public void acceptRepresentation(final Representation entity) throws ResourceException {
final Form form = getRequest().getEntityAsForm();
final String serviceUrl = form.getFirstValue("serviceTicketUrl");
try {
final Assertion authentication =
this.centralAuthenticationService.validateServiceTicket(
serviceTicketId, new SimpleWebApplicationServiceImpl(serviceUrl, this.httpClient));
if (authentication.getChainedAuthentications().size() > 0) {
// Iterate through each of the ChainedAuthentications and put them into the JSonArray
JSONArray jsonResult = new JSONArray();
for (Authentication auth : authentication.getChainedAuthentications()) {
// Create the principle
JSONObject principle = createJSONPrinciple(auth);
JSONObject jsonAuth = new JSONObject();
jsonAuth.put("authenticated_date", auth.getAuthenticatedDate());
jsonAuth.put("attributes", principle);
jsonResult.add(jsonAuth);
}
getResponse().setEntity(jsonResult.toJSONString(), MediaType.TEXT_PLAIN);
} else {
getResponse()
.setEntity(
java.lang.String.format("\"{\"authenticated\":\"false\"}\""), MediaType.TEXT_PLAIN);
}
} catch (final TicketException e) {
log.error(e.getMessage(), e);
getResponse()
.setStatus(Status.CLIENT_ERROR_NOT_FOUND, "TicketGrantingTicket could not be found.");
} catch (final Exception e) {
log.error(e.getMessage(), e);
getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage());
}
}
/**
* Gets authentication from assertionfinal.
*
* @param assertion the assertion
* @return the authentication from assertionfinal
*/
public static Authentication getAuthenticationFromAssertion(final Assertion assertion) {
final List<Authentication> chainedAuthentications = assertion.getChainedAuthentications();
if (!chainedAuthentications.isEmpty()) {
final int index = chainedAuthentications.size() - 1;
return chainedAuthentications.get(index);
}
return null;
}
@Override
protected void renderMergedOutputModel(
final Map model, final HttpServletRequest request, final HttpServletResponse response)
throws Exception {
try {
final Assertion assertion = getAssertionFrom(model);
final Authentication authentication = assertion.getChainedAuthentications().get(0);
final Date currentDate = new Date();
final String authenticationMethod =
(String)
authentication
.getAttributes()
.get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD);
final Service service = assertion.getService();
final SAMLResponse samlResponse =
new SAMLResponse(null, service.getId(), new ArrayList<Object>(), null);
final boolean isRemembered =
(authentication
.getAttributes()
.get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME)
== Boolean.TRUE
&& !assertion.isFromNewLogin());
samlResponse.setIssueInstant(currentDate);
// this should be true, but we never enforced it, so we need to check to be safe
if (service instanceof SamlService) {
final SamlService samlService = (SamlService) service;
if (samlService.getRequestID() != null) {
samlResponse.setInResponseTo(samlService.getRequestID());
}
}
final SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.setIssueInstant(currentDate);
samlAssertion.setIssuer(this.issuer);
samlAssertion.setNotBefore(currentDate);
samlAssertion.setNotOnOrAfter(new Date(currentDate.getTime() + this.issueLength));
final SAMLAudienceRestrictionCondition samlAudienceRestrictionCondition =
new SAMLAudienceRestrictionCondition();
samlAudienceRestrictionCondition.addAudience(service.getId());
final SAMLAuthenticationStatement samlAuthenticationStatement =
new SAMLAuthenticationStatement();
samlAuthenticationStatement.setAuthInstant(authentication.getAuthenticatedDate());
samlAuthenticationStatement.setAuthMethod(
authenticationMethod != null
? authenticationMethod
: SAMLAuthenticationStatement.AuthenticationMethod_Unspecified);
samlAuthenticationStatement.setSubject(getSamlSubject(authentication));
if (!authentication.getPrincipal().getAttributes().isEmpty() || isRemembered) {
final SAMLAttributeStatement attributeStatement = new SAMLAttributeStatement();
attributeStatement.setSubject(getSamlSubject(authentication));
samlAssertion.addStatement(attributeStatement);
for (final Entry<String, Object> e :
authentication.getPrincipal().getAttributes().entrySet()) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(e.getKey());
attribute.setNamespace(NAMESPACE);
if (e.getValue() instanceof Collection<?>) {
final Collection<?> c = (Collection<?>) e.getValue();
if (c.isEmpty()) {
// 100323 bnoordhuis: don't add the attribute, it causes a
// org.opensaml.MalformedException
continue;
}
attribute.setValues(c);
} else {
attribute.addValue(e.getValue());
}
attributeStatement.addAttribute(attribute);
}
if (isRemembered) {
final SAMLAttribute attribute = new SAMLAttribute();
attribute.setName(REMEMBER_ME_ATTRIBUTE_NAME);
attribute.setNamespace(NAMESPACE);
attribute.addValue(true);
attributeStatement.addAttribute(attribute);
}
}
samlAssertion.addStatement(samlAuthenticationStatement);
samlAssertion.addCondition(samlAudienceRestrictionCondition);
samlResponse.addAssertion(samlAssertion);
final String xmlResponse = samlResponse.toString();
response.setContentType("text/xml; charset=" + this.encoding);
response.getWriter().print("<?xml version=\"1.0\" encoding=\"" + this.encoding + "\"?>");
response
.getWriter()
.print(
"<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body>");
response.getWriter().print(xmlResponse);
response.getWriter().print("</SOAP-ENV:Body></SOAP-ENV:Envelope>");
response.flushBuffer();
} catch (final Exception e) {
log.error(e.getMessage(), e);
throw e;
}
}