protected Extensions getSAMLExtensions(HttpServletRequest request) {
try {
String samlRequest = request.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ);
if (samlRequest == null) {
samlRequest = (String) request.getAttribute(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ);
}
if (samlRequest != null) {
XMLObject xmlObject;
if (SSOConstants.HTTP_POST.equals(request.getMethod())) {
xmlObject = unmarshall(SSOUtils.decodeForPost(samlRequest));
} else {
xmlObject = unmarshall(SSOUtils.decode(samlRequest));
}
if (xmlObject instanceof AuthnRequest) {
AuthnRequest authnRequest = (AuthnRequest) xmlObject;
Extensions oldExtensions = authnRequest.getExtensions();
if (oldExtensions != null) {
ExtensionsBuilder extBuilder = new ExtensionsBuilder();
Extensions extensions =
extBuilder.buildObject(
SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
extensions.setDOM(oldExtensions.getDOM());
return extensions;
}
}
}
} catch (Exception e) { // TODO IDENTITY-2421
// ignore
log.debug("Error while loading SAML Extensions", e);
}
return null;
}
public List<EntityDescriptor> filterEntityCategory(
List<EntityDescriptor> entities, String category) {
List<EntityDescriptor> returnList = new ArrayList<EntityDescriptor>();
for (EntityDescriptor entity : entities) {
Extensions extensions = entity.getExtensions();
List<XMLObject> extObjs = extensions.getOrderedChildren();
for (XMLObject xmlObject : extObjs) {
if (xmlObject instanceof EntityAttributes) {
EntityAttributes entityAttrs = (EntityAttributes) xmlObject;
for (Attribute attr : entityAttrs.getAttributes()) {
if ("http://macedir.org/entity-category".equals(attr.getName())) {
for (XMLObject value : attr.getAttributeValues()) {
if (value instanceof XSAny) {
XSAny any = (XSAny) value;
if (category.equals(any.getTextContent())) {
returnList.add(entity);
}
}
}
}
}
}
}
}
return returnList;
}
protected Extensions getSAMLExtensions(AuthnRequest inboundAuthnRequest) {
Extensions extensions = null;
Extensions oldExtensions = inboundAuthnRequest.getExtensions();
if (oldExtensions != null) {
ExtensionsBuilder extBuilder = new ExtensionsBuilder();
extensions =
extBuilder.buildObject(
SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
extensions.setDOM(oldExtensions.getDOM());
}
return extensions;
}
public Set<SamlIdpScopeEntity> getScopes(EntityDescriptor entityDesc, SamlIdpMetadataEntity idp) {
Set<SamlIdpScopeEntity> scopeList = new HashSet<SamlIdpScopeEntity>();
IDPSSODescriptor idpsso = entityDesc.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpsso != null) {
Extensions extensions = idpsso.getExtensions();
List<XMLObject> scopes =
extensions.getUnknownXMLObjects(new QName("urn:mace:shibboleth:metadata:1.0", "Scope"));
for (XMLObject xmlObject : scopes) {
if (xmlObject instanceof XSAny) {
XSAny any = (XSAny) xmlObject;
SamlIdpScopeEntity scope = new SamlIdpScopeEntity();
scope.setScope(any.getTextContent());
scope.setRegex(false);
scope.setIdp(idp);
scopeList.add(scope);
}
}
}
return scopeList;
}
/**
* Returns AuthnRequest SAML message to be used to demand authentication from an IDP described
* using idpEntityDescriptor, with an expected response to the assertionConsumer address.
*
* @param context message context
* @param options preferences of message creation
* @param assertionConsumer assertion consumer where the IDP should respond
* @param bindingService service used to deliver the request
* @return authnRequest ready to be sent to IDP
* @throws SAMLException error creating the message
* @throws MetadataProviderException error retreiving metadata
*/
protected AuthnRequest getAuthnRequest(
SAMLMessageContext context,
WebSSOProfileOptions options,
AssertionConsumerService assertionConsumer,
SingleSignOnService bindingService)
throws SAMLException, MetadataProviderException {
SAMLObjectBuilder<AuthnRequest> builder =
(SAMLObjectBuilder<AuthnRequest>)
builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
AuthnRequest request = builder.buildObject();
request.setIsPassive(options.getPassive());
request.setForceAuthn(options.getForceAuthN());
request.setProviderName(options.getProviderName());
request.setVersion(SAMLVersion.VERSION_20);
if (options.getIncludeEidas()) {
// ne sert à rien
// request.setAssertionConsumerServiceURL(options.getIssuer());
// IssuerBuilder issuerBuilder = new IssuerBuilder();
// Issuer issuer = issuerBuilder.buildObject();
// issuer.setFormat(NAME_ISSUER_FORMAT_EIDAS);
// log.debug("issuer="+options.getIssuer());
// issuer.setValue(options.getIssuer());
// request.setIssuer(issuer);
NameIDPolicy nameIDPolicy = new NameIDPolicyBuilder().buildObject();
nameIDPolicy.setFormat(NAME_POLICY_FORMAT_EIDAS);
nameIDPolicy.setAllowCreate(true);
request.setNameIDPolicy(nameIDPolicy);
QName eidas = new QName("xmlns:eidas", "http://eidas.europa.eu/saml-extensions");
request.getNamespaceManager().registerAttributeName(eidas);
Extensions extEidas =
new ExtensionsBuilder()
.buildObject("urn:oasis:names:tc:SAML:2.0:protocol", "Extensions", "saml2p");
// Extensions extEidas = new EidasExtensions();
Collection<String> colAttr = options.getEidasAttributes();
// XSAnyBuilder raBuild = new XSAnyBuilder();
// <eidas:SPType>public</eidas:SPType>
SPType pub =
new SPTypeBuilder()
.buildObject("http://eidas.europa.eu/saml-extensions", "SPType", "eidas");
// pub.setTextContent(EIDAS_PUBLIC);
pub.setSPType(EIDAS_PUBLIC);
// XSAny attrs = new XSAnyBuilder().buildObject("http://eidas.europa.eu/saml-extensions",
// "RequestedAttributes", "eidas");
extEidas.getUnknownXMLObjects().add(pub);
// XSAnyBuilder anyBuilder = (XSAnyBuilder)
// Configuration.getBuilderFactory().getBuilder(XSAny.TYPE_NAME);
String resAttrs =
"<eidas:RequestedAttributes xmlns:eidas=\"http://eidas.europa.eu/saml-extensions\">";
for (String attr : colAttr) {
resAttrs += oneAttribute(attr);
}
resAttrs += "</eidas:RequestedAttributes>";
log.debug("resAttrs=" + resAttrs);
EidasExtensionConfiguration eidasExt = new EidasExtensionConfiguration();
eidasExt.configureExtension();
SAMLSchemaBuilder.addExtensionSchema("/schema/saml_eidas_extension.xsd");
BasicParserPool ppMgr = new BasicParserPool();
ppMgr.setNamespaceAware(true);
try {
ppMgr.setSchema(SAMLSchemaBuilder.getSAML11Schema());
} catch (SAXException ex) {
log.error("Erreur schema=" + ex);
return null;
}
InputStream is = new ByteArrayInputStream(resAttrs.getBytes());
Document domAttrsRaq = null;
try {
domAttrsRaq = ppMgr.parse(is);
} catch (XMLParserException e) {
log.error("Erreur dom=" + e);
return null;
}
if (domAttrsRaq == null) {
log.error("Erreur dom vide");
return null;
}
RequestedAttributesUnmarshaller unMars = new RequestedAttributesUnmarshaller();
XMLObject attrs = null;
try {
attrs = unMars.unmarshall(domAttrsRaq.getDocumentElement());
} catch (UnmarshallingException e) {
System.err.println("Erreur unMarsh error=" + e);
}
extEidas.getUnknownXMLObjects().add(attrs);
request.setExtensions(extEidas);
}
buildCommonAttributes(context.getLocalEntityId(), request, bindingService);
buildScoping(request, bindingService, options);
builNameIDPolicy(request, options);
buildAuthnContext(request, options);
buildReturnAddress(request, assertionConsumer);
return request;
}