protected Extensions getSAMLExtensions(HttpServletRequest request) {

    try {
      String samlRequest = request.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ);
      if (samlRequest == null) {
        samlRequest = (String) request.getAttribute(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ);
      }

      if (samlRequest != null) {
        XMLObject xmlObject;
        if (SSOConstants.HTTP_POST.equals(request.getMethod())) {
          xmlObject = unmarshall(SSOUtils.decodeForPost(samlRequest));
        } else {
          xmlObject = unmarshall(SSOUtils.decode(samlRequest));
        }
        if (xmlObject instanceof AuthnRequest) {
          AuthnRequest authnRequest = (AuthnRequest) xmlObject;
          Extensions oldExtensions = authnRequest.getExtensions();
          if (oldExtensions != null) {
            ExtensionsBuilder extBuilder = new ExtensionsBuilder();
            Extensions extensions =
                extBuilder.buildObject(
                    SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
            extensions.setDOM(oldExtensions.getDOM());
            return extensions;
          }
        }
      }
    } catch (Exception e) { // TODO IDENTITY-2421
      // ignore
      log.debug("Error while loading SAML Extensions", e);
    }

    return null;
  }
Beispiel #2
0
  public List<EntityDescriptor> filterEntityCategory(
      List<EntityDescriptor> entities, String category) {
    List<EntityDescriptor> returnList = new ArrayList<EntityDescriptor>();

    for (EntityDescriptor entity : entities) {
      Extensions extensions = entity.getExtensions();
      List<XMLObject> extObjs = extensions.getOrderedChildren();
      for (XMLObject xmlObject : extObjs) {
        if (xmlObject instanceof EntityAttributes) {
          EntityAttributes entityAttrs = (EntityAttributes) xmlObject;
          for (Attribute attr : entityAttrs.getAttributes()) {
            if ("http://macedir.org/entity-category".equals(attr.getName())) {
              for (XMLObject value : attr.getAttributeValues()) {
                if (value instanceof XSAny) {
                  XSAny any = (XSAny) value;
                  if (category.equals(any.getTextContent())) {
                    returnList.add(entity);
                  }
                }
              }
            }
          }
        }
      }
    }

    return returnList;
  }
  protected Extensions getSAMLExtensions(AuthnRequest inboundAuthnRequest) {

    Extensions extensions = null;
    Extensions oldExtensions = inboundAuthnRequest.getExtensions();
    if (oldExtensions != null) {
      ExtensionsBuilder extBuilder = new ExtensionsBuilder();
      extensions =
          extBuilder.buildObject(
              SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
      extensions.setDOM(oldExtensions.getDOM());
    }
    return extensions;
  }
Beispiel #4
0
  public Set<SamlIdpScopeEntity> getScopes(EntityDescriptor entityDesc, SamlIdpMetadataEntity idp) {
    Set<SamlIdpScopeEntity> scopeList = new HashSet<SamlIdpScopeEntity>();

    IDPSSODescriptor idpsso = entityDesc.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
    if (idpsso != null) {
      Extensions extensions = idpsso.getExtensions();
      List<XMLObject> scopes =
          extensions.getUnknownXMLObjects(new QName("urn:mace:shibboleth:metadata:1.0", "Scope"));
      for (XMLObject xmlObject : scopes) {
        if (xmlObject instanceof XSAny) {
          XSAny any = (XSAny) xmlObject;
          SamlIdpScopeEntity scope = new SamlIdpScopeEntity();
          scope.setScope(any.getTextContent());
          scope.setRegex(false);
          scope.setIdp(idp);
          scopeList.add(scope);
        }
      }
    }

    return scopeList;
  }
  /**
   * Returns AuthnRequest SAML message to be used to demand authentication from an IDP described
   * using idpEntityDescriptor, with an expected response to the assertionConsumer address.
   *
   * @param context message context
   * @param options preferences of message creation
   * @param assertionConsumer assertion consumer where the IDP should respond
   * @param bindingService service used to deliver the request
   * @return authnRequest ready to be sent to IDP
   * @throws SAMLException error creating the message
   * @throws MetadataProviderException error retreiving metadata
   */
  protected AuthnRequest getAuthnRequest(
      SAMLMessageContext context,
      WebSSOProfileOptions options,
      AssertionConsumerService assertionConsumer,
      SingleSignOnService bindingService)
      throws SAMLException, MetadataProviderException {

    SAMLObjectBuilder<AuthnRequest> builder =
        (SAMLObjectBuilder<AuthnRequest>)
            builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    AuthnRequest request = builder.buildObject();

    request.setIsPassive(options.getPassive());
    request.setForceAuthn(options.getForceAuthN());
    request.setProviderName(options.getProviderName());
    request.setVersion(SAMLVersion.VERSION_20);
    if (options.getIncludeEidas()) {
      // ne sert à rien
      //            request.setAssertionConsumerServiceURL(options.getIssuer());
      //            IssuerBuilder issuerBuilder = new IssuerBuilder();
      //            Issuer issuer = issuerBuilder.buildObject();
      //            issuer.setFormat(NAME_ISSUER_FORMAT_EIDAS);
      //            log.debug("issuer="+options.getIssuer());
      //            issuer.setValue(options.getIssuer());
      //            request.setIssuer(issuer);
      NameIDPolicy nameIDPolicy = new NameIDPolicyBuilder().buildObject();
      nameIDPolicy.setFormat(NAME_POLICY_FORMAT_EIDAS);
      nameIDPolicy.setAllowCreate(true);
      request.setNameIDPolicy(nameIDPolicy);
      QName eidas = new QName("xmlns:eidas", "http://eidas.europa.eu/saml-extensions");
      request.getNamespaceManager().registerAttributeName(eidas);
      Extensions extEidas =
          new ExtensionsBuilder()
              .buildObject("urn:oasis:names:tc:SAML:2.0:protocol", "Extensions", "saml2p");
      // Extensions extEidas = new EidasExtensions();
      Collection<String> colAttr = options.getEidasAttributes();
      // XSAnyBuilder raBuild = new XSAnyBuilder();
      // <eidas:SPType>public</eidas:SPType>
      SPType pub =
          new SPTypeBuilder()
              .buildObject("http://eidas.europa.eu/saml-extensions", "SPType", "eidas");
      // pub.setTextContent(EIDAS_PUBLIC);
      pub.setSPType(EIDAS_PUBLIC);
      // XSAny attrs = new XSAnyBuilder().buildObject("http://eidas.europa.eu/saml-extensions",
      // "RequestedAttributes", "eidas");
      extEidas.getUnknownXMLObjects().add(pub);
      // XSAnyBuilder anyBuilder = (XSAnyBuilder)
      // Configuration.getBuilderFactory().getBuilder(XSAny.TYPE_NAME);
      String resAttrs =
          "<eidas:RequestedAttributes xmlns:eidas=\"http://eidas.europa.eu/saml-extensions\">";
      for (String attr : colAttr) {
        resAttrs += oneAttribute(attr);
      }
      resAttrs += "</eidas:RequestedAttributes>";
      log.debug("resAttrs=" + resAttrs);
      EidasExtensionConfiguration eidasExt = new EidasExtensionConfiguration();
      eidasExt.configureExtension();
      SAMLSchemaBuilder.addExtensionSchema("/schema/saml_eidas_extension.xsd");
      BasicParserPool ppMgr = new BasicParserPool();
      ppMgr.setNamespaceAware(true);
      try {
        ppMgr.setSchema(SAMLSchemaBuilder.getSAML11Schema());
      } catch (SAXException ex) {
        log.error("Erreur schema=" + ex);
        return null;
      }
      InputStream is = new ByteArrayInputStream(resAttrs.getBytes());
      Document domAttrsRaq = null;
      try {
        domAttrsRaq = ppMgr.parse(is);
      } catch (XMLParserException e) {
        log.error("Erreur dom=" + e);
        return null;
      }
      if (domAttrsRaq == null) {
        log.error("Erreur dom vide");
        return null;
      }
      RequestedAttributesUnmarshaller unMars = new RequestedAttributesUnmarshaller();
      XMLObject attrs = null;
      try {
        attrs = unMars.unmarshall(domAttrsRaq.getDocumentElement());
      } catch (UnmarshallingException e) {
        System.err.println("Erreur unMarsh error=" + e);
      }

      extEidas.getUnknownXMLObjects().add(attrs);
      request.setExtensions(extEidas);
    }
    buildCommonAttributes(context.getLocalEntityId(), request, bindingService);

    buildScoping(request, bindingService, options);
    builNameIDPolicy(request, options);
    buildAuthnContext(request, options);
    buildReturnAddress(request, assertionConsumer);

    return request;
  }