コード例 #1
0
  protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOAgentException {

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer =
        issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");
    issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());

    /* NameIDPolicy */
    NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
    NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
    nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
    nameIdPolicy.setSPNameQualifier("Issuer");
    nameIdPolicy.setAllowCreate(true);

    /* AuthnContextClass */
    AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
    AuthnContextClassRef authnContextClassRef =
        authnContextClassRefBuilder.buildObject(
            "urn:oasis:names:tc:SAML:2.0:assertion", "AuthnContextClassRef", "saml");
    authnContextClassRef.setAuthnContextClassRef(
        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");

    /* AuthnContex */
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
    RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);

    DateTime issueInstant = new DateTime();

    /* Creation of AuthRequestObject */
    AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    AuthnRequest authRequest =
        authRequestBuilder.buildObject(
            "urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest", "samlp");

    authRequest.setForceAuthn(ssoAgentConfig.getSAML2().isForceAuthn());
    authRequest.setIsPassive(ssoAgentConfig.getSAML2().isPassiveAuthn());
    authRequest.setIssueInstant(issueInstant);
    authRequest.setProtocolBinding(ssoAgentConfig.getSAML2().getHttpBinding());
    authRequest.setAssertionConsumerServiceURL(ssoAgentConfig.getSAML2().getACSURL());
    authRequest.setIssuer(issuer);
    authRequest.setNameIDPolicy(nameIdPolicy);
    authRequest.setRequestedAuthnContext(requestedAuthnContext);
    authRequest.setID(SSOAgentUtils.createID());
    authRequest.setVersion(SAMLVersion.VERSION_20);
    authRequest.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
    if (request.getAttribute(Extensions.LOCAL_NAME) != null) {
      authRequest.setExtensions((Extensions) request.getAttribute(Extensions.LOCAL_NAME));
    }

    /* Requesting Attributes. This Index value is registered in the IDP */
    if (ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex() != null
        && ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex().trim().length() > 0) {
      authRequest.setAttributeConsumingServiceIndex(
          Integer.parseInt(ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex()));
    }

    return authRequest;
  }
コード例 #2
0
  private RequestedAuthnContext buildRequestedAuthnContext(AuthnRequest inboundAuthnRequest)
      throws SAMLSSOException {

    /* AuthnContext */
    RequestedAuthnContextBuilder requestedAuthnContextBuilder = null;
    RequestedAuthnContext requestedAuthnContext = null;

    String includeAuthnContext =
        properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_AUTHN_CONTEXT);

    if (StringUtils.isNotEmpty(includeAuthnContext)
        && "as_request".equalsIgnoreCase(includeAuthnContext)) {
      if (inboundAuthnRequest != null) {
        RequestedAuthnContext incomingRequestedAuthnContext =
            inboundAuthnRequest.getRequestedAuthnContext();
        if (incomingRequestedAuthnContext != null) {
          requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
          requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
          requestedAuthnContext.setDOM(incomingRequestedAuthnContext.getDOM());
        }
      }
    } else if (StringUtils.isEmpty(includeAuthnContext)
        || "yes".equalsIgnoreCase(includeAuthnContext)) {
      requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
      requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
      /* AuthnContextClass */
      AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
      AuthnContextClassRef authnContextClassRef =
          authnContextClassRefBuilder.buildObject(
              SAMLConstants.SAML20_NS,
              AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME,
              SAMLConstants.SAML20_PREFIX);

      String authnContextClassProp =
          properties.get(
              IdentityApplicationConstants.Authenticator.SAML2SSO.AUTHENTICATION_CONTEXT_CLASS);

      if (StringUtils.isNotEmpty(authnContextClassProp)) {
        authnContextClassRef.setAuthnContextClassRef(
            IdentityApplicationManagementUtil.getSAMLAuthnContextClasses()
                .get(authnContextClassProp));
      } else {
        authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
      }

      /* Authentication Context Comparison Level */
      String authnContextComparison =
          properties.get(
              IdentityApplicationConstants.Authenticator.SAML2SSO
                  .AUTHENTICATION_CONTEXT_COMPARISON_LEVEL);

      if (StringUtils.isNotEmpty(authnContextComparison)) {
        if (AuthnContextComparisonTypeEnumeration.EXACT
            .toString()
            .equalsIgnoreCase(authnContextComparison)) {
          requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        } else if (AuthnContextComparisonTypeEnumeration.MINIMUM
            .toString()
            .equalsIgnoreCase(authnContextComparison)) {
          requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
        } else if (AuthnContextComparisonTypeEnumeration.MAXIMUM
            .toString()
            .equalsIgnoreCase(authnContextComparison)) {
          requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
        } else if (AuthnContextComparisonTypeEnumeration.BETTER
            .toString()
            .equalsIgnoreCase(authnContextComparison)) {
          requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
        }
      } else {
        requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
      }
      requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
    }
    return requestedAuthnContext;
  }