subjectConfirmationData.setRecipient(authnRequest.getAssertionConsumerServiceURL()); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); subject.getSubjectConfirmations().add(subjectConfirmation);
@SuppressWarnings("unchecked") private void doSSO(HttpServletRequest request, HttpServletResponse response, Authentication authentication, boolean postRequest) throws ValidationException, SecurityException, MessageDecodingException, MarshallingException, SignatureException, MessageEncodingException, MetadataProviderException, IOException, ServletException { SAMLMessageContext messageContext = samlMessageHandler.extractSAMLMessageContext(request, response, postRequest); AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage(); String assertionConsumerServiceURL = idpConfiguration.getAcsEndpoint() != null ? idpConfiguration.getAcsEndpoint() : authnRequest.getAssertionConsumerServiceURL(); List<SAMLAttribute> attributes = attributes(authentication); SAMLPrincipal principal = new SAMLPrincipal( authentication.getName(), attributes.stream().filter(attr -> "urn:oasis:names:tc:SAML:1.1:nameid-format".equals(attr.getName())) .findFirst().map(attr -> attr.getValue()).orElse(NameIDType.UNSPECIFIED), attributes, authnRequest.getIssuer().getValue(), authnRequest.getID(), assertionConsumerServiceURL, messageContext.getRelayState()); samlMessageHandler.sendAuthnResponse(principal, response); }
if (req.getAssertionConsumerServiceURL() != null) { domElement.setAttributeNS(null, AuthnRequest.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME, req .getAssertionConsumerServiceURL());
if(DatatypeHelper.safeEquals(responseLocation, request.getAssertionConsumerServiceURL())) { return endpoint; if (location != null && DatatypeHelper.safeEquals(location, request.getAssertionConsumerServiceURL())) { return endpoint; endpoint.getLocation(), request.getAssertionConsumerServiceURL()); + " and binding '{}' however no endpoint, with that URL and using a supported binding, " + " can be found in the relying party's metadata ", new Object[] {getEntityMetadata().getEntityID(), request.getAssertionConsumerServiceURL(), (acsBinding == null) ? "any" : acsBinding}); return null;
request.getSession()); setRequestId(authnRequest.getID(), request.getSession()); setRecipient(authnRequest.getAssertionConsumerServiceURL(), request.getSession()); setRelayState(relayState, request.getSession());
request.getAssertionConsumerServiceIndex(), request.getID(), getEntityMetadata().getEntityID()}); endpoint = selectEndpointByACSIndex(request, (List<IndexedEndpoint>) endpoints); } else if (request.getAssertionConsumerServiceURL() != null) { log.debug( "Selecting endpoint by ACS URL '{}' and protocol binding '{}' for request '{}' from entity '{}'", new Object[] {request.getAssertionConsumerServiceURL(), request.getProtocolBinding(), request.getID(), getEntityMetadata().getEntityID()}); endpoint = selectEndpointByACSURL(request, (List<IndexedEndpoint>) endpoints); && request.getAssertionConsumerServiceURL() == null) { log.debug("No ACS index or URL given, selecting endpoint without additional constraints."); if (endpoints.get(0) instanceof IndexedEndpoint) {
"be equal to 2.0", messageContext.getAssertionConsumerURL()), SAMLSSOConstants .Notification.EXCEPTION_STATUS, SAMLSSOConstants.Notification.EXCEPTION_MESSAGE, authnReq.getAssertionConsumerServiceURL()); throw SAML2ClientException.error(SAMLSSOUtil.buildErrorResponse(SAMLSSOConstants.StatusCodes .REQUESTOR_ERROR, "Issuer/ProviderName " + "should not be empty in the Authentication Request" + ".", authnReq.getAssertionConsumerServiceURL())); throw SAML2ClientException.error(SAMLSSOUtil.buildErrorResponse(SAMLSSOConstants.StatusCodes .REQUESTOR_ERROR, "Issuer Format attribute" + " value is invalid", authnReq .getAssertionConsumerServiceURL())); .REQUESTOR_ERROR, msg, authnReq.getAssertionConsumerServiceURL())); String acsUrl = authnReq.getAssertionConsumerServiceURL(); .getAssertionConsumerServiceURL()); messageContext.setAssertionConsumerUrl(defaultACS); }else{ acsValidated = SAMLSSOUtil.validateACS(messageContext.getTenantDomain(), SAMLSSOUtil .splitAppendedTenantDomain(messageContext.getIssuer()), authnReq .getAssertionConsumerServiceURL()); if (!acsValidated) { if (log.isDebugEnabled()) { throw SAML2ClientException.error(SAMLSSOUtil.buildErrorResponse(SAMLSSOConstants.StatusCodes .REQUESTOR_ERROR, "Subject Confirmation " + "methods should NOT be in the request.", authnReq .getAssertionConsumerServiceURL()));
SAMLSSOConstants.StatusCodes.VERSION_MISMATCH, "Invalid SAML Version in Authentication Request. SAML Version should be equal to 2.0", authnReq.getAssertionConsumerServiceURL()); if (log.isDebugEnabled()) { log.debug("Invalid version in the SAMLRequest" + authnReq.getVersion()); SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Issuer/ProviderName should not be empty in the Authentication Request.", authnReq.getAssertionConsumerServiceURL()); log.debug("SAML Request issuer validation failed. Issuer should not be empty"); validationResponse.setResponse(errorResp); SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Issuer Format attribute value is invalid", authnReq.getAssertionConsumerServiceURL()); if (log.isDebugEnabled()) { log.debug("Invalid Issuer Format attribute value " + issuer.getFormat()); String acsUrl = authnReq.getAssertionConsumerServiceURL(); if ( StringUtils.isNotBlank(spAcsUrl) && StringUtils.isNotBlank(acsUrl) && !acsUrl.equals(spAcsUrl)) { log.error("Invalid ACS URL value " + acsUrl + " in the AuthnRequest message from " + SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Subject Confirmation methods should NOT be in the request.", authnReq.getAssertionConsumerServiceURL()); if (log.isDebugEnabled()) { log.debug("Invalid Request message. A Subject confirmation method found " + validationResponse.setAssertionConsumerURL(authnReq.getAssertionConsumerServiceURL());
String consumerServiceURL = authnRequest.getAssertionConsumerServiceURL(); if (consumerServiceURL != null && ssoIdPConfigs.getAssertionConsumerUrl().equals(consumerServiceURL)) {
String consumerServiceURL = authnRequest.getAssertionConsumerServiceURL(); if (consumerServiceURL != null && ssoIdPConfigs.getAssertionConsumerUrl().equals(consumerServiceURL)) {
String requestedResponseURL = request.getAssertionConsumerServiceURL(); String requestedBinding = request.getProtocolBinding(); if (requestedResponseURL != null) {
messageContext.setDestination(((AuthnRequest) request).getDestination()); messageContext.setId(((AuthnRequest) request).getID()); messageContext.setAssertionConsumerUrl(((AuthnRequest) request).getAssertionConsumerServiceURL()); messageContext.setIsPassive(((AuthnRequest) request).isPassive()); SSOAuthnRequestValidator reqValidator = new SPInitSSOAuthnRequestValidator(messageContext);
validateACS(authnReq.getAssertionConsumerServiceURL(), saml2SSOContext.getId(), saml2SSOContext, requestValidatorConfig);