@Override public boolean apply(@Nullable final Endpoint endpoint) { return LOGIN_BINDING.equals(endpoint.getBinding()); } }
/** * Verify the candidate's Binding attribute, if set, is among the set in the supplied criterion. * * @param bindings the bindings to allow * @param endpoint the candidate endpoint * * @return true iff the candidate has no Binding, or its Binding is permitted */ private boolean checkBindingCriterion(@Nonnull final BindingCriterion bindings, @Nonnull final EndpointType endpoint) { if (endpoint.getBinding() != null) { if (!bindings.getBindings().contains(endpoint.getBinding())) { log.debug("{} Candidate endpoint binding '{}' not permitted by input criteria", getLogPrefix(), endpoint.getBinding()); return false; } } return true; }
/** {@inheritDoc} */ public void marshallAttributes(XMLObject samlElement, Element domElement) { Endpoint endpoint = (Endpoint) samlElement; if (endpoint.getBinding() != null) { domElement.setAttributeNS(null, Endpoint.BINDING_ATTRIB_NAME, endpoint.getBinding().toString()); } if (endpoint.getLocation() != null) { domElement.setAttributeNS(null, Endpoint.LOCATION_ATTRIB_NAME, endpoint.getLocation().toString()); } if (endpoint.getResponseLocation() != null) { domElement.setAttributeNS(null, Endpoint.RESPONSE_LOCATION_ATTRIB_NAME, endpoint.getResponseLocation() .toString()); } marshallUnknownAttributes(endpoint, domElement); }
/** {@inheritDoc} */ @Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append("EndpointCriterion [type=") .append(endpoint.getElementQName()); if (endpoint.getBinding() != null) { builder.append(", Binding=") .append(endpoint.getBinding()); } if (endpoint.getLocation() != null) { builder.append(", Location=") .append(endpoint.getLocation()); } if (endpoint.getResponseLocation() != null) { builder.append(", ResponseLocation=") .append(endpoint.getResponseLocation()); } builder.append(", trusted=").append(trusted) .append(']'); return builder.toString(); }
/** Does the {@link EntityDescriptor} has an SLO endpoint. * @param entity what to look at * @return whether it has an SLO endpoint */ private boolean hasSingleLogoutService(@Nonnull final EntityDescriptor entity) { final SPSSODescriptor descriptor = entity.getSPSSODescriptor(AbstractProtocolConfiguration.PROTOCOL_URI); if (descriptor != null) { for (final Endpoint endpoint : descriptor.getEndpoints(SingleLogoutService.DEFAULT_ELEMENT_NAME)) { if (LOGOUT_BINDING.equals(endpoint.getBinding()) && LOGOUT_LOCATION.equals(endpoint.getLocation())) { return true; } } } return false; }
/** {@inheritDoc} */ @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (obj instanceof EndpointCriterion) { final Endpoint endpoint2 = ((EndpointCriterion) obj).getEndpoint(); if (!Objects.equals(endpoint.getElementQName(), endpoint2.getElementQName())) { return false; } else if (!Objects.equals(endpoint.getBinding(), endpoint2.getBinding())) { return false; } else if (!Objects.equals(endpoint.getLocation(), endpoint2.getLocation())) { return false; } else if (!Objects.equals(endpoint.getResponseLocation(), endpoint2.getResponseLocation())) { return false; } return true; } return false; } }
if (comparisonEndpoint.getBinding() != null && !Objects.equals(comparisonEndpoint.getBinding(), endpoint.getBinding())) { log.debug("{} Candidate endpoint binding '{}' did not match '{}'", getLogPrefix(), endpoint.getBinding(), comparisonEndpoint.getBinding()); return false;
/** * Optimize the case of resolving a single endpoint if a populated endpoint is supplied via * criteria, and validation is unnecessary due to a signed request. Note that this endpoint may * turn out to be unusable by the caller, but that's immaterial because the requester must have * dictated the binding and location, so we're not allowed to ignore that. * * @param criteria input criteria set * * @return true iff the supplied endpoint via {@link EndpointCriterion} should be returned */ private boolean canUseRequestedEndpoint(@Nonnull final CriteriaSet criteria) { final EndpointCriterion epc = criteria.get(EndpointCriterion.class); if (epc.isTrusted()) { final EndpointType requestedEndpoint = (EndpointType) epc.getEndpoint(); if (requestedEndpoint.getBinding() != null && (requestedEndpoint.getLocation() != null || requestedEndpoint.getResponseLocation() != null)) { return true; } } return false; }
protected List<Endpoint> getEndpoints( List<? extends org.opensaml.saml.saml2.metadata.Endpoint> services ) { List<Endpoint> result = new LinkedList<>(); if (services != null) { services .stream() .forEach(s -> { Endpoint endpoint = new Endpoint() .setBinding(Binding.fromUrn(s.getBinding())) .setLocation(s.getLocation()) .setResponseLocation(s.getResponseLocation()); result.add(endpoint); if (s instanceof IndexedEndpoint) { IndexedEndpoint idxEndpoint = (IndexedEndpoint) s; endpoint .setIndex(idxEndpoint.getIndex()) .setDefault(idxEndpoint.isDefault()); } } ); } return result; }
/** * Determine assertion consumer service assertion consumer service. * * @param authnRequest the authn request * @param adaptor the adaptor * @param binding the binding * @return the assertion consumer service */ public static Endpoint determineEndpointForRequest(final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) { var endpoint = (Endpoint) null; if (authnRequest instanceof LogoutRequest) { endpoint = adaptor.getSingleLogoutService(binding); } else { val endpointReq = getAssertionConsumerServiceFromRequest(authnRequest, binding); endpoint = endpointReq == null ? adaptor.getAssertionConsumerService(binding) : endpointReq; } if (endpoint == null || StringUtils.isBlank(endpoint.getBinding())) { throw new SamlException("Assertion consumer service does not define a binding"); } val location = StringUtils.isBlank(endpoint.getResponseLocation()) ? endpoint.getLocation() : endpoint.getResponseLocation(); if (StringUtils.isBlank(location)) { throw new SamlException("Assertion consumer service does not define a target location"); } return endpoint; }
final String bindingURI = resolvedEndpoint.getBinding(); bindingCtx.setBindingDescriptor(bindingDescriptor.get()); } else { bindingCtx.setBindingUri(resolvedEndpoint.getBinding());
if (endpoint.getBinding() == null) { endpoint.setBinding(unverifiedBinding); log.debug("{} Defaulting binding in \"unverified\" request to {}", getLogPrefix(), unverifiedBinding);
/** * Prepare peer entity saml endpoint. * * @param request the authn request * @param outboundContext the outbound context * @param adaptor the adaptor * @param binding the binding * @throws SamlException the saml exception */ public static void preparePeerEntitySamlEndpointContext(final RequestAbstractType request, final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException { val entityId = adaptor.getEntityId(); if (!adaptor.containsAssertionConsumerServices()) { throw new SamlException("No assertion consumer service could be found for entity " + entityId); } val peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true); if (peerEntityContext == null) { throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + entityId); } peerEntityContext.setEntityId(entityId); val endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); if (endpointContext == null) { throw new SamlException("SAMLEndpointContext could not be defined for entity " + entityId); } val endpoint = determineEndpointForRequest(request, adaptor, binding); LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding()); endpointContext.setEndpoint(endpoint); }