private void validateMetadataURL(String metadataURL) throws MetadataProviderException { try { new URI(metadataURL); } catch (URISyntaxException e) { throw new MetadataProviderException("Illegal URL syntax", e); } }
@Override public String getDefaultIDP() throws MetadataProviderException { Iterator<String> iterator = getIDPEntityNames().iterator(); if (iterator.hasNext()) { return iterator.next(); } else { throw new MetadataProviderException("No IDP was configured, please update included metadata with at least one IDP"); } }
@Override public String getDefaultIDP() throws MetadataProviderException { Iterator<String> iterator = getIDPEntityNames().iterator(); if (iterator.hasNext()) { return iterator.next(); } else { throw new MetadataProviderException("No IDP was configured, please update included metadata with at least one IDP"); } }
@Override public XMLObject doGetMetadata() throws MetadataProviderException { InputStream stream = new ByteArrayInputStream(metadata.getBytes(StandardCharsets.UTF_8)); try { return unmarshallMetadata(stream); } catch (UnmarshallingException e) { log.error("Unable to unmarshall metadata", e); throw new MetadataProviderException(e); } }
default String getEntityID() throws MetadataProviderException { fetchMetadata(); XMLObject metadata = doGetMetadata(); if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; return entityDescriptor.getEntityID(); } else if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor desc = (EntitiesDescriptor)metadata; if (desc.getEntityDescriptors().size()!=1) { throw new MetadataProviderException("Invalid metadata. Number of descriptors must be 1, but is "+desc.getEntityDescriptors().size()); } else { return desc.getEntityDescriptors().get(0).getEntityID(); } } else { throw new MetadataProviderException("Unknown descriptor class:"+metadata.getClass().getName()); } }
@Override public String getEntityIdForAlias(String entityAlias) throws MetadataProviderException { if (entityAlias == null) { return null; } String entityId = null; for (String sp : getSPEntityNames()) { ExtendedMetadata extendedMetadata = getExtendedMetadata(sp); if (entityAlias.equals(extendedMetadata.getAlias())) { if (entityId != null && !entityId.equals(sp)) { throw new MetadataProviderException("Alias " + entityAlias + " is used both for entity " + entityId + " and " + sp); } else { entityId = sp; } } } for (String idp : getIDPEntityNames()) { ExtendedMetadata extendedMetadata = getExtendedMetadata(idp); if (entityAlias.equals(extendedMetadata.getAlias())) { if (entityId != null && !entityId.equals(idp)) { throw new MetadataProviderException("Alias " + entityAlias + " is used both for entity " + entityId + " and " + idp); } else { entityId = idp; } } } return entityId; }
@Override public String getEntityIdForAlias(String entityAlias) throws MetadataProviderException { if (entityAlias == null) { return null; } String entityId = null; for (String idp : getIDPEntityNames()) { ExtendedMetadata extendedMetadata = getExtendedMetadata(idp); if (extendedMetadata.isLocal() && entityAlias.equals(extendedMetadata.getAlias())) { if (entityId != null && !entityId.equals(idp)) { throw new MetadataProviderException("Alias " + entityAlias + " is used both for entity " + entityId + " and " + idp); } else { entityId = idp; } } } for (String sp : getSPEntityNames()) { ExtendedMetadata extendedMetadata = getExtendedMetadata(sp); if (extendedMetadata.isLocal() && entityAlias.equals(extendedMetadata.getAlias())) { if (entityId != null && !entityId.equals(sp)) { throw new MetadataProviderException("Alias " + entityAlias + " is used both for entity " + entityId + " and " + sp); } else { entityId = sp; } } } return entityId; }
String entityIDToBeAdded = ((ConfigMetadataProvider) added.getDelegate()).getEntityID(); if (!StringUtils.hasText(entityIDToBeAdded)) { throw new MetadataProviderException("Emtpy entityID for SAML provider with zoneId:" + providerDefinition.getZoneId() + " and origin:" + providerDefinition.getIdpEntityAlias()); throw new MetadataProviderException("Duplicate entity ID:" + entityIDToBeAdded);
protected void populatePeerContext(SAMLMessageContext samlContext) throws MetadataProviderException { String peerEntityId = samlContext.getPeerEntityId(); QName peerEntityRole = samlContext.getPeerEntityRole(); if (peerEntityId == null) { throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested"); } EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(peerEntityId); RoleDescriptor roleDescriptor = metadataManager.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadataManager.getExtendedMetadata(peerEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException( "Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found"); } samlContext.setPeerEntityMetadata(entityDescriptor); samlContext.setPeerEntityRoleMetadata(roleDescriptor); samlContext.setPeerExtendedMetadata(extendedMetadata); }
protected ExtendedMetadataDelegate configureURLMetadata(SamlServiceProvider provider) throws MetadataProviderException { SamlServiceProviderDefinition def = provider.getConfig().clone(); ExtendedMetadata extendedMetadata = new ExtendedMetadata(); extendedMetadata.setAlias(provider.getEntityId()); byte[] metadata; try { metadata = fixedHttpMetaDataProvider.fetchMetadata(def.getMetaDataLocation(), def.isSkipSslValidation()); } catch (RestClientException e) { throw new MetadataProviderException("Unavailable Metadata Provider", e); } catch (URISyntaxException e) { throw new MetadataProviderException("Invalid metadata URI: " + def.getMetaDataLocation(), e); } def.setMetaDataLocation(new String(metadata, StandardCharsets.UTF_8)); return configureXMLMetadata(provider); }
throw new MetadataProviderException("No local entity found for alias " + localAlias + ", verify your configuration."); } else { log.debug("Using IdP {} specified in request with alias {}", entityId, localAlias);
provider.setEntityId(metadataEntityId); } else if (!metadataEntityId.equals(provider.getEntityId())) { throw new MetadataProviderException( "Metadata entity id does not match SAML SP entity id: " + provider.getEntityId()); throw new MetadataProviderException( "UAA does not support any of the NameIDFormats specified in the metadata for entity: " + provider.getEntityId());
protected ExtendedMetadataDelegate configureURLMetadata(SamlIdentityProviderDefinition def) throws MetadataProviderException { try { def = def.clone(); String adjustedMetatadataURIForPort = adjustURIForPort(def.getMetaDataLocation()); byte[] metadata = fixedHttpMetaDataProvider.fetchMetadata(adjustedMetatadataURIForPort, def.isSkipSslValidation()); def.setMetaDataLocation(new String(metadata, StandardCharsets.UTF_8)); return configureXMLMetadata(def); } catch (URISyntaxException e) { throw new MetadataProviderException("Invalid socket factory(invalid URI):" + def.getMetaDataLocation(), e); } }
public ExtendedMetadataDelegate getExtendedMetadataDelegate(SamlIdentityProviderDefinition def) throws MetadataProviderException { ExtendedMetadataDelegate metadata; switch (def.getType()) { case DATA: { metadata = configureXMLMetadata(def); break; } case URL: { metadata = configureURLMetadata(def); break; } default: { throw new MetadataProviderException("Invalid metadata type for alias[" + def.getIdpEntityAlias() + "]:" + def.getMetaDataLocation()); } } return metadata; }
public ExtendedMetadataDelegate getExtendedMetadataDelegate(SamlServiceProvider provider) throws MetadataProviderException { ExtendedMetadataDelegate metadata; switch (provider.getConfig().getType()) { case DATA: { metadata = configureXMLMetadata(provider); break; } case URL: { metadata = configureURLMetadata(provider); break; } default: { throw new MetadataProviderException("Invalid metadata type for alias[" + provider.getEntityId() + "]:" + provider.getConfig().getMetaDataLocation()); } } return metadata; }
@Test public void metadata_error() throws Exception { exception.expect(ProviderNotFoundException.class); exception.expectMessage("Unable to process SAML assertion."); when(metadataManager.getEntityDescriptor(anyString())).thenThrow(new MetadataProviderException("any message")); String entityID = "validEntityID"; SamlServiceProvider provider = new SamlServiceProvider(); provider.setConfig(new SamlServiceProviderDefinition()); provider.getConfig().setEnableIdpInitiatedSso(true); provider.setActive(true); provider.setEntityId(entityID); SamlServiceProviderHolder holder = new SamlServiceProviderHolder(null, provider); when(configurator.getSamlServiceProviders()).thenReturn(Arrays.asList(holder)); controller.initiate(entityID, request, response); }
@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpExtendedMetadataMissing() throws IOException, ServletException, MetadataProviderException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())) .thenThrow(new MetadataProviderException()); successHandler.setMetadataManager(metadataManager); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
/** {@inheritDoc} */ protected void doInitialization() throws MetadataProviderException { refresh(); if (minRefreshDelay > maxRefreshDelay) { throw new MetadataProviderException("Minimum refresh delay " + minRefreshDelay + " is greater than maximum refresh delay " + maxRefreshDelay); } }
@Override protected XMLObject doGetMetadata() throws MetadataProviderException { try { return super.unmarshallMetadata(resource.getInputStream()); } catch (UnmarshallingException | IOException e) { throw new MetadataProviderException(e); } } }
/** {@inheritDoc} */ public XMLObject getMetadata() throws MetadataProviderException { if (!isInitialized()) { throw new MetadataProviderException("Metadata provider has not been initialized"); } XMLObject metadata = doGetMetadata(); if (metadata == null) { log.debug("Metadata provider does not currently contain any metadata"); } if (!isValid(metadata)) { log.debug("Metadata document exists, but it is no longer valid"); return null; } return metadata; }