/** {@inheritDoc} */ public void marshallAttributes(XMLObject samlElement, Element domElement) { Endpoint endpoint = (Endpoint) samlElement; if (endpoint.getBinding() != null) { domElement.setAttributeNS(null, Endpoint.BINDING_ATTRIB_NAME, endpoint.getBinding().toString()); } if (endpoint.getLocation() != null) { domElement.setAttributeNS(null, Endpoint.LOCATION_ATTRIB_NAME, endpoint.getLocation().toString()); } if (endpoint.getResponseLocation() != null) { domElement.setAttributeNS(null, Endpoint.RESPONSE_LOCATION_ATTRIB_NAME, endpoint.getResponseLocation() .toString()); } marshallUnknownAttributes(endpoint, domElement); }
/** {@inheritDoc} */ @Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append("EndpointCriterion [type=") .append(endpoint.getElementQName()); if (endpoint.getBinding() != null) { builder.append(", Binding=") .append(endpoint.getBinding()); } if (endpoint.getLocation() != null) { builder.append(", Location=") .append(endpoint.getLocation()); } if (endpoint.getResponseLocation() != null) { builder.append(", ResponseLocation=") .append(endpoint.getResponseLocation()); } builder.append(", trusted=").append(trusted) .append(']'); return builder.toString(); }
/** {@inheritDoc} */ @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (obj instanceof EndpointCriterion) { final Endpoint endpoint2 = ((EndpointCriterion) obj).getEndpoint(); if (!Objects.equals(endpoint.getElementQName(), endpoint2.getElementQName())) { return false; } else if (!Objects.equals(endpoint.getBinding(), endpoint2.getBinding())) { return false; } else if (!Objects.equals(endpoint.getLocation(), endpoint2.getLocation())) { return false; } else if (!Objects.equals(endpoint.getResponseLocation(), endpoint2.getResponseLocation())) { return false; } return true; } return false; } }
/** * Determine assertion consumer service assertion consumer service. * * @param authnRequest the authn request * @param adaptor the adaptor * @param binding the binding * @return the assertion consumer service */ public static Endpoint determineEndpointForRequest(final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) { var endpoint = (Endpoint) null; if (authnRequest instanceof LogoutRequest) { endpoint = adaptor.getSingleLogoutService(binding); } else { val endpointReq = getAssertionConsumerServiceFromRequest(authnRequest, binding); endpoint = endpointReq == null ? adaptor.getAssertionConsumerService(binding) : endpointReq; } if (endpoint == null || StringUtils.isBlank(endpoint.getBinding())) { throw new SamlException("Assertion consumer service does not define a binding"); } val location = StringUtils.isBlank(endpoint.getResponseLocation()) ? endpoint.getLocation() : endpoint.getResponseLocation(); if (StringUtils.isBlank(location)) { throw new SamlException("Assertion consumer service does not define a target location"); } return endpoint; }
if (endpointCtx == null || endpointCtx.getEndpoint() == null || (endpointCtx.getEndpoint().getLocation() == null && endpointCtx.getEndpoint().getResponseLocation() == null)) { log.debug("No SAMLEndpointContext or endpoint location available, error must be handled locally"); return true;
final String responseLocation = StringSupport.trimOrNull(endpoint.getResponseLocation()); if (responseLocation != null) { for (final String variant : processLocation(criteriaSet, responseLocation)) {
if ((message instanceof org.opensaml.saml.saml2.core.StatusResponseType || message instanceof org.opensaml.saml.saml1.core.Response) && !Strings.isNullOrEmpty(endpoint.getResponseLocation())) { try { return new URI(endpoint.getResponseLocation()); } catch (URISyntaxException e) { throw new BindingException("The endpoint response location " + endpoint.getResponseLocation() + " is not a valid URL", e);
/** * Optimize the case of resolving a single endpoint if a populated endpoint is supplied via * criteria, and validation is unnecessary due to a signed request. Note that this endpoint may * turn out to be unusable by the caller, but that's immaterial because the requester must have * dictated the binding and location, so we're not allowed to ignore that. * * @param criteria input criteria set * * @return true iff the supplied endpoint via {@link EndpointCriterion} should be returned */ private boolean canUseRequestedEndpoint(@Nonnull final CriteriaSet criteria) { final EndpointCriterion epc = criteria.get(EndpointCriterion.class); if (epc.isTrusted()) { final EndpointType requestedEndpoint = (EndpointType) epc.getEndpoint(); if (requestedEndpoint.getBinding() != null && (requestedEndpoint.getLocation() != null || requestedEndpoint.getResponseLocation() != null)) { return true; } } return false; }
@NonNull val acs = SamlIdPUtils.determineEndpointForRequest(authnRequest, adaptor, binding); val location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation(); if (StringUtils.isBlank(location)) { LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
protected List<Endpoint> getEndpoints( List<? extends org.opensaml.saml.saml2.metadata.Endpoint> services ) { List<Endpoint> result = new LinkedList<>(); if (services != null) { services .stream() .forEach(s -> { Endpoint endpoint = new Endpoint() .setBinding(Binding.fromUrn(s.getBinding())) .setLocation(s.getLocation()) .setResponseLocation(s.getResponseLocation()); result.add(endpoint); if (s instanceof IndexedEndpoint) { IndexedEndpoint idxEndpoint = (IndexedEndpoint) s; endpoint .setIndex(idxEndpoint.getIndex()) .setDefault(idxEndpoint.isDefault()); } } ); } return result; }
protected final void verifyEndpoint(final Endpoint endpoint, final String destination) { try { if (destination != null && !uriComparator.compare(destination, endpoint.getLocation()) && !uriComparator.compare(destination, endpoint.getResponseLocation())) { throw new SAMLEndpointMismatchException("Intended destination " + destination + " doesn't match any of the endpoint URLs on endpoint " + endpoint.getLocation()); } } catch (final Exception e) { throw new SAMLEndpointMismatchException(e); } }
result.add(new EndpointMetadataIndexKey(roleType, endpointType, location, false)); final String responseLocation = StringSupport.trimOrNull(endpoint.getResponseLocation()); if (responseLocation != null) { log.trace("Indexing response Endpoint - role '{}', endpoint type '{}', response location '{}'",
&& !Objects.equals(comparisonEndpoint.getLocation(), endpoint.getResponseLocation())) { log.debug("{} Neither candidate endpoint location '{}' nor response location '{}' matched '{}' ", getLogPrefix(), endpoint.getLocation(), endpoint.getResponseLocation(), comparisonEndpoint.getLocation()); return false;
val location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation(); samlResponse.setDestination(location);