Ejemplo n.º 1
0
  /** {@inheritDoc} */
  protected void doEncode(MessageContext messageContext) throws MessageEncodingException {
    if (!(messageContext instanceof SAMLMessageContext)) {
      log.error("Invalid message context type, this encoder only support SAMLMessageContext");
      throw new MessageEncodingException(
          "Invalid message context type, this encoder only support SAMLMessageContext");
    }

    if (!(messageContext.getOutboundMessageTransport() instanceof HTTPOutTransport)) {
      log.error(
          "Invalid outbound message transport type, this encoder only support HTTPOutTransport");
      throw new MessageEncodingException(
          "Invalid outbound message transport type, this encoder only support HTTPOutTransport");
    }

    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;

    String endpointURL = getEndpointURL(samlMsgCtx);

    setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);

    removeSignature(samlMsgCtx);

    String encodedMessage = deflateAndBase64Encode(samlMsgCtx.getOutboundSAMLMessage());

    String redirectURL = buildRedirectURL(samlMsgCtx, endpointURL, encodedMessage);

    HTTPOutTransport out = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
    HTTPTransportUtils.addNoCacheHeaders(out);
    HTTPTransportUtils.setUTF8Encoding(out);

    out.sendRedirect(redirectURL);
  }
  /**
   * Adds an IdP session cookie to the outbound response.
   *
   * @param httpRequest current request
   * @param httpResponse current response
   * @param userSession user's session
   */
  protected void addSessionCookie(
      HttpServletRequest httpRequest, HttpServletResponse httpResponse, Session userSession) {
    httpRequest.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, userSession);

    byte[] remoteAddress = httpRequest.getRemoteAddr().getBytes();
    byte[] sessionId = userSession.getSessionID().getBytes();

    String signature = null;
    try {
      MessageDigest digester = MessageDigest.getInstance("SHA");
      digester.update(userSession.getSessionSecret());
      digester.update(remoteAddress);
      digester.update(sessionId);
      signature = Base64.encodeBytes(digester.digest());
    } catch (GeneralSecurityException e) {
      LOG.error("Unable to compute signature over session cookie material", e);
    }

    LOG.debug("Adding IdP session cookie to HTTP response");
    StringBuilder cookieValue = new StringBuilder();
    cookieValue.append(Base64.encodeBytes(remoteAddress, Base64.DONT_BREAK_LINES)).append("|");
    cookieValue.append(Base64.encodeBytes(sessionId, Base64.DONT_BREAK_LINES)).append("|");
    cookieValue.append(signature);

    String cookieDomain = HttpServletHelper.getCookieDomain(context);

    Cookie sessionCookie =
        new Cookie(IDP_SESSION_COOKIE_NAME, HTTPTransportUtils.urlEncode(cookieValue.toString()));
    sessionCookie.setVersion(1);
    if (cookieDomain != null) {
      sessionCookie.setDomain(cookieDomain);
    }
    sessionCookie.setPath(
        "".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
    sessionCookie.setSecure(httpRequest.isSecure());
    httpResponse.addCookie(sessionCookie);
  }