/** {@inheritDoc} */ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { IDPSSODescriptor descriptor = (IDPSSODescriptor) parentObject; if (childObject instanceof SingleSignOnService) { descriptor.getSingleSignOnServices().add((SingleSignOnService) childObject); } else if (childObject instanceof NameIDMappingService) { descriptor.getNameIDMappingServices().add((NameIDMappingService) childObject); } else if (childObject instanceof AssertionIDRequestService) { descriptor.getAssertionIDRequestServices().add((AssertionIDRequestService) childObject); } else if (childObject instanceof AttributeProfile) { descriptor.getAttributeProfiles().add((AttributeProfile) childObject); } else if (childObject instanceof Attribute) { descriptor.getAttributes().add((Attribute) childObject); } else { super.processChildElement(parentObject, childObject); } }
public final SingleLogoutService getIDPSingleLogoutService(final String binding) { final List<SingleLogoutService> services = getIDPSSODescriptor().getSingleLogoutServices(); for (final SingleLogoutService service : services) { if (service.getBinding().equals(binding)) { return service; } } throw new SAMLException("Identity provider has no single logout service available for the selected profile" + binding); }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { IDPSSODescriptor descriptor = (IDPSSODescriptor) samlObject; if (attribute.getLocalName().equals(IDPSSODescriptor.WANT_AUTHN_REQ_SIGNED_ATTRIB_NAME)) { descriptor.setWantAuthnRequestsSigned(XSBooleanValue.valueOf(attribute.getValue())); } else { super.processAttribute(samlObject, attribute); } } }
IDPSSODescriptor desc = (IDPSSODescriptor) descriptor; IdentityProvider provider = new IdentityProvider(); provider.setId(desc.getID()); provider.setValidUntil(desc.getValidUntil()); if (desc.getCacheDuration() != null) { provider.setCacheDuration(toDuration(desc.getCacheDuration())); provider.setProtocolSupportEnumeration(desc.getSupportedProtocols()); provider.setNameIds(getNameIDs(desc.getNameIDFormats())); provider.setArtifactResolutionService(getEndpoints(desc.getArtifactResolutionServices())); provider.setSingleLogoutService(getEndpoints(desc.getSingleLogoutServices())); provider.setManageNameIDService(getEndpoints(desc.getManageNameIDServices())); provider.setWantAuthnRequestsSigned(desc.getWantAuthnRequestsSigned()); provider.setSingleSignOnService(getEndpoints(desc.getSingleSignOnServices())); provider.setKeys(getProviderKeys(descriptor)); provider.setDiscovery(getDiscovery(desc));
signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor); idpssoDescriptor.getNameIDFormats().add(nameIDFormat); singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING); singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect); idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect); singleSignOnServicePost.setBinding(POST_BINDING); singleSignOnServicePost.setLocation(singleSignOnLocationPost); idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost); addSingleLogoutLocation(singleLogOutLocation, idpssoDescriptor.getSingleLogoutServices()); singleSignOnServiceSoap.setBinding(SOAP_BINDING); singleSignOnServiceSoap.setLocation(singleSignOnLocationSoap); idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceSoap); idpssoDescriptor.setWantAuthnRequestsSigned(true); idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
IDPSSODescriptor descriptor = getIDPSSODescriptor(); roleDescriptor = descriptor; descriptor.setWantAuthnRequestsSigned(idp.getWantAuthnRequestsSigned()); for (NameId id : p.getNameIds()) { descriptor.getNameIDFormats().add(getNameIDFormat(id)); descriptor.getSingleSignOnServices().add(getSingleSignOnService(ep, i)); descriptor.getSingleLogoutServices().add(getSingleLogoutService(ep)); descriptor.getArtifactResolutionServices().add(getArtifactResolutionService(ep, i));
idpdescriptor.getSingleSignOnServices().forEach(sso -> { LOG.debug("[{}] Add SSO binding {}({})", id, sso.getBinding(), sso.getLocation()); this.ssoBindings.put(sso.getBinding(), sso); }); idpdescriptor.getSingleLogoutServices().forEach(slo -> { LOG.debug("[{}] Add SLO binding '{}'\n\tLocation: '{}'\n\tResponse Location: '{}'", id, slo.getBinding(), slo.getLocation(), slo.getResponseLocation()); }); idpdescriptor.getNameIDFormats().forEach(nameIDFormat -> { LOG.debug("[{}] Add NameIDFormat '{}'", id, nameIDFormat.getFormat()); nameIDFormats.add(nameIDFormat.getFormat()); for (KeyDescriptor key : idpdescriptor.getKeyDescriptors()) { for (X509Data x509Data : key.getKeyInfo().getX509Datas()) { for (org.opensaml.xmlsec.signature.X509Certificate cert : x509Data.getX509Certificates()) {
public final SingleSignOnService getIDPSingleSignOnService(final String binding) { final List<SingleSignOnService> services = getIDPSSODescriptor().getSingleSignOnServices(); for (final SingleSignOnService service : services) { if (service.getBinding().equals(binding)) { return service; } } throw new SAMLException("Identity provider has no single sign on service available for the selected profile" + binding); }
@Override protected boolean mustSignRequest(final SPSSODescriptor spDescriptor, final IDPSSODescriptor idpssoDescriptor) { boolean signOutboundContext = false; if (this.isRequestSigned) { logger.debug("Requests are expected to be always signed before submission"); signOutboundContext = true; } else if (spDescriptor.isAuthnRequestsSigned()) { logger.debug("The service provider metadata indicates that authn requests are signed"); signOutboundContext = true; } else if (idpssoDescriptor.getWantAuthnRequestsSigned()) { logger.debug("The identity provider metadata indicates that authn requests may be signed"); signOutboundContext = true; } return signOutboundContext; }