本文整理汇总了Java中org.opensaml.saml.saml2.core.AuthnRequest类的典型用法代码示例。如果您正苦于以下问题:Java AuthnRequest类的具体用法?Java AuthnRequest怎么用?Java AuthnRequest使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
AuthnRequest类属于org.opensaml.saml.saml2.core包,在下文中一共展示了AuthnRequest类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: buildSamlResponse
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Build saml response.
*
* @param response the response
* @param request the request
* @param authenticationContext the authentication context
* @param casAssertion the cas assertion
* @param binding the binding
*/
protected void buildSamlResponse(final HttpServletResponse response,
final HttpServletRequest request,
final Pair<AuthnRequest, MessageContext> authenticationContext,
final Assertion casAssertion,
final String binding) {
final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authenticationContext.getKey());
LOGGER.debug("Located issuer [{}] from authentication context", issuer);
final SamlRegisteredService registeredService = verifySamlRegisteredService(issuer);
LOGGER.debug("Located SAML metadata for [{}]", registeredService);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor =
getSamlMetadataFacadeFor(registeredService, authenticationContext.getKey());
if (!adaptor.isPresent()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
LOGGER.debug("Preparing SAML response for [{}]", adaptor.get().getEntityId());
final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
final AuthnRequest authnRequest = authenticationContext.getKey();
this.responseBuilder.build(authnRequest, request, response,
casAssertion, registeredService, facade, binding);
LOGGER.info("Built the SAML response for [{}]", facade.getEntityId());
}
示例2: retrieveSamlAuthenticationRequestFromHttpRequest
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Retrieve authn request authn request.
*
* @param request the request
* @return the authn request
* @throws Exception the exception
*/
protected AuthnRequest retrieveSamlAuthenticationRequestFromHttpRequest(final HttpServletRequest request) throws Exception {
LOGGER.debug("Retrieving authentication request from scope");
final String requestValue = request.getParameter(SamlProtocolConstants.PARAMETER_SAML_REQUEST);
if (StringUtils.isBlank(requestValue)) {
throw new IllegalArgumentException("SAML request could not be determined from the authentication request");
}
final byte[] encodedRequest = EncodingUtils.decodeBase64(requestValue.getBytes(StandardCharsets.UTF_8));
final AuthnRequest authnRequest = (AuthnRequest)
XMLObjectSupport.unmarshallFromInputStream(this.configBean.getParserPool(), new ByteArrayInputStream(encodedRequest));
return authnRequest;
}
示例3: issueAuthenticationRequestRedirect
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Redirect request for authentication.
*
* @param pair the pair
* @param request the request
* @param response the response
* @throws Exception the exception
*/
protected void issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair,
final HttpServletRequest request,
final HttpServletResponse response) throws Exception {
final AuthnRequest authnRequest = AuthnRequest.class.cast(pair.getLeft());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url [{}]", serviceUrl);
final String initialUrl = CommonUtils.constructRedirectUrl(this.loginUrl,
CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(),
authnRequest.isPassive());
final String urlToRedirectTo = buildRedirectUrlByRequestedAuthnContext(initialUrl, authnRequest, request);
LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo);
final AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
}
示例4: verifySamlAuthenticationRequest
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Verify saml authentication request.
*
* @param authenticationContext the pair
* @param request the request
* @return the pair
* @throws Exception the exception
*/
protected Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(
final Pair<? extends SignableSAMLObject, MessageContext> authenticationContext,
final HttpServletRequest request) throws Exception {
final AuthnRequest authnRequest = AuthnRequest.class.cast(authenticationContext.getKey());
final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
LOGGER.debug("Located issuer [{}] from authentication request", issuer);
final SamlRegisteredService registeredService = verifySamlRegisteredService(issuer);
LOGGER.debug("Fetching saml metadata adaptor for [{}]", issuer);
final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor =
SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver,
registeredService, authnRequest);
if (!adaptor.isPresent()) {
LOGGER.warn("No metadata could be found for [{}]", issuer);
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
}
verifyAuthenticationContextSignature(authenticationContext, request, authnRequest, adaptor.get());
SamlUtils.logSamlObject(this.configBean, authnRequest);
return Pair.of(registeredService, adaptor.get());
}
示例5: verifyAuthenticationContextSignature
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Verify authentication context signature.
*
* @param authenticationContext the authentication context
* @param request the request
* @param authnRequest the authn request
* @param adaptor the adaptor
* @throws Exception the exception
*/
protected void verifyAuthenticationContextSignature(final Pair<? extends SignableSAMLObject, MessageContext> authenticationContext,
final HttpServletRequest request, final AuthnRequest authnRequest,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws Exception {
final MessageContext ctx = authenticationContext.getValue();
if (!SAMLBindingSupport.isMessageSigned(ctx)) {
LOGGER.debug("The authentication context is not signed");
if (adaptor.isAuthnRequestsSigned()) {
LOGGER.error("Metadata for [{}] says authentication requests are signed, yet authentication request is not", adaptor.getEntityId());
throw new SAMLException("AuthN request is not signed but should be");
}
LOGGER.debug("Authentication request is not signed, so there is no need to verify its signature.");
} else {
LOGGER.debug("The authentication context is signed; Proceeding to validate signatures...");
this.samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(authnRequest, adaptor, request, ctx);
}
}
示例6: handleCallbackProfileRequest
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Handle callback profile request.
*
* @param response the response
* @param request the request
* @throws Exception the exception
*/
@GetMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK)
protected void handleCallbackProfileRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
LOGGER.info("Received SAML callback profile request [{}]", request.getRequestURI());
final AuthnRequest authnRequest = retrieveSamlAuthenticationRequestFromHttpRequest(request);
if (authnRequest == null) {
LOGGER.error("Can not validate the request because the original Authn request can not be found.");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
if (StringUtils.isBlank(ticket)) {
LOGGER.error("Can not validate the request because no [{}] is provided via the request", CasProtocolConstants.PARAMETER_TICKET);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
final Pair<AuthnRequest, MessageContext> authenticationContext = buildAuthenticationContextPair(request, authnRequest);
final Assertion assertion = validateRequestAndBuildCasAssertion(response, request, authenticationContext);
buildSamlResponse(response, request, authenticationContext, assertion, SAMLConstants.SAML2_POST_BINDING_URI);
}
示例7: validateRequestAndBuildCasAssertion
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response,
final HttpServletRequest request,
final Pair<AuthnRequest, MessageContext> pair) throws Exception {
final AuthnRequest authnRequest = pair.getKey();
final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(this.serverPrefix);
final HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
factory.setHostnameVerifier(this.hostnameVerifier);
validator.setURLConnectionFactory(factory);
validator.setRenew(authnRequest.isForceAuthn());
final String serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url for validation: [{}]", serviceUrl);
final Assertion assertion = validator.validate(ticket, serviceUrl);
logCasValidationAssertion(assertion);
return assertion;
}
示例8: finalizeNameId
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Finalize name id name id.
*
* @param nameid the nameid
* @param authnRequest the authn request
* @param assertion the assertion
* @param supportedNameFormats the supported name formats
* @param service the service
* @param adaptor the adaptor
* @return the name id
*/
protected NameID finalizeNameId(final NameID nameid,
final AuthnRequest authnRequest,
final Assertion assertion,
final List<String> supportedNameFormats,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
if (StringUtils.isNotBlank(service.getNameIdQualifier())) {
nameid.setNameQualifier(service.getNameIdQualifier());
}
if (StringUtils.isNotBlank(service.getServiceProviderNameIdQualifier())) {
nameid.setNameQualifier(service.getServiceProviderNameIdQualifier());
}
return nameid;
}
示例9: encodeNameIdBasedOnNameFormat
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Encode name id based on name format name id.
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param nameFormat the name format
* @param service the service
* @param adaptor the adaptor
* @return the name id
*/
protected NameID encodeNameIdBasedOnNameFormat(final AuthnRequest authnRequest,
final Assertion assertion,
final String nameFormat,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
try {
final IdPAttribute attribute = prepareNameIdAttribute(assertion);
final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
final NameID nameid = encoder.encode(attribute);
LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
return nameid;
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
示例10: buildAttributeStatement
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
private AttributeStatement buildAttributeStatement(final Assertion assertion,
final AuthnRequest authnRequest,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final Map<String, Object> attributes = new HashMap<>(assertion.getAttributes());
attributes.putAll(assertion.getPrincipal().getAttributes());
final Map<String, Object> encodedAttrs = this.samlAttributeEncoder.encodeAttributes(attributes, service);
final SamlIdPProperties.Response resp = casProperties.getAuthn().getSamlIdp().getResponse();
final Map<String, String> nameFormats = new HashMap<>(resp.configureAttributeNameFormats());
nameFormats.putAll(service.getAttributeNameFormats());
return newAttributeStatement(encodedAttrs,
resp.isUseAttributeFriendlyName(),
nameFormats);
}
示例11: build
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
@Override
public Assertion build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response,
final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final String binding) throws SamlException {
final List<Statement> statements = new ArrayList<>();
statements.add(this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response,
casAssertion, service, adaptor, binding));
statements.add(this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request,
response, casAssertion, service, adaptor, binding));
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(),
ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response,
casAssertion, service, adaptor, binding));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest,
request, response, casAssertion, service, adaptor, binding));
signAssertion(assertion, request, response, service, adaptor, binding);
return assertion;
}
示例12: buildAuthnStatement
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
/**
* Creates an authentication statement for the current request.
*
* @param assertion the assertion
* @param authnRequest the authn request
* @param adaptor the adaptor
* @param service the service
* @return constructed authentication statement
* @throws SamlException the saml exception
*/
private AuthnStatement buildAuthnStatement(final Assertion assertion, final AuthnRequest authnRequest,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final SamlRegisteredService service) throws SamlException {
final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
if (assertion.getValidUntilDate() != null) {
final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
statement.setSessionNotOnOrAfter(
DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
}
statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor));
return statement;
}
示例13: buildSubject
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
private Subject buildSubject(final HttpServletRequest request,
final HttpServletResponse response,
final AuthnRequest authnRequest,
final Assertion assertion,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final String binding) throws SamlException {
final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response,
assertion, service, adaptor, binding);
final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
if (acs == null) {
throw new IllegalArgumentException("Failed to locate the assertion consumer service url");
}
final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(),
location, validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
subject.setNameID(nameID);
return subject;
}
示例14: build
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
@Override
public String build(final Assertion assertion, final AuthnRequest authnRequest,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final SamlRegisteredService service) {
final RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
if (requestedAuthnContext == null) {
LOGGER.debug("No specific authN context is requested. Returning [{}]", AuthnContext.UNSPECIFIED_AUTHN_CTX);
return AuthnContext.UNSPECIFIED_AUTHN_CTX;
}
final List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", AuthnContext.UNSPECIFIED_AUTHN_CTX);
return AuthnContext.UNSPECIFIED_AUTHN_CTX;
}
LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
authnContextClassRefs.forEach(authnContextClassRef -> LOGGER.debug("Requested AuthN Context [{}]", authnContextClassRef.getAuthnContextClassRef()));
if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) {
LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]",
service.getRequiredAuthenticationContextClass(),
service.getName());
return service.getRequiredAuthenticationContextClass();
}
LOGGER.debug("Returning default AuthN Context [{}]", AuthnContext.PPT_AUTHN_CTX);
return AuthnContext.PPT_AUTHN_CTX;
}
示例15: SamlMessageSenderHandler
import org.opensaml.saml.saml2.core.AuthnRequest; //导入依赖的package包/类
@Inject
public SamlMessageSenderHandler(
StringToOpenSamlObjectTransformer<Response> responseTransformer,
StringToOpenSamlObjectTransformer<AuthnRequest> authnRequestTransformer,
SamlMessageSignatureValidator samlMessageSignatureValidator,
ExternalCommunicationEventLogger externalCommunicationEventLogger,
ProtectiveMonitoringLogger protectiveMonitoringLogger,
SessionProxy sessionProxy) {
this.responseTransformer = responseTransformer;
this.authnRequestTransformer = authnRequestTransformer;
this.samlMessageSignatureValidator = samlMessageSignatureValidator;
this.externalCommunicationEventLogger = externalCommunicationEventLogger;
this.protectiveMonitoringLogger = protectiveMonitoringLogger;
this.sessionProxy = sessionProxy;
}