlPortConfig portConfig) { try { final MessageContext<Response> messageContext; if (cfg.endpoint().bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { messageContext = HttpRedirectBindingUtil.toSamlObject(msg, SAML_RESPONSE, idpConfigs, defaultIdpConfig); } else { messageContext = HttpPostBindingUtil.toSamlObject(msg, SAML_RESPONSE); } final String endpointUri = cfg.endpoint().toUriString(portConfig.scheme().uriText(), defaultHostname, portConfig.port()); final Response response = messageContext.getMessage(); final Assertion assertion = getValidatedAssertion(response, endpointUri); // Find a session index which is sent by an identity provider. final String sessionIndex = assertion.getAuthnStatements().stream() .map(AuthnStatement::getSessionIndex) .filter(Objects::nonNull) .findFirst().orElse(null); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; return ssoHandler.loginSucceeded(ctx, msg, messageContext, sessionIndex, relayState); } catch (SamlException e) { return ssoHandler.loginFailed(ctx, msg, null, e); } }
final MessageContext<AuthnRequest> messageContext = new MessageContext<>(); messageContext.setMessage(request); return new MessageContextAndIdpConfig(messageContext, idp); }).thenCompose(arg -> { }).thenApply(arg -> { final SAMLBindingContext bindingContext = arg.messageContext.getSubcontext(SAMLBindingContext.class); final String relayState = bindingContext != null ? bindingContext.getRelayState() : null; if (endpoint.bindingProtocol() == SamlBindingProtocol.HTTP_REDIRECT) { return responseWithLocation(toRedirectionUrl( arg.messageContext.getMessage(), endpoint.toUriString(), SAML_REQUEST, signingCredential, sp.signatureAlgorithm(), } else { final String value = toSignedBase64( arg.messageContext.getMessage(), signingCredential, sp.signatureAlgorithm());
protected MessageContext<Pac4jSAMLResponse> prepareOutboundMessageContext(final WebContext webContext) { final Pac4jSAMLResponse outTransport = new DefaultPac4jSAMLResponse(webContext); final MessageContext<Pac4jSAMLResponse> outCtx = new MessageContext<>(); outCtx.setMessage(outTransport); return outCtx; }
/** * Invoked when the SAML authentication process is finished and a user is authenticated. You can get * information about the authenticated user from the {@link Response}, especially his or her login name. * In this example, an email address is used as a login name. The login name is transferred to a web * browser via {@code Set-Cookie} header. */ @Override public HttpResponse loginSucceeded(ServiceRequestContext ctx, AggregatedHttpMessage req, MessageContext<Response> message, @Nullable String sessionIndex, @Nullable String relayState) { final String username = getNameId(message.getMessage(), SamlNameIdFormat.EMAIL).map(NameIDType::getValue) .orElse(null); if (username == null) { return HttpResponse.of(HttpStatus.UNAUTHORIZED, MediaType.HTML_UTF_8, "<html><body>Username is not found.</body></html>"); } logger.info("{} user '{}' has been logged in.", ctx, username); final Cookie cookie = new DefaultCookie("username", username); cookie.setHttpOnly(true); cookie.setDomain("localhost"); cookie.setMaxAge(60); cookie.setPath("/"); return HttpResponse.of( HttpHeaders.of(HttpStatus.OK) .contentType(MediaType.HTML_UTF_8) .add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.LAX.encode(cookie)), HttpData.ofUtf8("<html><body onLoad=\"window.location.href='/welcome'\"></body></html>")); }
/** {@inheritDoc} */ @Override protected void doExecute(ProfileRequestContext profileRequestContext) { final MessageChannelSecurityContext channelContext = getParentContext().getSubcontext(MessageChannelSecurityContext.class, true); final HttpServletRequest request = getHttpServletRequest(); if (request.isSecure() && (!defaultPortInsecure || request.getLocalPort() != 443)) { channelContext.setConfidentialityActive(true); channelContext.setIntegrityActive(true); } else { channelContext.setConfidentialityActive(false); channelContext.setIntegrityActive(false); } }
/** {@inheritDoc} */ protected void doDecode() throws MessageDecodingException { MessageContext<SAMLObject> messageContext = new MessageContext<>(); HttpServletRequest request = getHttpServletRequest(); decodeTarget(messageContext, request); processArtifacts(messageContext, request); populateBindingContext(messageContext); setMessageContext(messageContext); }
public SAML2MessageContext(final MessageContext<SAMLObject> ctx) { this(); super.setParent(ctx); }
/** {@inheritDoc} */ @Override public boolean apply(@Nullable final ProfileRequestContext input) { return input == null || !input.getSubcontext(MessageChannelSecurityContext.class, true).isIntegrityActive(); }
final T message = (T) fromDeflatedBase64(parameters.getFirstValue(name)); final MessageContext<T> messageContext = new MessageContext<>(); messageContext.setMessage(message); final SAMLBindingContext context = messageContext.getSubcontext(SAMLBindingContext.class, true); assert context != null; context.setRelayState(relayState);
/** {@inheritDoc} */ @Override protected void doDecode() throws MessageDecodingException { ssoRequest = buildIdPInitiatedSSORequest(); final MessageContext<SAMLObject> messageContext = new MessageContext<>(); messageContext.setMessage(buildAuthnRequest()); populateBindingContext(messageContext); setMessageContext(messageContext); }
@Override public CompletionStage<Void> beforeInitiatingSso(ServiceRequestContext ctx, HttpRequest req, MessageContext<AuthnRequest> message, SamlIdentityProviderConfig idpConfig) { message.getSubcontext(SAMLBindingContext.class, true) .setRelayState(req.path()); return CompletableFuture.completedFuture(null); }
final LogoutRequest logoutRequest = messageContext.getMessage(); final SamlIdentityProviderConfig idp = validateAndGetIdPConfig(logoutRequest, endpointUri);
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final MessageChannelSecurityContext channelContext = getParentContext().getSubcontext(MessageChannelSecurityContext.class, true); channelContext.setConfidentialityActive(isConfidentialityActive()); channelContext.setIntegrityActive(isIntegrityActive()); }
/** {@inheritDoc} */ @Override protected void doInvoke(MessageContext messageContext) throws MessageHandlerException { messageContext.getSubcontext(SAMLProtocolContext.class, true).setProtocol(samlProtocol); messageContext.getSubcontext(entityContextClass, true).setRole(peerRole); }
MessageContext msgContext = _call.getMessageContext(); MimeHeaders hd = msgContext.getMessage().getMimeHeaders(); hd.addHeader("SessionID", sessionId);
/** {@inheritDoc} */ @Override @Nullable public Boolean apply(@Nullable final MessageContext input) { if (input != null) { final AbstractAuthenticatableSAMLEntityContext entityCtx = input.getSubcontext(entityContextClass); if (entityCtx != null) { return entityCtx.isAuthenticated(); } } return null; }
/** {@inheritDoc} */ @Override protected XMLObject getMessageToLog() { return getMessageContext().getSubcontext(SOAP11Context.class, true).getEnvelope(); }
/** * Store the constructed SOAP envelope in the message context for later encoding. * * @param envelope the SOAP envelope */ protected void storeSOAPEnvelope(final Envelope envelope) { getMessageContext().getSubcontext(SOAP11Context.class, true).setEnvelope(envelope); }