/** * Returns an enum constant based if known for the given {@code key}, or the {@code defaultValue} otherwise. * @param key * @return */ public static JBossSAMLConstants from(String key, JBossSAMLConstants defaultValue) { final JBossSAMLConstants res = REVERSE_LOOKUP.from(key); return res == null ? defaultValue : res; }
/** * Returns an enum constant based if known for the given {@code key}, or the {@code UNKNOWN_VALUE} otherwise. * @param key * @return */ public static JBossSAMLConstants from(String key) { return from(key, UNKNOWN_VALUE); }
/** * Returns an enum constant based if known for the given {@code key}, or {@code null} otherwise. * @param key * @return */ public static JBossSAMLURIConstants from(String key) { return REVERSE_LOOKUP.from(key); } }
private JBossSAMLConstants(JBossSAMLURIConstants namespaceUri, String name) { this.nsUri = namespaceUri; this.asQName = name == null ? null : new QName(namespaceUri.get(), name); }
private void createPaosRequestHeader(SOAPEnvelope envelope) throws SOAPException { SOAPHeader headers = envelope.getHeader(); SOAPHeaderElement paosRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PAOS_BINDING)); paosRequestHeader.setMustUnderstand(true); paosRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next"); paosRequestHeader.addAttribute(envelope.createName("service"), JBossSAMLURIConstants.ECP_PROFILE.get()); paosRequestHeader.addAttribute(envelope.createName("responseConsumerURL"), getResponseConsumerUrl()); }
private Element getAssertionFromResponse(final SAMLDocumentHolder responseHolder) throws ConfigurationException, ProcessingException { Element encryptedAssertion = DocumentUtil.getElement(responseHolder.getSamlDocument(), new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (encryptedAssertion != null) { // encrypted assertion. // We'll need to decrypt it first. Document encryptedAssertionDocument = DocumentUtil.createDocument(); encryptedAssertionDocument.appendChild(encryptedAssertionDocument.importNode(encryptedAssertion, true)); return XMLEncryptionUtil.decryptElementInDocument(encryptedAssertionDocument, deployment.getDecryptionKey()); } return DocumentUtil.getElement(responseHolder.getSamlDocument(), new QName(JBossSAMLConstants.ASSERTION.get())); }
private KeyInfo processKeyDescriptor(Element keyDescriptor) throws MarshalException { NodeList childNodes = keyDescriptor.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), XmlDSigQNames.KEY_INFO.getQName().getLocalPart()); if (childNodes.getLength() == 0) { return null; } Node keyInfoNode = childNodes.item(0); return (keyInfoNode == null) ? null : kif.unmarshalKeyInfo(new DOMStructure(keyInfoNode)); }
public MultivaluedHashMap<String, KeyInfo> parse(InputStream stream) throws ParsingException { MultivaluedHashMap<String, KeyInfo> res = new MultivaluedHashMap<>(); try { DocumentBuilder builder = DocumentUtil.getDocumentBuilder(); Document doc = builder.parse(stream); XPathExpression expr = xpath.compile("/m:EntitiesDescriptor/m:EntityDescriptor/m:IDPSSODescriptor/m:KeyDescriptor"); NodeList keyDescriptors = (NodeList) expr.evaluate(doc, XPathConstants.NODESET); for (int i = 0; i < keyDescriptors.getLength(); i ++) { Node keyDescriptor = keyDescriptors.item(i); Element keyDescriptorEl = (Element) keyDescriptor; KeyInfo ki = processKeyDescriptor(keyDescriptorEl); if (ki != null) { String use = keyDescriptorEl.getAttribute(JBossSAMLConstants.USE.get()); res.add(use, ki); } } } catch (SAXException | IOException | ParserConfigurationException | MarshalException | XPathExpressionException e) { throw new ParsingException("Error parsing SAML descriptor", e); } return res; }
/** * Returns an enum constant based if known for the given {@code name} (namespace-aware), or the {@code UNKNOWN_VALUE} otherwise. * @param key * @return */ public static JBossSAMLConstants from(QName name) { final JBossSAMLConstants res = REVERSE_LOOKUP.from(name); return res == null ? UNKNOWN_VALUE : res; } }
private String extractStatusCode(StatusCodeType statusCode) { if (statusCode == null || statusCode.getValue() == null) { return "UNKNOWN"; } if (Objects.equals(JBossSAMLURIConstants.STATUS_RESPONDER.get(), statusCode.getValue().toString())) { return extractStatusCode(statusCode.getStatusCode()); } return statusCode.getValue().toString(); } }
private void createEcpRequestHeader(SOAPEnvelope envelope) throws SOAPException { SOAPHeader headers = envelope.getHeader(); SOAPHeaderElement ecpRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PROFILE_ECP)); ecpRequestHeader.setMustUnderstand(true); ecpRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next"); ecpRequestHeader.addAttribute(envelope.createName("ProviderName"), deployment.getEntityID()); ecpRequestHeader.addAttribute(envelope.createName("IsPassive"), "0"); ecpRequestHeader.addChildElement(envelope.createQName("Issuer", "saml")).setValue(deployment.getEntityID()); ecpRequestHeader.addChildElement(envelope.createQName("IDPList", "samlp")) .addChildElement(envelope.createQName("IDPEntry", "samlp")) .addAttribute(envelope.createName("ProviderID"), deployment.getIDP().getEntityID()) .addAttribute(envelope.createName("Name"), deployment.getIDP().getEntityID()) .addAttribute(envelope.createName("Loc"), deployment.getIDP().getSingleSignOnService().getRequestBindingUrl()); }
private boolean isSuccessfulSamlResponse(ResponseType responseType) { return responseType != null && responseType.getStatus() != null && responseType.getStatus().getStatusCode() != null && responseType.getStatus().getStatusCode().getValue() != null && Objects.equals(responseType.getStatus().getStatusCode().getValue().toString(), JBossSAMLURIConstants.STATUS_SUCCESS.get()); }
@Override protected void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) { try { MessageFactory messageFactory = MessageFactory.newInstance(); SOAPMessage message = messageFactory.createMessage(); SOAPEnvelope envelope = message.getSOAPPart().getEnvelope(); envelope.addNamespaceDeclaration(NS_PREFIX_SAML_ASSERTION, JBossSAMLURIConstants.ASSERTION_NSURI.get()); envelope.addNamespaceDeclaration(NS_PREFIX_SAML_PROTOCOL, JBossSAMLURIConstants.PROTOCOL_NSURI.get()); envelope.addNamespaceDeclaration(NS_PREFIX_PAOS_BINDING, JBossSAMLURIConstants.PAOS_BINDING.get()); envelope.addNamespaceDeclaration(NS_PREFIX_PROFILE_ECP, JBossSAMLURIConstants.ECP_PROFILE.get()); createPaosRequestHeader(envelope); createEcpRequestHeader(envelope); SOAPBody body = envelope.getBody(); body.addDocument(binding.postBinding(authnRequestBuilder.toDocument()).getDocument()); message.writeTo(httpFacade.getResponse().getOutputStream()); } catch (Exception e) { throw new RuntimeException("Could not create AuthnRequest.", e); } }
public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment deployment) { String issuerURL = deployment.getEntityID(); String nameIDPolicyFormat = deployment.getNameIDPolicyFormat(); if (nameIDPolicyFormat == null) { nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get(); } SingleSignOnService sso = deployment.getIDP().getSingleSignOnService(); SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder() .destination(sso.getRequestBindingUrl()) .issuer(issuerURL) .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive()) .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat)); if (sso.getResponseBinding() != null) { String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get(); if (sso.getResponseBinding() == SamlDeployment.Binding.POST) { protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get(); } authnRequestBuilder.protocolBinding(protocolBinding); } if (sso.getAssertionConsumerServiceUrl() != null) { authnRequestBuilder.assertionConsumerUrl(sso.getAssertionConsumerServiceUrl()); } return authnRequestBuilder; }
if(checkStatusCodeValue(status.getStatusCode(), JBossSAMLURIConstants.STATUS_RESPONDER.get()) && checkStatusCodeValue(status.getStatusCode().getStatusCode(), JBossSAMLURIConstants.STATUS_NO_PASSIVE.get())){ log.debug("Not authenticated due passive mode Status found in SAML response: " + status.toString()); return AuthOutcome.NOT_AUTHENTICATED;
String nameFormatString = nameFormat == null ? JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get() : nameFormat.toString(); final SamlPrincipal principal = new SamlPrincipal(assertion, principalName, principalName, nameFormatString, attributes, friendlyAttributes); String index = authn == null ? null : authn.getSessionIndex();