protected void sendHttpPostBindingRequest( String destination, Document samlDocument, String relayState, HttpServletResponse response, boolean willSendRequest) throws ProcessingException, IOException, ConfigurationException { String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument)); DestinationInfoHolder destinationHolder = new DestinationInfoHolder(destination, samlMessage, relayState); PostBindingUtil.sendPost(destinationHolder, response, willSendRequest); }
protected void sendToDestination( Document samlDocument, String relayState, String destination, HttpServletResponse response, boolean request) throws IOException, SAXException, GeneralSecurityException { if (!ignoreSignatures) { SAML2Signature samlSignature = new SAML2Signature(); Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument); if (nextSibling != null) { samlSignature.setNextSibling(nextSibling); } KeyPair keypair = keyManager.getSigningKeyPair(); samlSignature.signSAMLDocument(samlDocument, keypair); } String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument)); PostBindingUtil.sendPost( new DestinationInfoHolder(destination, samlMessage, relayState), response, request); }
private Document toSAMLResponseDocument(String samlResponse, boolean isPostBinding) throws ParsingException { InputStream dataStream = null; if (isPostBinding) { // deal with SAML response from IDP dataStream = PostBindingUtil.base64DecodeAsStream(samlResponse); } else { // deal with SAML response from IDP dataStream = RedirectBindingUtil.base64DeflateDecode(samlResponse); } try { return DocumentUtil.getDocument(dataStream); } catch (Exception e) { logger.samlResponseFromIDPParsingFailed(); throw new ParsingException("", e); } }
public boolean handleSAML11UnsolicitedResponse( HttpServletRequest request, HttpServletResponse response) throws IOException { String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); Principal principal = request.getUserPrincipal(); // If we have already authenticated the user and there is no request from IDP or logout from // user if (principal != null) { return true; } HttpSession session = request.getSession(true); // See if we got a response from IDP if (isNotNull(samlResponse)) { boolean isValid = false; try { isValid = validate(request); } catch (Exception e) { logger.samlSPHandleRequestError(e); throw new IOException(); } if (!isValid) { throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED); } try { InputStream base64DecodedResponse = null; if ("GET".equalsIgnoreCase(request.getMethod())) { base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse); } else { base64DecodedResponse = PostBindingUtil.base64DecodeAsStream(samlResponse); } SAMLParser parser = new SAMLParser(); SAML11ResponseType saml11Response = (SAML11ResponseType) parser.parse(base64DecodedResponse); List<SAML11AssertionType> assertions = saml11Response.get(); if (assertions.size() > 1) { logger.trace("More than one assertion from IDP. Considering the first one."); } String username = null; List<String> roles = new ArrayList<String>(); SAML11AssertionType assertion = assertions.get(0); if (assertion != null) { // Get the subject List<SAML11StatementAbstractType> statements = assertion.getStatements(); for (SAML11StatementAbstractType statement : statements) { if (statement instanceof SAML11AuthenticationStatementType) { SAML11AuthenticationStatementType subStat = (SAML11AuthenticationStatementType) statement; SAML11SubjectType subject = subStat.getSubject(); username = subject.getChoice().getNameID().getValue(); } } roles = AssertionUtil.getRoles(assertion, null); } return true; } catch (Exception e) { logger.samlSPHandleRequestError(e); } } return false; }