private LogoutResponse createLogoutResponse(LogoutRequest logoutRequest, String statusCode) { final StatusCode success = build(StatusCode.DEFAULT_ELEMENT_NAME); success.setValue(statusCode); final Status status = build(Status.DEFAULT_ELEMENT_NAME); status.setStatusCode(success); final Issuer me = build(Issuer.DEFAULT_ELEMENT_NAME); me.setValue(entityId); final LogoutResponse logoutResponse = build(LogoutResponse.DEFAULT_ELEMENT_NAME); logoutResponse.setIssuer(me); logoutResponse.setID(requestIdManager.newId()); logoutResponse.setIssueInstant(DateTime.now()); logoutResponse.setStatus(status); logoutResponse.setInResponseTo(logoutRequest.getID()); return logoutResponse; } }
private SamlIdentityProviderConfig resolveIdpConfig(Issuer issuer) { final String value = issuer.getValue(); if (value != null) { final SamlIdentityProviderConfig config = idpConfigs.get(value); if (config != null) { return config; } } throw new SamlException("failed to find identity provider from configuration " + issuer.getValue()); }
/** * Resolve the SAML entity ID from a SAML 2 Issuer. * * @param issuer the issuer * * @return the entity ID, or null if it could not be resolved */ @Nullable protected String processSaml2Issuer(@Nonnull final Issuer issuer) { if (issuer.getFormat() == null || issuer.getFormat().equals(NameIDType.ENTITY)) { return issuer.getValue(); } else { log.warn("Couldn't dynamically resolve SAML 2 peer entity ID due to unsupported NameID format: {}", issuer.getFormat()); return null; } }
protected org.opensaml.saml.saml2.core.Issuer toIssuer(Issuer issuer) { org.opensaml.saml.saml2.core.Issuer result = buildSAMLObject(org.opensaml.saml.saml2.core.Issuer.class); result.setValue(issuer.getValue()); if (issuer.getFormat() != null) { result.setFormat(issuer.getFormat().toString()); } result.setSPNameQualifier(issuer.getSpNameQualifier()); result.setNameQualifier(issuer.getNameQualifier()); return result; }
@SuppressWarnings("unchecked") protected final Issuer getIssuer(final String spEntityId) { final SAMLObjectBuilder<Issuer> issuerBuilder = (SAMLObjectBuilder<Issuer>) this.builderFactory .getBuilder(Issuer.DEFAULT_ELEMENT_NAME); final Issuer issuer = issuerBuilder.buildObject(); issuer.setValue(spEntityId); issuer.setFormat(Issuer.ENTITY); if (this.useNameQualifier) { issuer.setNameQualifier(spEntityId); } return issuer; }
protected Issuer getIssuer(org.opensaml.saml.saml2.core.Issuer issuer) { return issuer == null ? null : new Issuer() .setValue(issuer.getValue()) .setFormat(NameId.fromUrn(issuer.getFormat())) .setSpNameQualifier(issuer.getSPNameQualifier()) .setNameQualifier(issuer.getNameQualifier()); }
protected org.opensaml.saml.saml2.core.LogoutResponse internalToXml(LogoutResponse response) { org.opensaml.saml.saml2.core.LogoutResponse result = buildSAMLObject(org.opensaml.saml.saml2.core.LogoutResponse.class); result.setInResponseTo(response.getInResponseTo()); result.setID(response.getId()); result.setIssueInstant(response.getIssueInstant()); result.setDestination(response.getDestination()); org.opensaml.saml.saml2.core.Issuer issuer = buildSAMLObject(org.opensaml.saml.saml2.core.Issuer.class); issuer.setValue(response.getIssuer().getValue()); issuer.setNameQualifier(response.getIssuer().getNameQualifier()); issuer.setSPNameQualifier(response.getIssuer().getSpNameQualifier()); result.setIssuer(issuer); org.opensaml.saml.saml2.core.Status status = buildSAMLObject(org.opensaml.saml.saml2.core.Status.class); org.opensaml.saml.saml2.core.StatusCode code = buildSAMLObject(org.opensaml.saml.saml2.core.StatusCode.class); code.setValue(response.getStatus().getCode().toString()); status.setStatusCode(code); if (hasText(response.getStatus().getMessage())) { StatusMessage message = buildSAMLObject(StatusMessage.class); message.setMessage(response.getStatus().getMessage()); status.setStatusMessage(message); } result.setStatus(status); if (response.getSigningKey() != null) { this.signObject(result, response.getSigningKey(), response.getAlgorithm(), response.getDigest()); } return result; }
private void validateRequest(RequestAbstractType parsedRequest) throws ProcessingException { if (parsedRequest.getIssuer() == null) { LOG.debug("No Issuer is present in the AuthnRequest/LogoutRequest"); throw new ProcessingException(TYPE.BAD_REQUEST); } String format = parsedRequest.getIssuer().getFormat(); if (format != null && !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) { LOG.debug("An invalid Format attribute was received: {}", format); throw new ProcessingException(TYPE.BAD_REQUEST); } if (parsedRequest instanceof AuthnRequest) { // No SubjectConfirmation Elements are allowed AuthnRequest authnRequest = (AuthnRequest)parsedRequest; if (authnRequest.getSubject() != null && authnRequest.getSubject().getSubjectConfirmations() != null && !authnRequest.getSubject().getSubjectConfirmations().isEmpty()) { LOG.debug("An invalid SubjectConfirmation Element was received"); throw new ProcessingException(TYPE.BAD_REQUEST); } } }
/** * Build entity issuer issuer. * * @return the issuer */ protected Issuer buildEntityIssuer() { val issuer = newIssuer(casProperties.getAuthn().getSamlIdp().getEntityId()); issuer.setFormat(Issuer.ENTITY); return issuer; }
c.setIssuer(assertion.getIssuer().getNameQualifier()); for (XMLObject attributeValue : attribute.getAttributeValues()) { Element attributeValueElement = attributeValue.getDOM();
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final ProfileRequestContext profileRequestContext) { final RequestAbstractType request = requestLookupStrategy.apply(profileRequestContext); if (request != null && request.getIssuer() != null) { final Issuer issuer = request.getIssuer(); if (issuer.getFormat() == null || NameID.ENTITY.equals(issuer.getFormat())) { return issuer.getValue(); } } return null; }
/** * Create an Issuer object * * @param issuerValue of type String * @param issuerFormat of type String * @param issuerQualifier of type String * @return an Issuer object */ @SuppressWarnings("unchecked") public static Issuer createIssuer(String issuerValue, String issuerFormat, String issuerQualifier) { if (issuerBuilder == null) { issuerBuilder = (SAMLObjectBuilder<Issuer>) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME); } Issuer issuer = issuerBuilder.buildObject(); // // The SAML authority that is making the claim(s) in the assertion. The issuer SHOULD // be unambiguous to the intended relying parties. issuer.setValue(issuerValue); issuer.setFormat(issuerFormat); issuer.setNameQualifier(issuerQualifier); return issuer; }
protected org.opensaml.saml.saml2.core.LogoutRequest internalToXml(LogoutRequest request) { org.opensaml.saml.saml2.core.LogoutRequest lr = buildSAMLObject(org.opensaml.saml.saml2.core.LogoutRequest.class); lr.setDestination(request.getDestination().getLocation()); lr.setID(request.getId()); lr.setVersion(SAMLVersion.VERSION_20); org.opensaml.saml.saml2.core.Issuer issuer = buildSAMLObject(org.opensaml.saml.saml2.core.Issuer.class); issuer.setValue(request.getIssuer().getValue()); issuer.setNameQualifier(request.getIssuer().getNameQualifier()); issuer.setSPNameQualifier(request.getIssuer().getSpNameQualifier()); lr.setIssuer(issuer); lr.setIssueInstant(request.getIssueInstant()); lr.setNotOnOrAfter(request.getNotOnOrAfter()); NameID nameID = buildSAMLObject(NameID.class); nameID.setFormat(request.getNameId().getFormat().toString()); nameID.setValue(request.getNameId().getValue()); nameID.setSPNameQualifier(request.getNameId().getSpNameQualifier()); nameID.setNameQualifier(request.getNameId().getNameQualifier()); lr.setNameID(nameID); if (request.getSigningKey() != null) { signObject(lr, request.getSigningKey(), request.getAlgorithm(), request.getDigest()); } return lr; }
c.setIssuer(assertion.getIssuer().getNameQualifier()); for (XMLObject attributeValue : attribute.getAttributeValues()) { Element attributeValueElement = attributeValue.getDOM();
private SamlIdentityProviderConfig validateAndGetIdPConfig(LogoutRequest logoutRequest, String endpointUri) { final String issuer = logoutRequest.getIssuer().getValue(); if (issuer == null) { throw new SamlException("no issuer found from the logout request: " + logoutRequest.getID()); } if (!endpointUri.equals(logoutRequest.getDestination())) { throw new SamlException("unexpected destination: " + logoutRequest.getDestination()); } final SamlIdentityProviderConfig config = idpConfigs.get(issuer); if (config == null) { throw new SamlException("unexpected identity provider: " + issuer); } return config; }
issuer.setValue(myEntityId); authnRequest.setIssuer(issuer);
/** * Validate the Issuer (if it exists) */ private void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer) throws WSSecurityException { if (issuer == null) { return; } // Issuer value must match (be contained in) Issuer IDP if (enforceKnownIssuer && (issuer.getValue() == null || !issuerIDP.startsWith(issuer.getValue()))) { LOG.fine("Issuer value: " + issuer.getValue() + " does not match issuer IDP: " + issuerIDP); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } // Format must be nameid-format-entity if (issuer.getFormat() != null && !SAML2Constants.NAMEID_FORMAT_ENTITY.equals(issuer.getFormat())) { LOG.fine("Issuer format is not null and does not equal: " + SAML2Constants.NAMEID_FORMAT_ENTITY); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } }
c.setClaimType(URI.create(attribute.getName())); c.setIssuer(assertion.getIssuer().getNameQualifier());
final String idpEntityId = issuer.getValue(); config = idpConfigs.get(idpEntityId); if (config == null) {