protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOAgentException {
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer =
issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");
issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());
/* NameIDPolicy */
NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
nameIdPolicy.setSPNameQualifier("Issuer");
nameIdPolicy.setAllowCreate(true);
/* AuthnContextClass */
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
AuthnContextClassRef authnContextClassRef =
authnContextClassRefBuilder.buildObject(
"urn:oasis:names:tc:SAML:2.0:assertion", "AuthnContextClassRef", "saml");
authnContextClassRef.setAuthnContextClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
/* AuthnContex */
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
DateTime issueInstant = new DateTime();
/* Creation of AuthRequestObject */
AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
AuthnRequest authRequest =
authRequestBuilder.buildObject(
"urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest", "samlp");
authRequest.setForceAuthn(ssoAgentConfig.getSAML2().isForceAuthn());
authRequest.setIsPassive(ssoAgentConfig.getSAML2().isPassiveAuthn());
authRequest.setIssueInstant(issueInstant);
authRequest.setProtocolBinding(ssoAgentConfig.getSAML2().getHttpBinding());
authRequest.setAssertionConsumerServiceURL(ssoAgentConfig.getSAML2().getACSURL());
authRequest.setIssuer(issuer);
authRequest.setNameIDPolicy(nameIdPolicy);
authRequest.setRequestedAuthnContext(requestedAuthnContext);
authRequest.setID(SSOAgentUtils.createID());
authRequest.setVersion(SAMLVersion.VERSION_20);
authRequest.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
if (request.getAttribute(Extensions.LOCAL_NAME) != null) {
authRequest.setExtensions((Extensions) request.getAttribute(Extensions.LOCAL_NAME));
}
/* Requesting Attributes. This Index value is registered in the IDP */
if (ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex() != null
&& ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex().trim().length() > 0) {
authRequest.setAttributeConsumingServiceIndex(
Integer.parseInt(ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex()));
}
return authRequest;
}
private RequestedAuthnContext buildRequestedAuthnContext(AuthnRequest inboundAuthnRequest)
throws SAMLSSOException {
/* AuthnContext */
RequestedAuthnContextBuilder requestedAuthnContextBuilder = null;
RequestedAuthnContext requestedAuthnContext = null;
String includeAuthnContext =
properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.INCLUDE_AUTHN_CONTEXT);
if (StringUtils.isNotEmpty(includeAuthnContext)
&& "as_request".equalsIgnoreCase(includeAuthnContext)) {
if (inboundAuthnRequest != null) {
RequestedAuthnContext incomingRequestedAuthnContext =
inboundAuthnRequest.getRequestedAuthnContext();
if (incomingRequestedAuthnContext != null) {
requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
requestedAuthnContext.setDOM(incomingRequestedAuthnContext.getDOM());
}
}
} else if (StringUtils.isEmpty(includeAuthnContext)
|| "yes".equalsIgnoreCase(includeAuthnContext)) {
requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
/* AuthnContextClass */
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
AuthnContextClassRef authnContextClassRef =
authnContextClassRefBuilder.buildObject(
SAMLConstants.SAML20_NS,
AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME,
SAMLConstants.SAML20_PREFIX);
String authnContextClassProp =
properties.get(
IdentityApplicationConstants.Authenticator.SAML2SSO.AUTHENTICATION_CONTEXT_CLASS);
if (StringUtils.isNotEmpty(authnContextClassProp)) {
authnContextClassRef.setAuthnContextClassRef(
IdentityApplicationManagementUtil.getSAMLAuthnContextClasses()
.get(authnContextClassProp));
} else {
authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
}
/* Authentication Context Comparison Level */
String authnContextComparison =
properties.get(
IdentityApplicationConstants.Authenticator.SAML2SSO
.AUTHENTICATION_CONTEXT_COMPARISON_LEVEL);
if (StringUtils.isNotEmpty(authnContextComparison)) {
if (AuthnContextComparisonTypeEnumeration.EXACT
.toString()
.equalsIgnoreCase(authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
} else if (AuthnContextComparisonTypeEnumeration.MINIMUM
.toString()
.equalsIgnoreCase(authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
} else if (AuthnContextComparisonTypeEnumeration.MAXIMUM
.toString()
.equalsIgnoreCase(authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
} else if (AuthnContextComparisonTypeEnumeration.BETTER
.toString()
.equalsIgnoreCase(authnContextComparison)) {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
}
} else {
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
}
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
}
return requestedAuthnContext;
}
