/**
* Send a response
*
* @param holder
* @throws GeneralSecurityException
* @throws IOException
*/
public void send(WebRequestUtilHolder holder) throws GeneralSecurityException, IOException {
Document responseDoc = holder.getResponseDoc();
if (responseDoc == null) throw logger.nullValueError("responseType");
String destination = holder.getDestination();
String relayState = holder.getRelayState();
boolean supportSignature = holder.isSupportSignature();
boolean sendRequest = holder.isAreWeSendingRequest();
HttpServletResponse response = holder.getServletResponse();
boolean isErrorResponse = holder.isErrorResponse();
if (holder.isPostBindingRequested() == false && !holder.isStrictPostBinding()) {
String finalDest = null;
// This is the case with whole queryString including signature already generated by
// SAML2SignatureGenerationHandler
if (holder.getDestinationQueryStringWithSignature() != null) {
finalDest = destination + "?" + holder.getDestinationQueryStringWithSignature();
}
// This is the case without signature
else {
byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
if (isNotNull(relayState)) relayState = RedirectBindingUtil.urlEncode(relayState);
finalDest =
destination
+ getDestination(
urlEncodedResponse, relayState, supportSignature, sendRequest, isErrorResponse);
}
logger.trace("Destination = " + finalDest);
HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
} else {
if (logger.isTraceEnabled()) {
logger.trace("SAML Response Document: " + DocumentUtil.asString(responseDoc));
}
byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));
PostBindingUtil.sendPost(
new DestinationInfoHolder(destination, samlResponse, relayState), response, sendRequest);
}
}
protected void sendHttpPostBindingRequest(
String destination,
Document samlDocument,
String relayState,
HttpServletResponse response,
boolean willSendRequest)
throws ProcessingException, IOException, ConfigurationException {
String samlMessage =
PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
DestinationInfoHolder destinationHolder =
new DestinationInfoHolder(destination, samlMessage, relayState);
PostBindingUtil.sendPost(destinationHolder, response, willSendRequest);
}
protected void sendToDestination(
Document samlDocument,
String relayState,
String destination,
HttpServletResponse response,
boolean request)
throws IOException, SAXException, GeneralSecurityException {
if (!ignoreSignatures) {
SAML2Signature samlSignature = new SAML2Signature();
Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);
if (nextSibling != null) {
samlSignature.setNextSibling(nextSibling);
}
KeyPair keypair = keyManager.getSigningKeyPair();
samlSignature.signSAMLDocument(samlDocument, keypair);
}
String samlMessage =
PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
PostBindingUtil.sendPost(
new DestinationInfoHolder(destination, samlMessage, relayState), response, request);
}
public RequestAbstractType getSAMLRequest(String samlMessage)
throws ParsingException, ConfigurationException, ProcessingException {
InputStream is = null;
SAML2Request saml2Request = new SAML2Request();
if (redirectProfile) {
try {
is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
} catch (Exception e) {
logger.samlParsingError(e);
throw logger.parserError(e);
}
} else {
byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
logger.trace("SAML Request Document: " + new String(samlBytes));
is = new ByteArrayInputStream(samlBytes);
}
return saml2Request.getRequestType(is);
}
private Document toSAMLResponseDocument(String samlResponse, boolean isPostBinding)
throws ParsingException {
InputStream dataStream = null;
if (isPostBinding) {
// deal with SAML response from IDP
dataStream = PostBindingUtil.base64DecodeAsStream(samlResponse);
} else {
// deal with SAML response from IDP
dataStream = RedirectBindingUtil.base64DeflateDecode(samlResponse);
}
try {
return DocumentUtil.getDocument(dataStream);
} catch (Exception e) {
logger.samlResponseFromIDPParsingFailed();
throw new ParsingException("", e);
}
}
public SAMLDocumentHolder getSAMLDocumentHolder(String samlMessage)
throws ParsingException, ConfigurationException, ProcessingException {
InputStream is = null;
SAML2Request saml2Request = new SAML2Request();
try {
if (redirectProfile) {
is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
} else {
byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
logger.trace("SAML Request Document: " + new String(samlBytes));
is = new ByteArrayInputStream(samlBytes);
}
} catch (Exception rte) {
logger.samlBase64DecodingError(rte);
throw logger.parserError(rte);
}
saml2Request.getSAML2ObjectFromStream(is);
return saml2Request.getSamlDocumentHolder();
}
public boolean handleSAML11UnsolicitedResponse(
HttpServletRequest request, HttpServletResponse response) throws IOException {
String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
Principal principal = request.getUserPrincipal();
// If we have already authenticated the user and there is no request from IDP or logout from
// user
if (principal != null) {
return true;
}
HttpSession session = request.getSession(true);
// See if we got a response from IDP
if (isNotNull(samlResponse)) {
boolean isValid = false;
try {
isValid = validate(request);
} catch (Exception e) {
logger.samlSPHandleRequestError(e);
throw new IOException();
}
if (!isValid) {
throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED);
}
try {
InputStream base64DecodedResponse = null;
if ("GET".equalsIgnoreCase(request.getMethod())) {
base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
} else {
base64DecodedResponse = PostBindingUtil.base64DecodeAsStream(samlResponse);
}
SAMLParser parser = new SAMLParser();
SAML11ResponseType saml11Response =
(SAML11ResponseType) parser.parse(base64DecodedResponse);
List<SAML11AssertionType> assertions = saml11Response.get();
if (assertions.size() > 1) {
logger.trace("More than one assertion from IDP. Considering the first one.");
}
String username = null;
List<String> roles = new ArrayList<String>();
SAML11AssertionType assertion = assertions.get(0);
if (assertion != null) {
// Get the subject
List<SAML11StatementAbstractType> statements = assertion.getStatements();
for (SAML11StatementAbstractType statement : statements) {
if (statement instanceof SAML11AuthenticationStatementType) {
SAML11AuthenticationStatementType subStat =
(SAML11AuthenticationStatementType) statement;
SAML11SubjectType subject = subStat.getSubject();
username = subject.getChoice().getNameID().getValue();
}
}
roles = AssertionUtil.getRoles(assertion, null);
}
return true;
} catch (Exception e) {
logger.samlSPHandleRequestError(e);
}
}
return false;
}