public void acceptRepresentation(final Representation entity) throws ResourceException {
   final Form form = getRequest().getEntityAsForm();
   final String serviceUrl = form.getFirstValue("serviceTicketUrl");
   try {
     final Assertion authentication =
         this.centralAuthenticationService.validateServiceTicket(
             serviceTicketId, new SimpleWebApplicationServiceImpl(serviceUrl, this.httpClient));
     if (authentication.getChainedAuthentications().size() > 0) {
       // Iterate through each of the ChainedAuthentications and put them into the JSonArray
       JSONArray jsonResult = new JSONArray();
       for (Authentication auth : authentication.getChainedAuthentications()) {
         // Create the principle
         JSONObject principle = createJSONPrinciple(auth);
         JSONObject jsonAuth = new JSONObject();
         jsonAuth.put("authenticated_date", auth.getAuthenticatedDate());
         jsonAuth.put("attributes", principle);
         jsonResult.add(jsonAuth);
       }
       getResponse().setEntity(jsonResult.toJSONString(), MediaType.TEXT_PLAIN);
     } else {
       getResponse()
           .setEntity(
               java.lang.String.format("\"{\"authenticated\":\"false\"}\""), MediaType.TEXT_PLAIN);
     }
   } catch (final TicketException e) {
     log.error(e.getMessage(), e);
     getResponse()
         .setStatus(Status.CLIENT_ERROR_NOT_FOUND, "TicketGrantingTicket could not be found.");
   } catch (final Exception e) {
     log.error(e.getMessage(), e);
     getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage());
   }
 }
Пример #2
0
 /**
  * Gets authentication from assertionfinal.
  *
  * @param assertion the assertion
  * @return the authentication from assertionfinal
  */
 public static Authentication getAuthenticationFromAssertion(final Assertion assertion) {
   final List<Authentication> chainedAuthentications = assertion.getChainedAuthentications();
   if (!chainedAuthentications.isEmpty()) {
     final int index = chainedAuthentications.size() - 1;
     return chainedAuthentications.get(index);
   }
   return null;
 }
Пример #3
0
  @Override
  protected void renderMergedOutputModel(
      final Map model, final HttpServletRequest request, final HttpServletResponse response)
      throws Exception {

    try {
      final Assertion assertion = getAssertionFrom(model);
      final Authentication authentication = assertion.getChainedAuthentications().get(0);
      final Date currentDate = new Date();
      final String authenticationMethod =
          (String)
              authentication
                  .getAttributes()
                  .get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD);
      final Service service = assertion.getService();
      final SAMLResponse samlResponse =
          new SAMLResponse(null, service.getId(), new ArrayList<Object>(), null);
      final boolean isRemembered =
          (authentication
                      .getAttributes()
                      .get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME)
                  == Boolean.TRUE
              && !assertion.isFromNewLogin());

      samlResponse.setIssueInstant(currentDate);

      // this should be true, but we never enforced it, so we need to check to be safe
      if (service instanceof SamlService) {
        final SamlService samlService = (SamlService) service;

        if (samlService.getRequestID() != null) {
          samlResponse.setInResponseTo(samlService.getRequestID());
        }
      }

      final SAMLAssertion samlAssertion = new SAMLAssertion();
      samlAssertion.setIssueInstant(currentDate);
      samlAssertion.setIssuer(this.issuer);
      samlAssertion.setNotBefore(currentDate);
      samlAssertion.setNotOnOrAfter(new Date(currentDate.getTime() + this.issueLength));

      final SAMLAudienceRestrictionCondition samlAudienceRestrictionCondition =
          new SAMLAudienceRestrictionCondition();
      samlAudienceRestrictionCondition.addAudience(service.getId());

      final SAMLAuthenticationStatement samlAuthenticationStatement =
          new SAMLAuthenticationStatement();
      samlAuthenticationStatement.setAuthInstant(authentication.getAuthenticatedDate());
      samlAuthenticationStatement.setAuthMethod(
          authenticationMethod != null
              ? authenticationMethod
              : SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);

      samlAuthenticationStatement.setSubject(getSamlSubject(authentication));

      if (!authentication.getPrincipal().getAttributes().isEmpty() || isRemembered) {
        final SAMLAttributeStatement attributeStatement = new SAMLAttributeStatement();

        attributeStatement.setSubject(getSamlSubject(authentication));
        samlAssertion.addStatement(attributeStatement);

        for (final Entry<String, Object> e :
            authentication.getPrincipal().getAttributes().entrySet()) {
          final SAMLAttribute attribute = new SAMLAttribute();
          attribute.setName(e.getKey());
          attribute.setNamespace(NAMESPACE);

          if (e.getValue() instanceof Collection<?>) {
            final Collection<?> c = (Collection<?>) e.getValue();
            if (c.isEmpty()) {
              // 100323 bnoordhuis: don't add the attribute, it causes a
              // org.opensaml.MalformedException
              continue;
            }
            attribute.setValues(c);
          } else {
            attribute.addValue(e.getValue());
          }

          attributeStatement.addAttribute(attribute);
        }

        if (isRemembered) {
          final SAMLAttribute attribute = new SAMLAttribute();
          attribute.setName(REMEMBER_ME_ATTRIBUTE_NAME);
          attribute.setNamespace(NAMESPACE);
          attribute.addValue(true);
          attributeStatement.addAttribute(attribute);
        }
      }

      samlAssertion.addStatement(samlAuthenticationStatement);
      samlAssertion.addCondition(samlAudienceRestrictionCondition);
      samlResponse.addAssertion(samlAssertion);

      final String xmlResponse = samlResponse.toString();

      response.setContentType("text/xml; charset=" + this.encoding);
      response.getWriter().print("<?xml version=\"1.0\" encoding=\"" + this.encoding + "\"?>");
      response
          .getWriter()
          .print(
              "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body>");
      response.getWriter().print(xmlResponse);
      response.getWriter().print("</SOAP-ENV:Body></SOAP-ENV:Envelope>");
      response.flushBuffer();
    } catch (final Exception e) {
      log.error(e.getMessage(), e);
      throw e;
    }
  }