private static AssertionConsumerService buildAssertionConsumerServiceElement( SamlAssertionConsumerConfig config, SamlPortConfig portConfig, String hostname, int index) { final AssertionConsumerService consumer = build(AssertionConsumerService.DEFAULT_ELEMENT_NAME); consumer.setLocation(config.endpoint().toUriString(portConfig.scheme().uriText(), hostname, portConfig.port())); consumer.setBinding(config.endpoint().bindingProtocol().urn()); consumer.setIndex(index); // Add 'isDefault' attribute only when told so. if (config.isDefault()) { consumer.setIsDefault(true); } return consumer; }
assertThat(acs.get(0).getIndex()).isEqualTo(0); assertThat(acs.get(0).isDefault()).isTrue(); assertThat(acs.get(0).getLocation()) .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/post"); assertThat(acs.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI); assertThat(acs.get(1).getIndex()).isEqualTo(1); assertThat(acs.get(1).isDefault()).isFalse(); assertThat(acs.get(1).getLocation()) .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/redirect"); assertThat(acs.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
acs.setBinding(foundAcs.getBinding()); acs.setLocation(foundAcs.getLocation()); acs.setResponseLocation(foundAcs.getResponseLocation()); acs.setIndex(acsIndex); }); } else { acs.setBinding(authnRequest.getProtocolBinding()); acs.setLocation(authnRequest.getAssertionConsumerServiceURL()); acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL()); acs.setIndex(0); acs.setIsDefault(Boolean.TRUE); if (StringUtils.isBlank(acs.getBinding())) { throw new SamlException("AssertionConsumerService has no protocol binding defined"); if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) { throw new SamlException("AssertionConsumerService has no location or response location defined");
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject(); assertionConsumerService.setBinding(REDIRECT_BINDING); assertionConsumerService.setIndex(acsIndex++); assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect); spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService); AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject(); assertionConsumerService.setBinding(POST_BINDING); assertionConsumerService.setIndex(acsIndex++); assertionConsumerService.setLocation(assertionConsumerServiceLocationPost); spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService); AssertionConsumerService assertionConsumerServicePaos = assertionConsumerServiceBuilder.buildObject(); assertionConsumerServicePaos.setBinding(PAOS_BINDING); assertionConsumerServicePaos.setIndex(acsIndex); assertionConsumerServicePaos.setLocation(assertionConsumerServiceLocationPaos); spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerServicePaos);
private static AssertionConsumerService getAssertionConsumerServiceFromRequest(final RequestAbstractType authnRequest, final String binding) { if (authnRequest instanceof AuthnRequest) { val acsUrl = AuthnRequest.class.cast(authnRequest).getAssertionConsumerServiceURL(); if (StringUtils.isBlank(acsUrl)) { return null; } LOGGER.debug("Using assertion consumer service url [{}] with binding [{}] from authentication request", acsUrl, binding); val builder = new AssertionConsumerServiceBuilder(); val endpoint = builder.buildObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME); endpoint.setBinding(binding); endpoint.setResponseLocation(acsUrl); endpoint.setLocation(acsUrl); return endpoint; } return null; }
/** * Create the set of criteria used to find a unique CAS service given a CAS service URL. * * @param serviceURL CAS service URL. * * @return Metadata resolver criteria set. */ @Nonnull protected CriteriaSet criteria(@Nonnull final String serviceURL) { final AssertionConsumerService loginACS = new AssertionConsumerServiceBuilder().buildObject(); loginACS.setBinding(LOGIN_BINDING); loginACS.setLocation(serviceURL); return new CriteriaSet( new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME), new EndpointCriterion<>(loginACS), new ProtocolCriterion(AbstractProtocolConfiguration.PROTOCOL_URI), new StartsWithLocationCriterion()); }
protected void verifyRequest(final AuthnRequest request, final SAML2MessageContext context) { // Verify endpoint requested in the original request final AssertionConsumerService assertionConsumerService = (AssertionConsumerService) context.getSAMLEndpointContext() .getEndpoint(); if (request.getAssertionConsumerServiceIndex() != null) { if (!request.getAssertionConsumerServiceIndex().equals(assertionConsumerService.getIndex())) { logger.warn("Response was received at a different endpoint index than was requested"); } } else { final String requestedResponseURL = request.getAssertionConsumerServiceURL(); final String requestedBinding = request.getProtocolBinding(); if (requestedResponseURL != null) { final String responseLocation; if (assertionConsumerService.getResponseLocation() != null) { responseLocation = assertionConsumerService.getResponseLocation(); } else { responseLocation = assertionConsumerService.getLocation(); } if (!requestedResponseURL.equals(responseLocation)) { logger.warn("Response was received at a different endpoint URL {} than was requested {}", responseLocation, requestedResponseURL); } } if (requestedBinding != null && !requestedBinding.equals(context.getSAMLBindingContext().getBindingUri())) { logger.warn("Response was received using a different binding {} than was requested {}", context.getSAMLBindingContext().getBindingUri(), requestedBinding); } } }
request.setAssertionConsumerServiceIndex(assertionConsumerServiceIndex); } else { request.setAssertionConsumerServiceURL(assertionConsumerService.getLocation()); request.setProtocolBinding(assertionConsumerService.getBinding());
/** * Gets assertion consumer service. * * @param binding the binding * @return the assertion consumer service */ public AssertionConsumerService getAssertionConsumerService(final String binding) { return getAssertionConsumerServices().stream().filter(acs -> acs.getBinding().equals(binding)).findFirst().orElse(null); }
private void prepareArtifactContext(final Response samlResponse, final MessageContext ctx) { val art = ctx.getSubcontext(SAMLArtifactContext.class, true); art.setArtifactType(SAML2ArtifactType0004.TYPE_CODE); art.setSourceEntityId(samlResponse.getIssuer().getValue()); val svc = adaptor.getAssertionConsumerServiceForArtifactBinding(); art.setSourceArtifactResolutionServiceEndpointIndex(svc.getIndex()); art.setSourceArtifactResolutionServiceEndpointURL(svc.getLocation()); } }
providerId, SAMLConstants.SAML2_POST_BINDING_URI); val acs = facade.getAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI); if (acs == null || StringUtils.isBlank(acs.getLocation())) { throw new MessageDecodingException("Unable to resolve SP ACS URL location for binding " + SAMLConstants.SAML2_POST_BINDING_URI); shire = acs.getLocation();
public final AssertionConsumerService getSPAssertionConsumerService(final String acsIndex) { final SPSSODescriptor spssoDescriptor = getSPSSODescriptor(); final List<AssertionConsumerService> services = spssoDescriptor.getAssertionConsumerServices(); // Get by index if (acsIndex != null) { for (final AssertionConsumerService service : services) { if (Integer.valueOf(acsIndex).equals(service.getIndex())) { return service; } } throw new SAMLException("Assertion consumer service with index " + acsIndex + " could not be found for spDescriptor " + spssoDescriptor); } // Get default if (spssoDescriptor.getDefaultAssertionConsumerService() != null) { return spssoDescriptor.getDefaultAssertionConsumerService(); } // Get first if (!services.isEmpty()) { return services.iterator().next(); } throw new SAMLException("No assertion consumer services could be found for " + spssoDescriptor); }
assertionConsumerService.setIndex(bindingType.ordinal()); assertionConsumerService.setBinding(bindingType.getUri()); assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext)); spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService); spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
/** Does the {@link EntityDescriptor} have a {@link MetadataServiceRegistry#PROXY_BINDING} acs. * @param entity what to look at * @return Whether is is authorized to proxy */ private boolean isAuthorizedToProxy(@Nonnull final EntityDescriptor entity) { final SPSSODescriptor descriptor = entity.getSPSSODescriptor(AbstractProtocolConfiguration.PROTOCOL_URI); if (descriptor != null) { for (final AssertionConsumerService acs : descriptor.getAssertionConsumerServices()) { if (PROXY_BINDING.equals(acs.getBinding())) { return true; } } } return false; }
val acs = adaptor.getAssertionConsumerService(binding); LOGGER.debug("Located assertion consumer service url [{}]", acs); val ecpResponse = newEcpResponse(acs.getLocation()); val header = newSoapObject(Header.class); header.getUnknownXMLObjects().add(ecpResponse);
protected AssertionConsumerService getAssertionConsumerService(final String binding, final int index, final boolean isDefault) { final SAMLObjectBuilder<AssertionConsumerService> builder = (SAMLObjectBuilder<AssertionConsumerService>) this.builderFactory .getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME); final AssertionConsumerService consumer = builder.buildObject(); consumer.setLocation(this.assertionConsumerServiceUrl); consumer.setBinding(binding); if (isDefault) { consumer.setIsDefault(true); } consumer.setIndex(index); return consumer; }
/** * Determine profile binding. * * @param authenticationContext the authentication context * @param assertion the assertion * @return the string */ protected String determineProfileBinding(final Pair<AuthnRequest, MessageContext> authenticationContext, final Assertion assertion) { val authnRequest = authenticationContext.getKey(); val pair = getRegisteredServiceAndFacade(authnRequest); val facade = pair.getValue(); val binding = StringUtils.defaultIfBlank(authnRequest.getProtocolBinding(), SAMLConstants.SAML2_POST_BINDING_URI); LOGGER.debug("Determined authentication request binding is [{}], issued by [{}]", binding, authnRequest.getIssuer().getValue()); val entityId = facade.getEntityId(); LOGGER.debug("Checking metadata for [{}] to see if binding [{}] is supported", entityId, binding); @NonNull val svc = facade.getAssertionConsumerService(binding); LOGGER.debug("Binding [{}] is supported by [{}]", svc.getBinding(), entityId); return binding; } }
public AssertionConsumerService getAssertionConsumerService(Endpoint endpoint, int index) { SAMLObjectBuilder<AssertionConsumerService> builder = (SAMLObjectBuilder<AssertionConsumerService>) getBuilderFactory() .getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME); AssertionConsumerService consumer = builder.buildObject(); consumer.setLocation(endpoint.getLocation()); consumer.setBinding(endpoint.getBinding().toString()); consumer.setIsDefault(endpoint.isDefault()); consumer.setIndex(index); return consumer; }
private static AssertionConsumerService buildAssertionConsumerServiceElement( SamlAssertionConsumerConfig config, SamlPortConfig portConfig, String hostname, int index) { final AssertionConsumerService consumer = build(AssertionConsumerService.DEFAULT_ELEMENT_NAME); consumer.setLocation(config.endpoint().toUriString(portConfig.scheme().uriText(), hostname, portConfig.port())); consumer.setBinding(config.endpoint().bindingProtocol().urn()); consumer.setIndex(index); // Add 'isDefault' attribute only when told so. if (config.isDefault()) { consumer.setIsDefault(true); } return consumer; }