/** * Get the requester. * * @param messageContext the message context * @return the requester */ @Nullable private String getInboundMessageIssuer(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLPeerEntityContext peerCtx = messageContext.getSubcontext(SAMLPeerEntityContext.class); if (peerCtx == null) { return null; } return peerCtx.getEntityId(); }
/** * Get the requester. * * @param messageContext the message context * @return the requester */ @Nullable private String getInboundMessageIssuer(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLPeerEntityContext peerCtx = messageContext.getSubcontext(SAMLPeerEntityContext.class); if (peerCtx == null) { return null; } return peerCtx.getEntityId(); }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final RelyingPartyContext input) { final BaseContext ctx = input != null ? input.getRelyingPartyIdContextTree() : null; if (ctx != null) { if (ctx instanceof SAMLPeerEntityContext) { return ((SAMLPeerEntityContext) ctx).getEntityId(); } else if (ctx instanceof SAMLSelfEntityContext) { return ((SAMLSelfEntityContext) ctx).getEntityId(); } } return null; }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final MessageContext input) { if (input != null) { final SAMLPeerEntityContext peerCtx = input.getSubcontext(SAMLPeerEntityContext.class); if (peerCtx != null) { return peerCtx.getEntityId(); } final SAMLSelfEntityContext selfCtx = input.getSubcontext(SAMLSelfEntityContext.class); if (selfCtx != null) { return selfCtx.getEntityId(); } } return null; }
/** {@inheritDoc} */ @Override protected void doInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { final RelyingPartyContext rpContext = relyingPartyContextCreationStrategy.apply(messageContext); if (rpContext == null) { log.debug("{} Unable to locate or create RelyingPartyContext", getLogPrefix()); throw new MessageHandlerException("Unable to locate or create RelyingPartyContext"); } log.debug("{} Attaching RelyingPartyContext based on SAML peer {}", getLogPrefix(), peerEntityCtx.getEntityId()); rpContext.setRelyingPartyIdContextTree(peerEntityCtx); rpContext.setRelyingPartyIdLookupStrategy(RPID_LOOKUP); rpContext.setVerificationLookupStrategy(VERIFY_LOOKUP); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final RelyingPartyContext rpContext = relyingPartyContextCreationStrategy.apply(profileRequestContext); if (rpContext == null) { log.debug("{} Unable to locate or create RelyingPartyContext", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, IdPEventIds.INVALID_RELYING_PARTY_CTX); return; } log.debug("{} Attaching RelyingPartyContext based on SAML peer {}", getLogPrefix(), peerEntityCtx.getEntityId()); rpContext.setRelyingPartyIdContextTree(peerEntityCtx); rpContext.setRelyingPartyIdLookupStrategy(RPID_LOOKUP); rpContext.setVerificationLookupStrategy(VERIFY_LOOKUP); }
protected final void validateSignatureIfItExists(final Signature signature, final SAML2MessageContext context, final SignatureTrustEngine engine) { if (signature != null) { final String entityId = context.getSAMLPeerEntityContext().getEntityId(); validateSignature(signature, entityId, engine); context.getSAMLPeerEntityContext().setAuthenticated(true); } }
if (peerContext == null || Strings.isNullOrEmpty(peerContext.getEntityId())) { log.warn("SAML peer entityID was not available, unable to evaluate rule"); return; String messageIssuer = peerContext.getEntityId();
if (peerContext.getEntityId() != null) { final String contextEntityID = peerContext.getEntityId(); final String msgType = signableObject.getElementQName().toString(); log.debug("{} Attempting to verify signature on signed SAML protocol message type: {}",
final SAMLPeerEntityContext peerContext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true); String entityID = StringSupport.trimOrNull(peerContext.getEntityId()); if (entityID == null) { entityID = "(unknown)";
/** * Validate issuer format and value. * * @param issuer the issuer * @param context the context */ protected final void validateIssuer(final Issuer issuer, final SAML2MessageContext context) { if (issuer.getFormat() != null && !issuer.getFormat().equals(NameIDType.ENTITY)) { throw new SAMLIssuerException("Issuer type is not entity but " + issuer.getFormat()); } final String entityId = context.getSAMLPeerEntityContext().getEntityId(); if (entityId == null || !entityId.equals(issuer.getValue())) { throw new SAMLIssuerException("Issuer " + issuer.getValue() + " does not match idp entityId " + entityId); } }
/** * Validate assertion signature. If none is found and the SAML response did not have one and the SP requires * the assertions to be signed, the validation fails. * * @param signature the signature * @param context the context * @param engine the engine */ protected final void validateAssertionSignature(final Signature signature, final SAML2MessageContext context, final SignatureTrustEngine engine) { final SAMLPeerEntityContext peerContext = context.getSAMLPeerEntityContext(); if (signature != null) { final String entityId = peerContext.getEntityId(); validateSignature(signature, entityId, engine); } else { if (wantsAssertionsSigned(context) && !peerContext.isAuthenticated()) { throw new SAMLSignatureRequiredException("Assertion or response must be signed"); } } }
peer.setEntityId(SamlIdPUtils.getIssuerFromSamlObject(profileRequest)); val peerEntityId = peer.getEntityId(); LOGGER.debug("Validating request signature for [{}] via [{}]...", peerEntityId, handler.getClass().getSimpleName());
final SAMLPeerEntityContext peerCtx = peerContextLookupStrategy.apply(profileRequestContext); if (peerCtx != null) { if (peerCtx.getEntityId() != null) { log.debug("{} Adding entityID to resolution criteria", getLogPrefix()); criteria.add(new EntityIdCriterion(peerCtx.getEntityId())); if (samlProtocol != null) { criteria.add(new ProtocolCriterion(samlProtocol));
final String contextEntityID = peerContext.getEntityId();
peerContext.setEntityId(peerEntityCtx.getEntityId());
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final MessageContext msgCtx = new MessageContext(); profileRequestContext.setOutboundMessageContext(msgCtx); final SAMLSelfEntityContext selfContext = msgCtx.getSubcontext(SAMLSelfEntityContext.class, true); selfContext.setEntityId(selfIdentityLookupStrategy.apply(profileRequestContext)); final SAMLPeerEntityContext peerContext = msgCtx.getSubcontext(SAMLPeerEntityContext.class, true); peerContext.setEntityId(peerEntityCtx.getEntityId()); final SAMLMetadataContext inboundMetadataCtx = peerEntityCtx.getSubcontext(SAMLMetadataContext.class); if (inboundMetadataCtx != null) { final SAMLMetadataContext outboundMetadataCtx = peerContext.getSubcontext(SAMLMetadataContext.class, true); outboundMetadataCtx.setEntityDescriptor(inboundMetadataCtx.getEntityDescriptor()); outboundMetadataCtx.setRoleDescriptor(inboundMetadataCtx.getRoleDescriptor()); final AttributeConsumingServiceContext acsCtx = inboundMetadataCtx.getSubcontext(AttributeConsumingServiceContext.class); if (null != acsCtx) { outboundMetadataCtx.getSubcontext(AttributeConsumingServiceContext.class, true) .setAttributeConsumingService(acsCtx.getAttributeConsumingService()); } } log.debug("{} Initialized outbound message context", getLogPrefix()); } }
outboundContext.getSAMLPeerEntityContext().setEntityId(context.getSAMLPeerEntityContext().getEntityId()); outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol()); outboundContext.getSecurityParametersContext()