@Override public boolean apply(final BindingDescriptor input) { return input.getId().equals(bindingCtx.getBindingUri()); } });
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final ProfileRequestContext input) { final MessageContext inMsgCtx = input.getInboundMessageContext(); if (inMsgCtx == null) { log.debug("No inbound message context available"); return null; } if (!suppressForBindings.isEmpty()) { final SAMLBindingContext bindingCtx = inMsgCtx.getSubcontext(SAMLBindingContext.class); if (bindingCtx != null && bindingCtx.getBindingUri() != null && suppressForBindings.contains(bindingCtx.getBindingUri())) { log.debug("Inbound binding {} is suppressed, ignoring request ID", bindingCtx.getBindingUri()); return null; } } final SAMLMessageInfoContext infoCtx = inMsgCtx.getSubcontext(SAMLMessageInfoContext.class, true); if (infoCtx == null) { log.debug("No inbound SAMLMessageInfoContext available"); return null; } return infoCtx.getMessageId(); } }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final SAMLBindingContext input) { if (input != null) { if (useShortName) { final BindingDescriptor descriptor = input.getBindingDescriptor(); if (descriptor != null && descriptor.getShortName() != null) { return descriptor.getShortName(); } } return input.getBindingUri(); } else { return null; } }
if (bindingContext == null || bindingContext.getBindingUri() == null) { log.warn("Binding URI was not available, unable to lookup message encoder"); return null; log.debug("Looking up message encoder based on binding URI: {}", bindingContext.getBindingUri()); final List<BindingDescriptor> bindings = bindingMap.get(bindingContext.getBindingUri()); for (final BindingDescriptor binding : bindings) { if (binding.getEncoderBeanId() != null) { log.warn("Failed to find a message encoder based on binding URI: {}", bindingContext.getBindingUri()); return null;
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { log.debug("{} Attempting to add SubjectConfirmation to assertions in outgoing Response", getLogPrefix()); response = responseLookupStrategy.apply(profileRequestContext); if (response == null) { log.debug("{} No SAML response located in current profile request context", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return false; } else if (response.getAssertions().isEmpty()) { log.debug("{} No assertions in response message, nothing to do", getLogPrefix()); return false; } final SAMLBindingContext bindingCtx = profileRequestContext.getOutboundMessageContext().getSubcontext( SAMLBindingContext.class, false); artifactProfile = bindingCtx != null && Objects.equals(bindingCtx.getBindingUri(), SAMLConstants.SAML1_ARTIFACT_BINDING_URI); return super.doPreExecute(profileRequestContext); }
final SAMLBindingContext bindingCtx = profileRequestContext.getInboundMessageContext().getSubcontext(SAMLBindingContext.class); if (bindingCtx != null && bindingCtx.getBindingUri() != null) { final Optional<BindingDescriptor> binding = Iterables.tryFind(bindingDescriptors, new Predicate<BindingDescriptor>() {
if (bindingCtx == null || bindingCtx.getBindingUri() == null) { log.debug("No SAMLBindingContext or binding URI available, error must be handled locally"); return true;
protected void verifyRequest(final AuthnRequest request, final SAML2MessageContext context) { // Verify endpoint requested in the original request final AssertionConsumerService assertionConsumerService = (AssertionConsumerService) context.getSAMLEndpointContext() .getEndpoint(); if (request.getAssertionConsumerServiceIndex() != null) { if (!request.getAssertionConsumerServiceIndex().equals(assertionConsumerService.getIndex())) { logger.warn("Response was received at a different endpoint index than was requested"); } } else { final String requestedResponseURL = request.getAssertionConsumerServiceURL(); final String requestedBinding = request.getProtocolBinding(); if (requestedResponseURL != null) { final String responseLocation; if (assertionConsumerService.getResponseLocation() != null) { responseLocation = assertionConsumerService.getResponseLocation(); } else { responseLocation = assertionConsumerService.getLocation(); } if (!requestedResponseURL.equals(responseLocation)) { logger.warn("Response was received at a different endpoint URL {} than was requested {}", responseLocation, requestedResponseURL); } } if (requestedBinding != null && !requestedBinding.equals(context.getSAMLBindingContext().getBindingUri())) { logger.warn("Response was received using a different binding {} than was requested {}", context.getSAMLBindingContext().getBindingUri(), requestedBinding); } } }
/** * Validates the SAML logout request. * * @param logoutRequest the logout request * @param context the context * @param engine the signature engine */ protected void validateLogoutRequest(final LogoutRequest logoutRequest, final SAML2MessageContext context, final SignatureTrustEngine engine) { validateSignatureIfItExists(logoutRequest.getSignature(), context, engine); // don't check because of CAS v5 //validateIssueInstant(logoutRequest.getIssueInstant()); validateIssuerIfItExists(logoutRequest.getIssuer(), context); final EncryptedID encryptedID = logoutRequest.getEncryptedID(); if (encryptedID != null) { decryptEncryptedId(encryptedID, decrypter); } final List<SessionIndex> sessionIndexes = logoutRequest.getSessionIndexes(); if (sessionIndexes == null || sessionIndexes.size() != 1) { throw new SAMLException("We must have one session index in the logout request"); } String sessionIndex = sessionIndexes.get(0).getSessionIndex(); final String bindingUri = context.getSAMLBindingContext().getBindingUri(); if (SAMLConstants.SAML2_SOAP11_BINDING_URI.equals(bindingUri)) { logoutHandler.destroySessionBack(context.getWebContext(), sessionIndex); } else { logoutHandler.destroySessionFront(context.getWebContext(), sessionIndex); } }
decodedCtx.getSAMLBindingContext().setBindingUri(bindingContext.getBindingUri()); decodedCtx.getSAMLBindingContext().setHasBindingSignature(bindingContext.hasBindingSignature()); decodedCtx.getSAMLBindingContext().setIntendedDestinationEndpointURIRequired(bindingContext