com.onelogin.saml2.settings.Saml2Settings Java Examples
The following examples show how to use
com.onelogin.saml2.settings.Saml2Settings.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
|
@Override
public boolean reRequestAuthentication(RestChannel restChannel, AuthCredentials authCredentials) {
try {
RestRequest restRequest = restChannel.request();
if ("/_opendistro/_security/api/authtoken".equals(restRequest.path())
&& this.authTokenProcessorHandler.handle(restRequest, restChannel)) {
return true;
}
Saml2Settings saml2Settings = this.saml2SettingsProvider.getCached();
BytesRestResponse authenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED, "");
authenticateResponse.addHeader("WWW-Authenticate", getWwwAuthenticateHeader(saml2Settings));
restChannel.sendResponse(authenticateResponse);
return true;
} catch (Exception e) {
log.error("Error in reRequestAuthentication()", e);
return false;
}
}
Example #2
| Source File: SSOControllerTest.java From uyuni with GNU General Public License v2.0 | 6 votes |
|
public void setUp() throws Exception {
super.setUp();
Map<String, Object> samlData = new HashMap<>();
SettingsBuilder builder = new SettingsBuilder();
samlData.put("onelogin.saml2.sp.entityid", "https://localhost/metadata.jsp");
samlData.put("onelogin.saml2.sp.assertion_consumer_service.url", new URL("https://localhost/acs.jsp"));
samlData.put("onelogin.saml2.security.want_xml_validation", true);
samlData.put("onelogin.saml2.idp.entityid", "https://idp");
samlData.put("onelogin.saml2.idp.single_sign_on_service.url", "https://idp/sso");
samlData.put("onelogin.saml2.idp.x509cert", "-----BEGIN CERTIFICATE-----\n" +
"MIICNDCCAZ2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADA3MQswCQYDVQQGEwJ1czEM\n" +
"MAoGA1UECAwDZm9vMQwwCgYDVQQKDANiYXIxDDAKBgNVBAMMA3llczAeFw0xOTA1\n" +
"MDkxNjI5MjlaFw0yMDA1MDgxNjI5MjlaMDcxCzAJBgNVBAYTAnVzMQwwCgYDVQQI\n" +
"DANmb28xDDAKBgNVBAoMA2JhcjEMMAoGA1UEAwwDeWVzMIGfMA0GCSqGSIb3DQEB\n" +
"AQUAA4GNADCBiQKBgQDDxirCp0Fyr3lM+qciXW1oOKegScth2uVzCbah9+JyEB4S\n" +
"dFSPdsT9BB5Jj2/BZlQVHTr9C3TXaow79tSg1IDVjGwhSDQLnkfkXRr3h+reQFlj\n" +
"/zCS7gi2Yv+KJG9/ZODDSUp/YrDWuGLQfScR3KGZxxPd//vPLaE/yocuK3kdzQID\n" +
"AQABo1AwTjAdBgNVHQ4EFgQU2nQoIcw2rwCVj1Mxh7PYnUs4qjIwHwYDVR0jBBgw\n" +
"FoAU2nQoIcw2rwCVj1Mxh7PYnUs4qjIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\n" +
"AQ0FAAOBgQAkGZg7TM7DCKLFM1E7rcPfg5SLPGueNbDK3i5oizrMa//L7auVRM+r\n" +
"jHaIbhGK5KlF5vaabSygxRTfgtI4Npv6aF3Bs57sqKsIVnxaOm+w7VUAB4Yv9Riz\n" +
"FHQbixAeSxYR8QKSjSvQKdrCrbksUUOudq0eB+Wfir+HFIIW1tgh1g==\n" +
"-----END CERTIFICATE-----");
Saml2Settings settings = builder.fromValues(samlData).build();
SSOController.setSsoConfig(Optional.of(settings));
}
Example #3
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private String getWwwAuthenticateHeader(Saml2Settings saml2Settings) throws Exception {
AuthnRequest authnRequest = this.buildAuthnRequest(saml2Settings);
return "X-Security-IdP realm=\"Open Distro Security\" location=\""
+ StringEscapeUtils.escapeJava(getSamlRequestRedirectBindingLocation(IdpEndpointType.SSO, saml2Settings,
authnRequest.getEncodedAuthnRequest(true)))
+ "\" requestId=\"" + StringEscapeUtils.escapeJava(authnRequest.getId()) + "\"";
}
Example #4
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private AuthnRequest buildAuthnRequest(Saml2Settings saml2Settings) {
boolean forceAuthn = false;
if (this.useForceAuthn != null) {
forceAuthn = this.useForceAuthn.booleanValue();
} else {
if (!this.isSingleLogoutAvailable(saml2Settings)) {
forceAuthn = true;
}
}
return new AuthnRequest(saml2Settings, forceAuthn, false, true);
}
Example #5
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private URL getIdpUrl(IdpEndpointType endpointType, Saml2Settings saml2Settings) {
if (endpointType == IdpEndpointType.SSO) {
return saml2Settings.getIdpSingleSignOnServiceUrl();
} else {
return saml2Settings.getIdpSingleLogoutServiceUrl();
}
}
Example #6
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
String buildLogoutUrl(AuthCredentials authCredentials) {
try {
if (authCredentials == null) {
return null;
}
Saml2Settings saml2Settings = this.saml2SettingsProvider.getCached();
if (!isSingleLogoutAvailable(saml2Settings)) {
return null;
}
String nameIdClaim = this.subjectKey == null ? "sub" : "saml_ni";
String nameId = authCredentials.getAttributes().get("attr.jwt." + nameIdClaim);
String nameIdFormat = SamlNameIdFormat
.getByShortName(authCredentials.getAttributes().get("attr.jwt.saml_nif")).getUri();
String sessionIndex = authCredentials.getAttributes().get("attr.jwt.saml_si");
LogoutRequest logoutRequest = new LogoutRequest(saml2Settings, null, nameId, sessionIndex, nameIdFormat);
return getSamlRequestRedirectBindingLocation(IdpEndpointType.SLO, saml2Settings,
logoutRequest.getEncodedLogoutRequest(true));
} catch (Exception e) {
log.error("Error while creating logout URL. Logout will be not available", e);
return null;
}
}
Example #7
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private String getSamlRequestRedirectBindingLocation(IdpEndpointType idpEndpointType, Saml2Settings saml2Settings,
String samlRequest) throws Exception {
URL idpUrl = getIdpUrl(idpEndpointType, saml2Settings);
if (Strings.isNullOrEmpty(idpUrl.getQuery())) {
return getIdpUrl(idpEndpointType, saml2Settings) + "?" + this.getSamlRequestQueryString(samlRequest);
} else {
return getIdpUrl(idpEndpointType, saml2Settings) + "&" + this.getSamlRequestQueryString(samlRequest);
}
}
Example #8
| Source File: Saml2SettingsProvider.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
Saml2Settings get() throws SamlConfigException {
try {
HashMap<String, Object> configProperties = new HashMap<>();
EntityDescriptor entityDescriptor = this.metadataResolver
.resolveSingle(new CriteriaSet(new EntityIdCriterion(this.idpEntityId)));
if (entityDescriptor == null) {
throw new SamlConfigException("Could not find entity descriptor for " + this.idpEntityId);
}
IDPSSODescriptor idpSsoDescriptor = entityDescriptor
.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
if (idpSsoDescriptor == null) {
throw new SamlConfigException("Could not find IDPSSODescriptor supporting SAML 2.0 in "
+ this.idpEntityId + "; role descriptors: " + entityDescriptor.getRoleDescriptors());
}
initIdpEndpoints(idpSsoDescriptor, configProperties);
initIdpCerts(idpSsoDescriptor, configProperties);
initSpEndpoints(configProperties);
initMisc(configProperties);
SettingsBuilder settingsBuilder = new SettingsBuilder();
// TODO allow overriding of IdP metadata?
settingsBuilder.fromValues(configProperties);
settingsBuilder.fromValues(new SamlSettingsMap(this.esSettings));
return settingsBuilder.build();
} catch (ResolverException e) {
throw new AuthenticatorUnavailableException(e);
}
}
Example #9
| Source File: Saml2SettingsProvider.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
Saml2Settings getCached() throws SamlConfigException {
DateTime tempLastUpdate = null;
if (this.metadataResolver instanceof RefreshableMetadataResolver && this.isUpdateRequired()) {
this.cachedSaml2Settings = null;
tempLastUpdate = ((RefreshableMetadataResolver) this.metadataResolver).getLastUpdate();
}
if (this.cachedSaml2Settings == null) {
this.cachedSaml2Settings = this.get();
this.metadataUpdateTime = tempLastUpdate;
}
return this.cachedSaml2Settings;
}
Example #10
| Source File: SSOConfig.java From uyuni with GNU General Public License v2.0 | 5 votes |
|
/**
* A singleton to return the parsed configuration
* @return the configuration for SSO in Saml2Settings object format
*/
public static Optional<Saml2Settings> getSSOSettings() {
if (ConfigDefaults.get().isSingleSignOnEnabled() && singletonConfig == null) {
new SSOConfig();
}
return Optional.ofNullable(singletonConfig);
}
Example #11
| Source File: HTTPSamlAuthenticator.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
private boolean isSingleLogoutAvailable(Saml2Settings saml2Settings) {
return saml2Settings.getIdpSingleLogoutServiceUrl() != null;
}
Example #12
| Source File: ConfigurationService.java From guacamole-client with Apache License 2.0 | 4 votes |
|
/**
* Returns the collection of SAML settings used to initialize the client.
*
* @return
* The collection of SAML settings used to initialize the SAML client.
*
* @throws GuacamoleException
* If guacamole.properties cannot be parsed or if required parameters
* are missing.
*/
public Saml2Settings getSamlSettings() throws GuacamoleException {
// Try to get the XML file, first.
URI idpMetadata = getIdpMetadata();
Map<String, Object> samlMap;
if (idpMetadata != null) {
try {
samlMap = IdPMetadataParser.parseRemoteXML(idpMetadata.toURL());
}
catch (Exception e) {
throw new GuacamoleServerException(
"Could not parse SAML IdP Metadata file.", e);
}
}
// If no XML metadata is provided, fall-back to individual values.
else {
samlMap = new HashMap<>();
samlMap.put(SettingsBuilder.IDP_ENTITYID_PROPERTY_KEY,
getIdpUrl().toString());
samlMap.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY,
getIdpUrl().toString());
samlMap.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY,
Constants.BINDING_HTTP_REDIRECT);
}
// Read entity ID from properties if not provided within metadata XML
if (!samlMap.containsKey(SettingsBuilder.SP_ENTITYID_PROPERTY_KEY)) {
URI entityId = getEntityId();
if (entityId == null)
throw new GuacamoleServerException("SAML Entity ID was not found"
+ " in either the metadata XML file or guacamole.properties");
samlMap.put(SettingsBuilder.SP_ENTITYID_PROPERTY_KEY, entityId.toString());
}
// Derive ACS URL from properties if not provided within metadata XML
if (!samlMap.containsKey(SettingsBuilder.SP_ASSERTION_CONSUMER_SERVICE_URL_PROPERTY_KEY)) {
samlMap.put(SettingsBuilder.SP_ASSERTION_CONSUMER_SERVICE_URL_PROPERTY_KEY,
UriBuilder.fromUri(getCallbackUrl()).path("api/ext/saml/callback").build().toString());
}
SettingsBuilder samlBuilder = new SettingsBuilder();
Saml2Settings samlSettings = samlBuilder.fromValues(samlMap).build();
samlSettings.setStrict(getStrict());
samlSettings.setDebug(getDebug());
samlSettings.setCompressRequest(getCompressRequest());
samlSettings.setCompressResponse(getCompressResponse());
return samlSettings;
}
Example #13
| Source File: SSOController.java From uyuni with GNU General Public License v2.0 | 2 votes |
|
/**
* Used for test purposes only
* @param ssoConfigIn the SSO configuration provided by the test class
*/
public static void setSsoConfig(Optional<Saml2Settings> ssoConfigIn) {
SSOController.ssoConfig = ssoConfigIn;
}
