Package org.picketlink.identity.federation.saml.v2.protocol

Examples of org.picketlink.identity.federation.saml.v2.protocol.ResponseType

174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
         Document samlResponseDocument = null;
        
         if(trace)
            log.trace("AssertionConsumerURL=" + assertionConsumerURL +
               "::assertion validity=" + assertionValidity);
         ResponseType responseType = null;    
        
         SAML2Response saml2Response = new SAML2Response();
              
         //Create a response type
         String id = IDGenerator.create("ID_");

         IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
         issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

         IDPInfoHolder idp = new IDPInfoHolder();
         idp.setNameIDFormatValue(userPrincipal.getName());
         idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

         SPInfoHolder sp = new SPInfoHolder();
         sp.setResponseDestinationURI(assertionConsumerURL);
         responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
        
         //Add information on the roles
         AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

         AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
         assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
        
         //Add timed conditions
View Full Code Here
107
108
109
110
111
112
113
114
115
116
117
    */
   public static JAXBElement<?> get(StatusResponseType statusResponseType)
   {
      if(statusResponseType instanceof ResponseType)
      {
         ResponseType responseType = (ResponseType) statusResponseType;
         return SAMLProtocolFactory.getObjectFactory().createResponse(responseType)
      }
      else if(statusResponseType instanceof NameIDMappingResponseType)
      {
         NameIDMappingResponseType nameIDResponseType = (NameIDMappingResponseType) statusResponseType;
View Full Code Here
110
111
112
113
114
115
116
117
118
119
120
121
122
     
      subjectType.getContent().add(jaxbSubjectConfirmationType);
     
      assertionType.setSubject(subjectType);
     
      ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
      //InResponseTo ID
      responseType.setInResponseTo(sp.getRequestID());
      //Destination
      responseType.setDestination(responseDestinationURI);
      
      return responseType;
   }
View Full Code Here
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
   }
  
   public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertionType)
   throws Exception
   {
      ResponseType responseType = SAMLProtocolFactory.getObjectFactory().createResponseType();
      responseType.setVersion(issuerInfo.getSamlVersion());
     
      //ID
      responseType.setID(ID);
     
      //Issuer
      NameIDType issuer = issuerInfo.getIssuer();
      responseType.setIssuer(issuer);
     
      //Status
      String statusCode = issuerInfo.getStatusCode();
      if(statusCode == null)
         throw new IllegalArgumentException("issuerInfo missing status code");
     
      responseType.setStatus(createStatusType(statusCode) );
     
      XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
     
      //IssueInstant
      responseType.setIssueInstant(issueInstant);
   
      responseType.getAssertionOrEncryptedAssertion().add(assertionType);
      return responseType;
   }
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
         {
            String referer = request.getHeader("Referer");
           
            if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
            {
               ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get());
               try
               {
                  send(errorResponseType, request.getParameter("RelayState"), response);
               }
               catch (ParsingException e)
               {
                 log.error(e);
               }
               catch (ProcessingException e)
               {
                  log.error(e);
              
               return;
            }

            //User is authenticated as we are on the return path
            userPrincipal = request.getPrincipal();
            if(userPrincipal != null)
            {
               //Send valid saml response after processing the request
               if(containsSAMLRequestMessage)
               {
                  RequestAbstractType requestAbstractType =  null;
                  try
                  {
                     requestAbstractType = getSAMLRequest(request);
                     boolean isValid = this.validate(request);
                     if(!isValid)
                        throw new GeneralSecurityException("Validity Checks Failed");
                    
                     this.isTrusted(requestAbstractType.getIssuer().getValue());
                    
                     ResponseType responseType = this.getResponse(request, userPrincipal);
                     send(responseType, request.getParameter("RelayState"), response);
                  }
                  catch (Exception e)
                  {
                     log.error("Exception:" ,e);
                     if(requestAbstractType != null)
                        referer = requestAbstractType.getIssuer().getValue();
                     ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_RESPONDER.get());
                     try
                     {
                        send(errorResponseType, request.getParameter("RelayState"), response);
                     }
                     catch (ParsingException e1)
View Full Code Here
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
    * @throws ProcessingException
    */
   protected ResponseType getResponse(Request request, Principal userPrincipal)
   throws ParsingException, ConfigurationException, ProcessingException
   {
      ResponseType responseType = null;

      String samlMessage = getSAMLMessage(request);
      InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
      SAML2Request saml2Request = new SAML2Request();
     
      AuthnRequestType authnRequestType = null;
      try
      {
         authnRequestType = saml2Request.getAuthnRequestType(is);
      }
      catch (JAXBException e2)
      {
         throw new ParsingException(e2);
      }
      catch (SAXException e2)
      {
         throw new ParsingException(e2);
      }
      if(authnRequestType == null)
         throw new IllegalStateException("AuthnRequest is null");

      if(log.isTraceEnabled())
      {
         StringWriter sw = new StringWriter();
         try
         {
            saml2Request.marshall(authnRequestType, sw);
         }
         catch (SAXException e)
         {
            log.trace(e);
         }
         catch (JAXBException e)
         {
            log.trace(e);
         }
         log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
      }
      SAML2Response saml2Response = new SAML2Response();
           
      //Create a response type
      String id = IDGenerator.create("ID_");

      IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
      issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());

      IDPInfoHolder idp = new IDPInfoHolder();
      idp.setNameIDFormatValue(userPrincipal.getName());
      idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());

      SPInfoHolder sp = new SPInfoHolder();
      sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
      responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
      //Add information on the roles
      List<String> roles = rg.generateRoles(userPrincipal);
      AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);

      AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
     
      //Add timed conditions
View Full Code Here
399
400
401
402
403
404
405
406
407
408
409
  
   private ResponseType getErrorResponse(String responseURL, String status) throws ServletException
   {
      try
      {
         ResponseType responseType = null;
        
         SAML2Response saml2Response = new SAML2Response();
              
         //Create a response type
         String id = IDGenerator.create("ID_");
View Full Code Here
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
         byte[] base64DecodedResponse = Base64.decode(samlResponse);
         InputStream is = DeflateUtil.decode(base64DecodedResponse);

         SAML2Response saml2Response = new SAML2Response();
        
         ResponseType responseType = saml2Response.getResponseType(is);
                 
         this.isTrusted(responseType.getIssuer().getValue());
        
         List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
         if(assertions.size() == 0)
            throw new IllegalStateException("No assertions in reply from IDP");
        
         Object assertion = assertions.get(0);
         if(assertion instanceof EncryptedElementType)
View Full Code Here
118
119
120
121
122
123
124
125
126
127
128
129
130
   @Override
   protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
   {  
      Document samlResponse = samlDocumentHolder.getSamlDocument();
      ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
     
      String issuerID = response.getIssuer().getValue();
     
      if(issuerID == null)
         throw new IssuerNotTrustedException("Issue missing");
     
      URL issuerURL;
View Full Code Here
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
         byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
         InputStream is = new ByteArrayInputStream(base64DecodedResponse);

         SAML2Response saml2Response = new SAML2Response();
        
         ResponseType responseType = saml2Response.getResponseType(is);
        
         SAMLDocumentHolder samlDocumentHolder = saml2Response.getSamlDocumentHolder();
        
         boolean validSignature = this.verifySignature(samlDocumentHolder);
        
         if(validSignature == false)
            throw new IssuerNotTrustedException("Signature in saml document is invalid");
        
         this.isTrusted(responseType.getIssuer().getValue());
        
         List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
         if(assertions.size() == 0)
            throw new IllegalStateException("No assertions in reply from IDP");
        
         Object assertion = assertions.get(0);
         if(assertion instanceof EncryptedElementType)
View Full Code Here
TOP

Related Classes of org.picketlink.identity.federation.saml.v2.protocol.ResponseType

  • org.jboss.identity.federation.api.soap.SOAPSAMLXACML
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectWithSignatureValve
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve
  • org.jboss.identity.federation.bindings.tomcat.idp.IDPWebRequestUtil
  • org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator
  • org.jboss.identity.federation.bindings.tomcat.sp.SPPostSignatureFormAuthenticator
  • org.jboss.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator
  • org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory
  • org.jboss.identity.federation.web.filters.SPFilter
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.