Java Code Examples for org.opensaml.common.binding.SAMLMessageContext#getInboundMessageIssuer()

The following examples show how to use org.opensaml.common.binding.SAMLMessageContext#getInboundMessageIssuer() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BaseSAML1MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the
 * peer's role descriptor if the entity metadata was available and the role name is present in the message context.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException {
    MetadataProvider metadataProvider = messageContext.getMetadataProvider();
    try {
        if (metadataProvider != null) {
            EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext
                    .getInboundMessageIssuer());
            messageContext.setPeerEntityMetadata(relyingPartyMD);

            QName relyingPartyRole = messageContext.getPeerEntityRole();
            if (relyingPartyMD != null && relyingPartyRole != null) {
                List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole,
                        SAMLConstants.SAML11P_NS);
                if (roles != null && roles.size() > 0) {
                    messageContext.setPeerEntityRoleMetadata(roles.get(0));
                }
            }
        }
    } catch (MetadataProviderException e) {
        log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
        throw new MessageDecodingException("Error retrieving metadata for relying party "
                + messageContext.getInboundMessageIssuer(), e);
    }
}
Example 2
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the
 * peer's role descriptor if the entity metadata was available and the role name is present in the message context.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException {
    MetadataProvider metadataProvider = messageContext.getMetadataProvider();
    try {
        if (metadataProvider != null) {
            EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext
                    .getInboundMessageIssuer());
            messageContext.setPeerEntityMetadata(relyingPartyMD);

            QName relyingPartyRole = messageContext.getPeerEntityRole();
            if (relyingPartyMD != null && relyingPartyRole != null) {
                List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole,
                        SAMLConstants.SAML11P_NS);
                if (roles != null && roles.size() > 0) {
                    messageContext.setPeerEntityRoleMetadata(roles.get(0));
                }
            }
        }
    } catch (MetadataProviderException e) {
        log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
        throw new MessageDecodingException("Error retrieving metadata for relying party "
                + messageContext.getInboundMessageIssuer(), e);
    }
}
Example 3
Source File: SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust
 * engine.
 * 
 * @param signature the signature which is being evaluated
 * @param signableObject the signable object which contained the signature
 * @param samlMsgCtx the SAML message context being processed
 * @throws SecurityPolicyException thrown if the signature fails validation
 */
protected void doEvaluate(Signature signature, SignableSAMLObject signableObject, SAMLMessageContext samlMsgCtx)
        throws SecurityPolicyException {

    String contextIssuer = samlMsgCtx.getInboundMessageIssuer();
    if (contextIssuer != null) {
        String msgType = signableObject.getElementQName().toString();
        log.debug("Attempting to verify signature on signed SAML protocol message using context issuer message type: {}",
                        msgType);

        if (evaluate(signature, contextIssuer, samlMsgCtx)) {
            log.info("Validation of protocol message signature succeeded, message type: {}", msgType);
            if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
                log.debug("Authentication via protocol message signature succeeded for context issuer entity ID {}",
                        contextIssuer);
                samlMsgCtx.setInboundSAMLMessageAuthenticated(true);
            }
        } else {
            log.debug("Validation of protocol message signature failed for context issuer '" + contextIssuer
                    + "', message type: " + msgType);
            throw new SecurityPolicyException("Validation of protocol message signature failed");
        }
    } else {
        log.debug("Context issuer unavailable, can not attempt SAML protocol message signature validation");
        throw new SecurityPolicyException("Context issuer unavailable, can not validate signature");
    }
}
Example 4
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Extracts the message ID, issue instant, and issuer from the incoming SAML message and populates the message
 * context with it.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateMessageIdIssueInstantIssuer(SAMLMessageContext messageContext)
        throws MessageDecodingException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.debug("Invalid message context type, this policy rule only support SAMLMessageContext");
        return;
    }
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;

    SAMLObject samlMsg = samlMsgCtx.getInboundSAMLMessage();
    if (samlMsg == null) {
        log.error("Message context did not contain inbound SAML message");
        throw new MessageDecodingException("Message context did not contain inbound SAML message");
    }

    if (samlMsg instanceof RequestAbstractType) {
        log.debug("Extracting ID, issuer and issue instant from request");
        extractRequestInfo(samlMsgCtx, (RequestAbstractType) samlMsg);
    } else if (samlMsg instanceof StatusResponseType) {
        log.debug("Extracting ID, issuer and issue instant from status response");
        extractResponseInfo(samlMsgCtx, (StatusResponseType) samlMsg);
    } else {
        throw new MessageDecodingException("SAML 2 message was not a request or a response");
    }

    if (samlMsgCtx.getInboundMessageIssuer() == null) {
        log.warn("Issuer could not be extracted from SAML 2 message");
    }

}