/** {@inheritDoc} */ public void marshallAttributes(XMLObject samlElement, Element domElement) { Endpoint endpoint = (Endpoint) samlElement; if (endpoint.getBinding() != null) { domElement.setAttributeNS(null, Endpoint.BINDING_ATTRIB_NAME, endpoint.getBinding().toString()); } if (endpoint.getLocation() != null) { domElement.setAttributeNS(null, Endpoint.LOCATION_ATTRIB_NAME, endpoint.getLocation().toString()); } if (endpoint.getResponseLocation() != null) { domElement.setAttributeNS(null, Endpoint.RESPONSE_LOCATION_ATTRIB_NAME, endpoint.getResponseLocation() .toString()); } marshallUnknownAttributes(endpoint, domElement); }
/** {@inheritDoc} */ @Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append("EndpointCriterion [type=") .append(endpoint.getElementQName()); if (endpoint.getBinding() != null) { builder.append(", Binding=") .append(endpoint.getBinding()); } if (endpoint.getLocation() != null) { builder.append(", Location=") .append(endpoint.getLocation()); } if (endpoint.getResponseLocation() != null) { builder.append(", ResponseLocation=") .append(endpoint.getResponseLocation()); } builder.append(", trusted=").append(trusted) .append(']'); return builder.toString(); }
/** Does the {@link EntityDescriptor} has an SLO endpoint. * @param entity what to look at * @return whether it has an SLO endpoint */ private boolean hasSingleLogoutService(@Nonnull final EntityDescriptor entity) { final SPSSODescriptor descriptor = entity.getSPSSODescriptor(AbstractProtocolConfiguration.PROTOCOL_URI); if (descriptor != null) { for (final Endpoint endpoint : descriptor.getEndpoints(SingleLogoutService.DEFAULT_ELEMENT_NAME)) { if (LOGOUT_BINDING.equals(endpoint.getBinding()) && LOGOUT_LOCATION.equals(endpoint.getLocation())) { return true; } } } return false; }
protected final void verifyEndpoint(final Endpoint endpoint, final String destination) { try { if (destination != null && !uriComparator.compare(destination, endpoint.getLocation()) && !uriComparator.compare(destination, endpoint.getResponseLocation())) { throw new SAMLEndpointMismatchException("Intended destination " + destination + " doesn't match any of the endpoint URLs on endpoint " + endpoint.getLocation()); } } catch (final Exception e) { throw new SAMLEndpointMismatchException(e); } }
/** {@inheritDoc} */ @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (obj instanceof EndpointCriterion) { final Endpoint endpoint2 = ((EndpointCriterion) obj).getEndpoint(); if (!Objects.equals(endpoint.getElementQName(), endpoint2.getElementQName())) { return false; } else if (!Objects.equals(endpoint.getBinding(), endpoint2.getBinding())) { return false; } else if (!Objects.equals(endpoint.getLocation(), endpoint2.getLocation())) { return false; } else if (!Objects.equals(endpoint.getResponseLocation(), endpoint2.getResponseLocation())) { return false; } return true; } return false; } }
if (comparisonEndpoint.getLocation() != null) { if (!Objects.equals(comparisonEndpoint.getLocation(), endpoint.getLocation()) && !Objects.equals(comparisonEndpoint.getLocation(), endpoint.getResponseLocation())) { log.debug("{} Neither candidate endpoint location '{}' nor response location '{}' matched '{}' ", getLogPrefix(), endpoint.getLocation(), endpoint.getResponseLocation(), comparisonEndpoint.getLocation()); return false;
final String location = StringSupport.trimOrNull(endpoint.getLocation()); if (location != null) { for (final String variant : processLocation(criteriaSet, location)) {
(endpointCtx.getEndpoint().getLocation() == null && endpointCtx.getEndpoint().getResponseLocation() == null)) { log.debug("No SAMLEndpointContext or endpoint location available, error must be handled locally");
if (Strings.isNullOrEmpty(endpoint.getLocation())) { throw new BindingException("Relying party endpoint location was null or empty."); return new URI(endpoint.getLocation()); } catch (URISyntaxException e) { throw new BindingException("The endpoint location " + endpoint.getLocation() + " is not a valid URL", e);
final URI appEndpointUri = new URI(endpoint.getLocation()); if (!SAML2Utils.urisEqualAfterPortNormalization(recipientUri, appEndpointUri)) { logger.debug("SubjectConfirmationData recipient {} does not match SP assertion consumer URL, found. "
/** * Optimize the case of resolving a single endpoint if a populated endpoint is supplied via * criteria, and validation is unnecessary due to a signed request. Note that this endpoint may * turn out to be unusable by the caller, but that's immaterial because the requester must have * dictated the binding and location, so we're not allowed to ignore that. * * @param criteria input criteria set * * @return true iff the supplied endpoint via {@link EndpointCriterion} should be returned */ private boolean canUseRequestedEndpoint(@Nonnull final CriteriaSet criteria) { final EndpointCriterion epc = criteria.get(EndpointCriterion.class); if (epc.isTrusted()) { final EndpointType requestedEndpoint = (EndpointType) epc.getEndpoint(); if (requestedEndpoint.getBinding() != null && (requestedEndpoint.getLocation() != null || requestedEndpoint.getResponseLocation() != null)) { return true; } } return false; }
/** * Determine assertion consumer service assertion consumer service. * * @param authnRequest the authn request * @param adaptor the adaptor * @param binding the binding * @return the assertion consumer service */ public static Endpoint determineEndpointForRequest(final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) { var endpoint = (Endpoint) null; if (authnRequest instanceof LogoutRequest) { endpoint = adaptor.getSingleLogoutService(binding); } else { val endpointReq = getAssertionConsumerServiceFromRequest(authnRequest, binding); endpoint = endpointReq == null ? adaptor.getAssertionConsumerService(binding) : endpointReq; } if (endpoint == null || StringUtils.isBlank(endpoint.getBinding())) { throw new SamlException("Assertion consumer service does not define a binding"); } val location = StringUtils.isBlank(endpoint.getResponseLocation()) ? endpoint.getLocation() : endpoint.getResponseLocation(); if (StringUtils.isBlank(location)) { throw new SamlException("Assertion consumer service does not define a target location"); } return endpoint; }
protected List<Endpoint> getEndpoints( List<? extends org.opensaml.saml.saml2.metadata.Endpoint> services ) { List<Endpoint> result = new LinkedList<>(); if (services != null) { services .stream() .forEach(s -> { Endpoint endpoint = new Endpoint() .setBinding(Binding.fromUrn(s.getBinding())) .setLocation(s.getLocation()) .setResponseLocation(s.getResponseLocation()); result.add(endpoint); if (s instanceof IndexedEndpoint) { IndexedEndpoint idxEndpoint = (IndexedEndpoint) s; endpoint .setIndex(idxEndpoint.getIndex()) .setDefault(idxEndpoint.isDefault()); } } ); } return result; }
final String location = StringSupport.trimOrNull(endpoint.getLocation()); if (location != null) { log.trace("Indexing Endpoint: role '{}', endpoint type '{}', location '{}'",
@NonNull val acs = SamlIdPUtils.determineEndpointForRequest(authnRequest, adaptor, binding); val location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation(); if (StringUtils.isBlank(location)) { LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
new Object[] {getLogPrefix(), resolvedEndpoint.getLocation(), bindingURI,});
val location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation(); samlResponse.setDestination(location);
/** * Prepare peer entity saml endpoint. * * @param request the authn request * @param outboundContext the outbound context * @param adaptor the adaptor * @param binding the binding * @throws SamlException the saml exception */ public static void preparePeerEntitySamlEndpointContext(final RequestAbstractType request, final MessageContext outboundContext, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException { val entityId = adaptor.getEntityId(); if (!adaptor.containsAssertionConsumerServices()) { throw new SamlException("No assertion consumer service could be found for entity " + entityId); } val peerEntityContext = outboundContext.getSubcontext(SAMLPeerEntityContext.class, true); if (peerEntityContext == null) { throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + entityId); } peerEntityContext.setEntityId(entityId); val endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); if (endpointContext == null) { throw new SamlException("SAMLEndpointContext could not be defined for entity " + entityId); } val endpoint = determineEndpointForRequest(request, adaptor, binding); LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", endpoint.getLocation(), endpoint.getBinding()); endpointContext.setEndpoint(endpoint); }
authnRequest.setNameIDPolicy(nameIDPolicy); authnRequest.setRequestedAuthnContext(requestedAuthnContextProvider.provide()); authnRequest.setDestination(idp.getSSOLocation(idp.getBindingType()).getLocation());
logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation());