protected LogoutRequest buildLogoutRequest(String user, String sessionIdx)
      throws SSOAgentException {

    LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();

    logoutReq.setID(SSOAgentUtils.createID());
    logoutReq.setDestination(ssoAgentConfig.getSAML2().getIdPURL());

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());
    logoutReq.setIssuer(issuer);

    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
    nameId.setValue(user);
    logoutReq.setNameID(nameId);

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
    sessionIndex.setSessionIndex(sessionIdx);
    logoutReq.getSessionIndexes().add(sessionIndex);

    logoutReq.setReason("Single Logout");

    return logoutReq;
  }
  protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOAgentException {

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer =
        issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");
    issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());

    /* NameIDPolicy */
    NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
    NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
    nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
    nameIdPolicy.setSPNameQualifier("Issuer");
    nameIdPolicy.setAllowCreate(true);

    /* AuthnContextClass */
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    AuthnContextClassRef authnContextClassRef =
        authnContextClassRefBuilder.buildObject(
            "urn:oasis:names:tc:SAML:2.0:assertion", "AuthnContextClassRef", "saml");
    authnContextClassRef.setAuthnContextClassRef(
        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");

    /* AuthnContex */
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);

    DateTime issueInstant = new DateTime();

    /* Creation of AuthRequestObject */
    AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    AuthnRequest authRequest =
        authRequestBuilder.buildObject(
            "urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest", "samlp");

    authRequest.setForceAuthn(ssoAgentConfig.getSAML2().isForceAuthn());
    authRequest.setIsPassive(ssoAgentConfig.getSAML2().isPassiveAuthn());
    authRequest.setIssueInstant(issueInstant);
    authRequest.setProtocolBinding(ssoAgentConfig.getSAML2().getHttpBinding());
    authRequest.setAssertionConsumerServiceURL(ssoAgentConfig.getSAML2().getACSURL());
    authRequest.setIssuer(issuer);
    authRequest.setNameIDPolicy(nameIdPolicy);
    authRequest.setRequestedAuthnContext(requestedAuthnContext);
    authRequest.setID(SSOAgentUtils.createID());
    authRequest.setVersion(SAMLVersion.VERSION_20);
    authRequest.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
    if (request.getAttribute(Extensions.LOCAL_NAME) != null) {
      authRequest.setExtensions((Extensions) request.getAttribute(Extensions.LOCAL_NAME));
    }

    /* Requesting Attributes. This Index value is registered in the IDP */
    if (ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex() != null
        && ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex().trim().length() > 0) {
      authRequest.setAttributeConsumingServiceIndex(
          Integer.parseInt(ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex()));
    }

    return authRequest;
  }
Ejemplo n.º 3
0
  /*
   * Create the AuthnRequest
   */
  public AuthnRequestImpl buildAuthnRequest() throws ValidationException {
    // Use the OpenSAML Configuration singleton to get a builder factory object
    final XMLObjectBuilderFactory xmlObjectBuilderFactory = Configuration.getBuilderFactory();
    // First get a builder for AuthnRequest
    final AuthnRequestBuilder authnRequestBuilder =
        (AuthnRequestBuilder) xmlObjectBuilderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);

    // And one for Issuer
    final IssuerBuilder issuerBuilder =
        (IssuerBuilder) xmlObjectBuilderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);

    // get a builder for NameID
    final NameIDBuilder nameIDBuilder =
        (NameIDBuilder) xmlObjectBuilderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);

    // build a NameID object
    final NameID nameID = nameIDBuilder.buildObject();
    nameID.setFormat(NameIDType.PERSISTENT);
    nameID.setSPProvidedID("https://aa.bb.cc/sp/provider");
    nameID.setSPNameQualifier("https://aa.bb.cc/sp/provider");

    // get a builder for Subject
    final SubjectBuilder subjectBuilder =
        (SubjectBuilder) xmlObjectBuilderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);

    // build a Subject object
    final Subject subject = subjectBuilder.buildObject();
    subject.setNameID(nameID);

    // build an AuthnRequest object
    final AuthnRequestImpl authnRequest = (AuthnRequestImpl) authnRequestBuilder.buildObject();

    // Build the Issuer object
    final Issuer newIssuer = issuerBuilder.buildObject();
    newIssuer.setValue("https://aa.bb.cc/sp/provideraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
    authnRequest.setIssuer(newIssuer);
    authnRequest.setProviderName("https://aa.bb.cc/sp/provider");
    authnRequest.setAssertionConsumerServiceURL("1");
    authnRequest.setDestination("https://aa.bb.cc/sp/provider");
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
    authnRequest.setSubject(subject);
    // Only add the parameter if it is true.
    //        if (forceReAuthentication == true) {
    authnRequest.setForceAuthn(true);
    //        }

    authnRequest.setVersion(org.opensaml.common.SAMLVersion.VERSION_20);
    final DateTime dateTime = new DateTime();
    authnRequest.setIssueInstant(dateTime);
    authnRequest.setID(UUID.randomUUID().toString());

    authnRequest.validate(true);

    return authnRequest;
  }
  private LogoutRequest buildLogoutRequest(
      String user,
      String sessionIndexStr,
      String idpUrl,
      String nameQualifier,
      String spNameQualifier)
      throws SAMLSSOException {

    LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();

    logoutReq.setID(SSOUtils.createID());
    logoutReq.setDestination(idpUrl);

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();

    String spEntityId =
        properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);

    if (spEntityId != null && !spEntityId.isEmpty()) {
      issuer.setValue(spEntityId);
    } else {
      issuer.setValue("carbonServer");
    }

    logoutReq.setIssuer(issuer);

    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setFormat(NameIDType.UNSPECIFIED);
    nameId.setValue(user);
    nameId.setNameQualifier(nameQualifier);
    nameId.setSPNameQualifier(spNameQualifier);
    logoutReq.setNameID(nameId);

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();

    if (sessionIndexStr != null) {
      sessionIndex.setSessionIndex(sessionIndexStr);
    } else {
      sessionIndex.setSessionIndex(UUID.randomUUID().toString());
    }

    logoutReq.getSessionIndexes().add(sessionIndex);
    logoutReq.setReason("Single Logout");

    return logoutReq;
  }
  private AuthnRequest buildAuthnRequest(
      HttpServletRequest request, boolean isPassive, String idpUrl, AuthenticationContext context)
      throws SAMLSSOException {

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer =
        issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");

    String spEntityId =
        properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);

    if (spEntityId != null && !spEntityId.isEmpty()) {
      issuer.setValue(spEntityId);
    } else {
      issuer.setValue("carbonServer");
    }

    DateTime issueInstant = new DateTime();

    /* Creation of AuthRequestObject */
    AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    AuthnRequest authRequest =
        authRequestBuilder.buildObject(
            "urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest", "samlp");
    authRequest.setForceAuthn(isForceAuthenticate(context));
    authRequest.setIsPassive(isPassive);
    authRequest.setIssueInstant(issueInstant);

    String includeProtocolBindingProp =
        properties.get(
            IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_PROTOCOL_BINDING);
    if (StringUtils.isEmpty(includeProtocolBindingProp)
        || Boolean.parseBoolean(includeProtocolBindingProp)) {
      authRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
    }

    String acsUrl = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH);

    authRequest.setAssertionConsumerServiceURL(acsUrl);
    authRequest.setIssuer(issuer);
    authRequest.setID(SSOUtils.createID());
    authRequest.setVersion(SAMLVersion.VERSION_20);
    authRequest.setDestination(idpUrl);

    String attributeConsumingServiceIndexProp =
        properties.get(
            IdentityApplicationConstants.Authenticator.SAML2SSO.ATTRIBUTE_CONSUMING_SERVICE_INDEX);
    if (StringUtils.isNotEmpty(attributeConsumingServiceIndexProp)) {
      try {
        authRequest.setAttributeConsumingServiceIndex(
            Integer.valueOf(attributeConsumingServiceIndexProp));
      } catch (NumberFormatException e) {
        log.error(
            "Error while populating SAMLRequest with AttributeConsumingServiceIndex: "
                + attributeConsumingServiceIndexProp,
            e);
      }
    }

    String includeNameIDPolicyProp =
        properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_NAME_ID_POLICY);
    if (StringUtils.isEmpty(includeNameIDPolicyProp)
        || Boolean.parseBoolean(includeNameIDPolicyProp)) {
      NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
      NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
      nameIdPolicy.setFormat(NameIDType.UNSPECIFIED);
      // nameIdPolicy.setSPNameQualifier("Issuer");
      nameIdPolicy.setAllowCreate(true);
      authRequest.setNameIDPolicy(nameIdPolicy);
    }

    // Get the inbound SAMLRequest
    AuthnRequest inboundAuthnRequest = getAuthnRequest(context);

    RequestedAuthnContext requestedAuthnContext = buildRequestedAuthnContext(inboundAuthnRequest);
    if (requestedAuthnContext != null) {
      authRequest.setRequestedAuthnContext(requestedAuthnContext);
    }

    Extensions extensions = getSAMLExtensions(request);
    if (extensions != null) {
      authRequest.setExtensions(extensions);
    }

    return authRequest;
  }