/** {@inheritDoc} */ public void marshallAttributes(XMLObject samlElement, Element domElement) { Endpoint endpoint = (Endpoint) samlElement; if (endpoint.getBinding() != null) { domElement.setAttributeNS(null, Endpoint.BINDING_ATTRIB_NAME, endpoint.getBinding().toString()); } if (endpoint.getLocation() != null) { domElement.setAttributeNS(null, Endpoint.LOCATION_ATTRIB_NAME, endpoint.getLocation().toString()); } if (endpoint.getResponseLocation() != null) { domElement.setAttributeNS(null, Endpoint.RESPONSE_LOCATION_ATTRIB_NAME, endpoint.getResponseLocation() .toString()); } marshallUnknownAttributes(endpoint, domElement); }
/** {@inheritDoc} */ @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (obj instanceof EndpointCriterion) { final Endpoint endpoint2 = ((EndpointCriterion) obj).getEndpoint(); if (!Objects.equals(endpoint.getElementQName(), endpoint2.getElementQName())) { return false; } else if (!Objects.equals(endpoint.getBinding(), endpoint2.getBinding())) { return false; } else if (!Objects.equals(endpoint.getLocation(), endpoint2.getLocation())) { return false; } else if (!Objects.equals(endpoint.getResponseLocation(), endpoint2.getResponseLocation())) { return false; } return true; } return false; } }
/** {@inheritDoc} */ public boolean apply(@Nullable final Endpoint endpoint) { if (endpoint == null) { return false; } final RoleDescriptor role = (RoleDescriptor) endpoint.getParent(); if (role == null) { return false; } QName roleType = role.getSchemaType(); if (roleType == null) { roleType = role.getElementQName(); } QName endpointType = endpoint.getSchemaType(); if (endpointType == null) { endpointType = endpoint.getElementQName(); } final Set<QName> indexableEndpoints = endpointTypes.get(roleType); if (indexableEndpoints != null && indexableEndpoints.contains(endpointType)) { return true; } return false; }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { Endpoint endpoint = (Endpoint) samlObject; if (attribute.getLocalName().equals(Endpoint.BINDING_ATTRIB_NAME)) { endpoint.setBinding(attribute.getValue()); } else if (attribute.getLocalName().equals(Endpoint.LOCATION_ATTRIB_NAME)) { endpoint.setLocation(attribute.getValue()); } else if (attribute.getLocalName().equals(Endpoint.RESPONSE_LOCATION_ATTRIB_NAME)) { endpoint.setResponseLocation(attribute.getValue()); } else { processUnknownAttribute(endpoint, attribute); } }
protected final void verifyEndpoint(final Endpoint endpoint, final String destination) { try { if (destination != null && !uriComparator.compare(destination, endpoint.getLocation()) && !uriComparator.compare(destination, endpoint.getResponseLocation())) { throw new SAMLEndpointMismatchException("Intended destination " + destination + " doesn't match any of the endpoint URLs on endpoint " + endpoint.getLocation()); } } catch (final Exception e) { throw new SAMLEndpointMismatchException(e); } }
QName endpointType = endpoint.getSchemaType(); if (endpointType == null) { endpointType = endpoint.getElementQName(); final String location = StringSupport.trimOrNull(endpoint.getLocation()); if (location != null) { for (final String variant : processLocation(criteriaSet, location)) { final String responseLocation = StringSupport.trimOrNull(endpoint.getResponseLocation()); if (responseLocation != null) { for (final String variant : processLocation(criteriaSet, responseLocation)) {
/** Does the {@link EntityDescriptor} has an SLO endpoint. * @param entity what to look at * @return whether it has an SLO endpoint */ private boolean hasSingleLogoutService(@Nonnull final EntityDescriptor entity) { final SPSSODescriptor descriptor = entity.getSPSSODescriptor(AbstractProtocolConfiguration.PROTOCOL_URI); if (descriptor != null) { for (final Endpoint endpoint : descriptor.getEndpoints(SingleLogoutService.DEFAULT_ELEMENT_NAME)) { if (LOGOUT_BINDING.equals(endpoint.getBinding()) && LOGOUT_LOCATION.equals(endpoint.getLocation())) { return true; } } } return false; }
final URI appEndpointUri = new URI(endpoint.getLocation()); if (!SAML2Utils.urisEqualAfterPortNormalization(recipientUri, appEndpointUri)) { logger.debug("SubjectConfirmationData recipient {} does not match SP assertion consumer URL, found. "
endpoint.setLocation(((IdPInitiatedSSORequest) inboundMessage).getAssertionConsumerServiceURL()); } else if (inboundMessage instanceof AuthnRequest) { log.debug("{} Populating template endpoint for resolution from SAML AuthnRequest", getLogPrefix()); endpoint.setLocation(((AuthnRequest) inboundMessage).getAssertionConsumerServiceURL()); endpoint.setBinding(((AuthnRequest) inboundMessage).getProtocolBinding()); if (endpoint instanceof IndexedEndpoint) { ((IndexedEndpoint) endpoint).setIndex( if (endpoint.getBinding() == null) { endpoint.setBinding(unverifiedBinding); log.debug("{} Defaulting binding in \"unverified\" request to {}", getLogPrefix(), unverifiedBinding);
@Override public boolean apply(@Nullable final Endpoint endpoint) { return LOGIN_BINDING.equals(endpoint.getBinding()); } }
QName endpointType = epCriterion.getEndpoint().getSchemaType(); if (endpointType == null) { endpointType = epCriterion.getEndpoint().getElementQName();
if ((message instanceof org.opensaml.saml.saml2.core.StatusResponseType || message instanceof org.opensaml.saml.saml1.core.Response) && !Strings.isNullOrEmpty(endpoint.getResponseLocation())) { try { return new URI(endpoint.getResponseLocation()); } catch (URISyntaxException e) { throw new BindingException("The endpoint response location " + endpoint.getResponseLocation() + " is not a valid URL", e); if (Strings.isNullOrEmpty(endpoint.getLocation())) { throw new BindingException("Relying party endpoint location was null or empty."); return new URI(endpoint.getLocation()); } catch (URISyntaxException e) { throw new BindingException("The endpoint location " + endpoint.getLocation() + " is not a valid URL", e);
QName endpointType = endpoint.getSchemaType(); if (endpointType == null) { endpointType = endpoint.getElementQName(); final String location = StringSupport.trimOrNull(endpoint.getLocation()); if (location != null) { log.trace("Indexing Endpoint: role '{}', endpoint type '{}', location '{}'", result.add(new EndpointMetadataIndexKey(roleType, endpointType, location, false)); final String responseLocation = StringSupport.trimOrNull(endpoint.getResponseLocation()); if (responseLocation != null) { log.trace("Indexing response Endpoint - role '{}', endpoint type '{}', response location '{}'",
/** * Prepare peer entity saml endpoint. * * @param request the authn request * @param outboundContext the outbound context * @param adaptor the adaptor * @param binding the binding * @throws SamlException the saml exception */ public static void preparePeerEntitySamlEndpointContext(final RequestAbstractType request, final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException { val entityId = adaptor.getEntityId(); if (!adaptor.containsAssertionConsumerServices()) { throw new SamlException("No assertion consumer service could be found for entity " + entityId); } val peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true); if (peerEntityContext == null) { throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + entityId); } peerEntityContext.setEntityId(entityId); val endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); if (endpointContext == null) { throw new SamlException("SAMLEndpointContext could not be defined for entity " + entityId); } val endpoint = determineEndpointForRequest(request, adaptor, binding); LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding()); endpointContext.setEndpoint(endpoint); }
authnRequest.setNameIDPolicy(nameIDPolicy); authnRequest.setRequestedAuthnContext(requestedAuthnContextProvider.provide()); authnRequest.setDestination(idp.getSSOLocation(idp.getBindingType()).getLocation());
/** * Verify the candidate's Binding attribute, if set, is among the set in the supplied criterion. * * @param bindings the bindings to allow * @param endpoint the candidate endpoint * * @return true iff the candidate has no Binding, or its Binding is permitted */ private boolean checkBindingCriterion(@Nonnull final BindingCriterion bindings, @Nonnull final EndpointType endpoint) { if (endpoint.getBinding() != null) { if (!bindings.getBindings().contains(endpoint.getBinding())) { log.debug("{} Candidate endpoint binding '{}' not permitted by input criteria", getLogPrefix(), endpoint.getBinding()); return false; } } return true; }
/** * Optimize the case of resolving a single endpoint if a populated endpoint is supplied via * criteria, and validation is unnecessary due to a signed request. Note that this endpoint may * turn out to be unusable by the caller, but that's immaterial because the requester must have * dictated the binding and location, so we're not allowed to ignore that. * * @param criteria input criteria set * * @return true iff the supplied endpoint via {@link EndpointCriterion} should be returned */ private boolean canUseRequestedEndpoint(@Nonnull final CriteriaSet criteria) { final EndpointCriterion epc = criteria.get(EndpointCriterion.class); if (epc.isTrusted()) { final EndpointType requestedEndpoint = (EndpointType) epc.getEndpoint(); if (requestedEndpoint.getBinding() != null && (requestedEndpoint.getLocation() != null || requestedEndpoint.getResponseLocation() != null)) { return true; } } return false; }
(endpointCtx.getEndpoint().getLocation() == null && endpointCtx.getEndpoint().getResponseLocation() == null)) { log.debug("No SAMLEndpointContext or endpoint location available, error must be handled locally"); return true;
/** {@inheritDoc} */ @Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append("EndpointCriterion [type=") .append(endpoint.getElementQName()); if (endpoint.getBinding() != null) { builder.append(", Binding=") .append(endpoint.getBinding()); } if (endpoint.getLocation() != null) { builder.append(", Location=") .append(endpoint.getLocation()); } if (endpoint.getResponseLocation() != null) { builder.append(", ResponseLocation=") .append(endpoint.getResponseLocation()); } builder.append(", trusted=").append(trusted) .append(']'); return builder.toString(); }
final String bindingURI = resolvedEndpoint.getBinding(); new Object[] {getLogPrefix(), resolvedEndpoint.getLocation(), bindingURI,}); bindingCtx.setBindingDescriptor(bindingDescriptor.get()); } else { bindingCtx.setBindingUri(resolvedEndpoint.getBinding());