Java Code Examples for org.opensaml.common.binding.SAMLMessageContext#getInboundSAMLMessage()

The following examples show how to use org.opensaml.common.binding.SAMLMessageContext#getInboundSAMLMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BaseSAML1MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * Extracts the message ID, issue instant, and issuer from the incoming SAML message and populates the message
 * context with it.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateMessageIdIssueInstantIssuer(SAMLMessageContext messageContext)
        throws MessageDecodingException {
    SAMLObject samlMsg = messageContext.getInboundSAMLMessage();
    if (samlMsg == null) {
        return;
    }

    if (samlMsg instanceof RequestAbstractType) {
        log.debug("Extracting ID, issuer and issue instant from request");
        extractRequestInfo(messageContext, (RequestAbstractType) samlMsg);
    } else if (samlMsg instanceof Response) {
        log.debug("Extracting ID, issuer and issue instant from response");
        extractResponseInfo(messageContext, (Response) samlMsg);
    } else {
        throw new MessageDecodingException("SAML 1.x message was not a request or a response");
    }
}
Example 2
Source File: BaseSAML1MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * {@inheritDoc} 
 * 
 * <p>This SAML 1-specific implementation extracts the value of the ResponseAbstractType 
 * protocol message Recipient attribute.</p>
 * 
 * */
protected String getIntendedDestinationEndpointURI(SAMLMessageContext samlMsgCtx) throws MessageDecodingException {
    SAMLObject samlMessage = samlMsgCtx.getInboundSAMLMessage();
    String messageDestination = null;
    if (samlMessage instanceof ResponseAbstractType) {
        ResponseAbstractType response = (ResponseAbstractType) samlMessage;
        messageDestination = DatatypeHelper.safeTrimOrNullString(response.getRecipient());
    } else if (samlMessage instanceof RequestAbstractType) {
        // don't treat as an error, just return null
        return null;
    } else {
        log.error("Invalid SAML message type encountered: {}", samlMessage.getElementQName().toString());
        throw new MessageDecodingException("Invalid SAML message type encountered");
    }
    return messageDestination;
}
Example 3
Source File: SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/** {@inheritDoc} */
public void evaluate(MessageContext messageContext) throws SecurityPolicyException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.debug("Invalid message context type, this policy rule only supports SAMLMessageContext");
        return;
    }

    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;

    SAMLObject samlMsg = samlMsgCtx.getInboundSAMLMessage();
    if (!(samlMsg instanceof SignableSAMLObject)) {
        log.debug("Extracted SAML message was not a SignableSAMLObject, can not process signature");
        return;
    }
    SignableSAMLObject signableObject = (SignableSAMLObject) samlMsg;
    if (!signableObject.isSigned()) {
        log.info("SAML protocol message was not signed, skipping XML signature processing");
        return;
    }
    Signature signature = signableObject.getSignature();

    performPreValidation(signature);

    doEvaluate(signature, signableObject, samlMsgCtx);
}
Example 4
Source File: SAML2AuthnRequestsSignedRule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * Determine whether the inbound message is signed.
 * 
 * @param messageContext the message context being evaluated
 * @return true if the inbound message is signed, otherwise false
 */
protected boolean isMessageSigned(SAMLMessageContext messageContext) {
    // TODO this really should be determined by the decoders and supplied to the rule
    // in some fashion, to handle binding-specific signature mechanisms. See JIRA issue JOWS-4.
    //
    // For now evaluate here inline for XML Signature and HTTP-Redirect and HTTP-Post-SimpleSign.
    
    SAMLObject samlMessage = messageContext.getInboundSAMLMessage();
    if (samlMessage instanceof SignableSAMLObject) {
        SignableSAMLObject signableMessage = (SignableSAMLObject) samlMessage;
        if (signableMessage.isSigned()) {
            return true;
        }
    }
    
    // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
    HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
    String sigParam = inTransport.getParameterValue("Signature");
    return !DatatypeHelper.isEmpty(sigParam);
}
Example 5
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up 
/**
 * {@inheritDoc} 
 * 
 * <p>This SAML 2-specific implementation extracts the value of the protocol message Destination attribute.</p>
 * 
 * */
protected String getIntendedDestinationEndpointURI(SAMLMessageContext samlMsgCtx) throws MessageDecodingException {
    SAMLObject samlMessage = samlMsgCtx.getInboundSAMLMessage();
    String messageDestination = null;
    if (samlMessage instanceof RequestAbstractType) {
        RequestAbstractType request =  (RequestAbstractType) samlMessage;
        messageDestination = DatatypeHelper.safeTrimOrNullString(request.getDestination());
    } else if (samlMessage instanceof StatusResponseType) {
        StatusResponseType response = (StatusResponseType) samlMessage;
        messageDestination = DatatypeHelper.safeTrimOrNullString(response.getDestination());
    } else {
        log.error("Invalid SAML message type encountered: {}", samlMessage.getElementQName().toString());
        throw new MessageDecodingException("Invalid SAML message type encountered");
    }
    return messageDestination;
}
Example 6
Source File: BaseSAML1MessageDecoder.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/** {@inheritDoc} */
public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException {
    super.decode(messageContext);
    
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
    if (samlMsgCtx.getInboundSAMLMessage() instanceof ResponseAbstractType) {
        checkEndpointURI(samlMsgCtx);
    }
}
Example 7
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Extracts the message ID, issue instant, and issuer from the incoming SAML message and populates the message
 * context with it.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateMessageIdIssueInstantIssuer(SAMLMessageContext messageContext)
        throws MessageDecodingException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.debug("Invalid message context type, this policy rule only support SAMLMessageContext");
        return;
    }
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;

    SAMLObject samlMsg = samlMsgCtx.getInboundSAMLMessage();
    if (samlMsg == null) {
        log.error("Message context did not contain inbound SAML message");
        throw new MessageDecodingException("Message context did not contain inbound SAML message");
    }

    if (samlMsg instanceof RequestAbstractType) {
        log.debug("Extracting ID, issuer and issue instant from request");
        extractRequestInfo(samlMsgCtx, (RequestAbstractType) samlMsg);
    } else if (samlMsg instanceof StatusResponseType) {
        log.debug("Extracting ID, issuer and issue instant from status response");
        extractResponseInfo(samlMsgCtx, (StatusResponseType) samlMsg);
    } else {
        throw new MessageDecodingException("SAML 2 message was not a request or a response");
    }

    if (samlMsgCtx.getInboundMessageIssuer() == null) {
        log.warn("Issuer could not be extracted from SAML 2 message");
    }

}
Example 8
Source File: HTTPPostDecoder.java    From lams with GNU General Public License v2.0 4 votes vote down vote up 
/** {@inheritDoc} */
protected boolean isIntendedDestinationEndpointURIRequired(SAMLMessageContext samlMsgCtx) {
    return samlMsgCtx.getInboundSAMLMessage() instanceof ResponseAbstractType;
}
Example 9
Source File: ConsumerEndpoint.java    From MaxKey with Apache License 2.0 4 votes vote down vote up 
@RequestMapping(value = "/consumer/saml/v20/{spId}")
public ModelAndView consumer(HttpServletRequest request,
		HttpServletResponse response, @PathVariable("spId") String spId)
		throws Exception {

	logger.debug("Attempting authentication.");
	// 初始化SP 证书
	initCredential(spId);

	SAMLMessageContext messageContext=null;

	/*try {
		messageContext = bindingAdapter.extractSAMLMessageContext(request);
	} catch (MessageDecodingException me) {
		logger.error("Could not decode SAML Response", me);
		throw new Exception(me);
	} catch (SecurityException se) {
		logger.error("Could not decode SAML Response", se);
		throw new Exception(se);
	}*/

	logger.debug("Message received from issuer: "
			+ messageContext.getInboundMessageIssuer());

	if (!(messageContext.getInboundSAMLMessage() instanceof Response)) {
		logger.error("SAML Message was not a Response");
		throw new Exception();
	}
	List<Assertion> assertionList = ((Response) messageContext
			.getInboundSAMLMessage()).getAssertions();



	String credentials = extractBindingAdapter.extractSAMLMessage(request);

	// 未认证token
	Response samlResponse=(Response) messageContext.getInboundSAMLMessage();
	
	AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();


	try {
		validatorSuite.validate(samlResponse);
	} catch (ValidationException ve) {
		logger.warn("Response Message failed Validation", ve);
		throw new ServiceProviderAuthenticationException("Invalid SAML REsponse Message", ve);
	}

	
	checkResponseStatus(samlResponse);

	Assertion assertion = samlResponse.getAssertions().get(0);
	
	logger.debug("authenticationResponseIssuingEntityName {}" ,samlResponse.getIssuer().getValue()); 
	
	String username=assertion.getSubject().getNameID().getValue();
	
	logger.debug("assertion.getID() " ,assertion.getID());
	logger.debug("assertion.getSubject().getNameID().getValue() ", username);
	

	logger.debug("assertion.getID() ", assertion.getAuthnStatements());
	
	WebContext.setAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success");

	ModelAndView mav = new ModelAndView();
	mav.addObject("username", username);

	mav.setViewName("redirect:/consumer/saml/v20/forward/webseal/eai");
	return mav;
}
Example 10
Source File: BaseSAMLMessageDecoder.java    From lams with GNU General Public License v2.0 3 votes vote down vote up 
/**
 * Determine whether the SAML message represented by the message context is digitally signed.
 * 
 * <p>The default behavior is to examine whether an XML signature is present on the 
 * SAML protocol message.  Subclasses may augment or replace with binding-specific behavior.</p>
 * 
 * @param messageContext current message context
 * @return true if the message is considered to be digitially signed, false otherwise
 */
protected boolean isMessageSigned(SAMLMessageContext messageContext) {
    SAMLObject samlMessage = messageContext.getInboundSAMLMessage();
    if (samlMessage instanceof SignableSAMLObject) {
        return ((SignableSAMLObject)samlMessage).isSigned();
    } else {
        return false;
    }
}