/** * Tries to load peer SSL certificate from the inbound message transport using attribute * "javax.servlet.request.X509Certificate". If found sets peerSSLCredential in the context. * * @param samlContext context to populate */ protected void populatePeerSSLCredential(SAMLMessageContext samlContext) { X509Certificate[] chain = (X509Certificate[]) samlContext .getInboundMessageTransport() .getAttribute(ServletRequestX509CredentialAdapter.X509_CERT_REQUEST_ATTRIBUTE); if (chain != null && chain.length > 0) { logger.debug("Found certificate chain from request {}", chain[0]); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(chain[0]); credential.setEntityCertificateChain(Arrays.asList(chain)); samlContext.setPeerSSLCredential(credential); } }
/** * Loads the IDP_PARAMETER from the request and if it is not null verifies whether IDP with this * value is valid IDP in our circle of trust. Processing fails when IDP is not valid. IDP is set * as PeerEntityId in the context. * * <p>If request parameter is null the default IDP is returned. * * @param context context to populate ID for * @throws MetadataProviderException in case provided IDP value is invalid */ protected void populatePeerEntityId(SAMLMessageContext context) throws MetadataProviderException { String idp = ((HTTPInTransport) context.getInboundMessageTransport()) .getParameterValue(SAMLEntryPoint.IDP_PARAMETER); if (idp != null) { if (!metadata.isIDPValid(idp)) { logger.debug("User specified IDP {} is invalid", idp); throw new MetadataProviderException("Specified IDP is not valid: " + idp); } else { logger.debug("Using user specified IDP {}", idp); context.setPeerUserSelected(true); } } else { idp = metadata.getDefaultIDP(); logger.debug("No IDP specified, using default {}", idp); context.setPeerUserSelected(false); } context.setPeerEntityId(idp); context.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); }