protected void sendHttpRedirectRequest( String destination, Document samlDocument, String relayState, HttpServletResponse response, boolean willSendRequest, String destinationQueryStringWithSignature) throws IOException, ProcessingException, ConfigurationException { String destinationQueryString = null; // We already have queryString with signature from SAML2SignatureGenerationHandler if (destinationQueryStringWithSignature != null) { destinationQueryString = destinationQueryStringWithSignature; } else { String samlMessage = DocumentUtil.getDocumentAsString(samlDocument); String base64Request = RedirectBindingUtil.deflateBase64URLEncode(samlMessage.getBytes("UTF-8")); destinationQueryString = RedirectBindingUtil.getDestinationQueryString(base64Request, relayState, willSendRequest); } RedirectBindingUtil.RedirectBindingUtilDestHolder holder = new RedirectBindingUtil.RedirectBindingUtilDestHolder(); holder.setDestination(destination).setDestinationQueryString(destinationQueryString); HTTPRedirectUtil.sendRedirectForRequestor( RedirectBindingUtil.getDestinationURL(holder), response); }
private Document toSAMLResponseDocument(String samlResponse, boolean isPostBinding) throws ParsingException { InputStream dataStream = null; if (isPostBinding) { // deal with SAML response from IDP dataStream = PostBindingUtil.base64DecodeAsStream(samlResponse); } else { // deal with SAML response from IDP dataStream = RedirectBindingUtil.base64DeflateDecode(samlResponse); } try { return DocumentUtil.getDocument(dataStream); } catch (Exception e) { logger.samlResponseFromIDPParsingFailed(); throw new ParsingException("", e); } }
public boolean handleSAML11UnsolicitedResponse( HttpServletRequest request, HttpServletResponse response) throws IOException { String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); Principal principal = request.getUserPrincipal(); // If we have already authenticated the user and there is no request from IDP or logout from // user if (principal != null) { return true; } HttpSession session = request.getSession(true); // See if we got a response from IDP if (isNotNull(samlResponse)) { boolean isValid = false; try { isValid = validate(request); } catch (Exception e) { logger.samlSPHandleRequestError(e); throw new IOException(); } if (!isValid) { throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED); } try { InputStream base64DecodedResponse = null; if ("GET".equalsIgnoreCase(request.getMethod())) { base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse); } else { base64DecodedResponse = PostBindingUtil.base64DecodeAsStream(samlResponse); } SAMLParser parser = new SAMLParser(); SAML11ResponseType saml11Response = (SAML11ResponseType) parser.parse(base64DecodedResponse); List<SAML11AssertionType> assertions = saml11Response.get(); if (assertions.size() > 1) { logger.trace("More than one assertion from IDP. Considering the first one."); } String username = null; List<String> roles = new ArrayList<String>(); SAML11AssertionType assertion = assertions.get(0); if (assertion != null) { // Get the subject List<SAML11StatementAbstractType> statements = assertion.getStatements(); for (SAML11StatementAbstractType statement : statements) { if (statement instanceof SAML11AuthenticationStatementType) { SAML11AuthenticationStatementType subStat = (SAML11AuthenticationStatementType) statement; SAML11SubjectType subject = subStat.getSubject(); username = subject.getChoice().getNameID().getValue(); } } roles = AssertionUtil.getRoles(assertion, null); } return true; } catch (Exception e) { logger.samlSPHandleRequestError(e); } } return false; }