Пример #1
0
    protected Response handleSamlRequest(String samlRequest, String relayState) {
      SAMLDocumentHolder documentHolder = extractRequestDocument(samlRequest);
      if (documentHolder == null) {
        event.event(EventType.LOGIN);
        event.error(Errors.INVALID_TOKEN);
        return ErrorPage.error(session, Messages.INVALID_REQUEST);
      }

      SAML2Object samlObject = documentHolder.getSamlObject();

      RequestAbstractType requestAbstractType = (RequestAbstractType) samlObject;
      String issuer = requestAbstractType.getIssuer().getValue();
      ClientModel client = realm.getClientByClientId(issuer);

      if (client == null) {
        event.event(EventType.LOGIN);
        event.client(issuer);
        event.error(Errors.CLIENT_NOT_FOUND);
        return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
      }

      if (!client.isEnabled()) {
        event.event(EventType.LOGIN);
        event.error(Errors.CLIENT_DISABLED);
        return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
      }
      if (client.isBearerOnly()) {
        event.event(EventType.LOGIN);
        event.error(Errors.NOT_ALLOWED);
        return ErrorPage.error(session, Messages.BEARER_ONLY);
      }
      if (!client.isStandardFlowEnabled()) {
        event.event(EventType.LOGIN);
        event.error(Errors.NOT_ALLOWED);
        return ErrorPage.error(session, Messages.STANDARD_FLOW_DISABLED);
      }

      session.getContext().setClient(client);

      try {
        verifySignature(documentHolder, client);
      } catch (VerificationException e) {
        SamlService.logger.error("request validation failed", e);
        event.event(EventType.LOGIN);
        event.error(Errors.INVALID_SIGNATURE);
        return ErrorPage.error(session, Messages.INVALID_REQUESTER);
      }
      logger.debug("verified request");
      if (samlObject instanceof AuthnRequestType) {
        logger.debug("** login request");
        event.event(EventType.LOGIN);
        // Get the SAML Request Message
        AuthnRequestType authn = (AuthnRequestType) samlObject;
        return loginRequest(relayState, authn, client);
      } else if (samlObject instanceof LogoutRequestType) {
        logger.debug("** logout request");
        event.event(EventType.LOGOUT);
        LogoutRequestType logout = (LogoutRequestType) samlObject;
        return logoutRequest(logout, client, relayState);

      } else {
        event.event(EventType.LOGIN);
        event.error(Errors.INVALID_TOKEN);
        return ErrorPage.error(session, Messages.INVALID_REQUEST);
      }
    }
Пример #2
0
 @Override
 public boolean isStandardFlowEnabled() {
   if (updated != null) return updated.isStandardFlowEnabled();
   return cached.isStandardFlowEnabled();
 }