当前位置: 首页>>代码示例>>Java>>正文


Java IDPSSODescriptor类代码示例

本文整理汇总了Java中org.opensaml.saml.saml2.metadata.IDPSSODescriptor的典型用法代码示例。如果您正苦于以下问题:Java IDPSSODescriptor类的具体用法?Java IDPSSODescriptor怎么用?Java IDPSSODescriptor使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


IDPSSODescriptor类属于org.opensaml.saml.saml2.metadata包,在下文中一共展示了IDPSSODescriptor类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: buildEntityRoleFilterIfNeeded

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
private static void buildEntityRoleFilterIfNeeded(final SamlRegisteredService service, final List<MetadataFilter> metadataFilterList) {
    if (StringUtils.isNotBlank(service.getMetadataCriteriaRoles())) {
        final List<QName> roles = new ArrayList<>();
        final Set<String> rolesSet = org.springframework.util.StringUtils.commaDelimitedListToSet(service.getMetadataCriteriaRoles());
        rolesSet.stream().forEach(s -> {
            if (s.equalsIgnoreCase(SPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart())) {
                LOGGER.debug("Added entity role filter [{}]", SPSSODescriptor.DEFAULT_ELEMENT_NAME);
                roles.add(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
            }
            if (s.equalsIgnoreCase(IDPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart())) {
                LOGGER.debug("Added entity role filter [{}]", IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
                roles.add(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
            }
        });
        final EntityRoleFilter filter = new EntityRoleFilter(roles);
        filter.setRemoveEmptyEntitiesDescriptors(service.isMetadataCriteriaRemoveEmptyEntitiesDescriptors());
        filter.setRemoveRolelessEntityDescriptors(service.isMetadataCriteriaRemoveRolelessEntityDescriptors());

        metadataFilterList.add(filter);
        LOGGER.debug("Added entity role filter with roles [{}]", roles);
    }
}
 
开发者ID:mrluo735,项目名称:cas-5.1.0,代码行数:23,代码来源:ChainingMetadataResolverCacheLoader.java

示例2: getSingleSignOn

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
public URI getSingleSignOn(String entityId) {
    EntityDescriptor idpEntityDescriptor;
    try {
        CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(entityId));
        idpEntityDescriptor = metadataProvider.resolveSingle(criteria);
    } catch (ResolverException e) {
        LOG.error(format("Exception when accessing metadata: {0}", e));
        throw propagate(e);
    }

    if(idpEntityDescriptor!=null) {
        final IDPSSODescriptor idpssoDescriptor = idpEntityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        final List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices();
        if (singleSignOnServices.isEmpty()) {
            LOG.error(format("No singleSignOnServices present for IDP entityId: {0}", entityId));
        } else {
            if (singleSignOnServices.size() > 1) {
                LOG.warn(format("More than one singleSignOnService present: {0} for {1}", singleSignOnServices.size(), entityId));
            }
            return URI.create(singleSignOnServices.get(0).getLocation());
        }
    }

    throw ApplicationException.createUnauditedException(ExceptionType.NOT_FOUND, UUID.randomUUID(), new RuntimeException(format("no entity descriptor for IDP: {0}", entityId)));

}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:27,代码来源:IdpSingleSignOnServiceHelper.java

示例3: getSingleSignOn

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
@Test
public void getSingleSignOn() throws Exception {
    // Given
    SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder();
    SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject();
    singleSignOnService.setLocation("http://the-sso-location");

    IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder();
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
    idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);

    EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID("the-entity-id");
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);

    when(metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(entityDescriptor.getEntityID())))).thenReturn(entityDescriptor);

    // When
    URI singleSignOnUri = service.getSingleSignOn(entityDescriptor.getEntityID());

    // Then
    assertThat(singleSignOnUri.toString(), equalTo(singleSignOnService.getLocation()));
    verify(metadataResolver).resolveSingle(any(CriteriaSet.class));
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:27,代码来源:CountrySingleSignOnServiceHelperTest.java

示例4: apply

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
public InboundMatchingServiceRequest apply(final AttributeQuery attributeQuery) {
    samlAttributeQueryValidator.validate(attributeQuery);
    ValidatedAttributeQuery validatedAttributeQuery = attributeQuerySignatureValidator.validate(attributeQuery);

    List<Assertion> assertions = assertionDecrypter.decryptAssertions(validatedAttributeQuery);

    Map<Boolean, List<Assertion>> map = assertions.stream().collect(Collectors.groupingBy(this::isHubAssertion));
    List<Assertion> hubAssertions = map.getOrDefault(true, Collections.emptyList());
    List<Assertion> idpAssertions = map.getOrDefault(false, Collections.emptyList());

    samlAttributeQueryAssertionsValidator.validateHubAssertions(validatedAttributeQuery, hubAssertions);
    samlAttributeQueryAssertionsValidator.validateIdpAssertions(validatedAttributeQuery, idpAssertions);

    ValidatedAssertions validatedHubAssertions = samlAssertionsSignatureValidator.validate(hubAssertions, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    ValidatedAssertions validatedIdpAssertions = samlAssertionsSignatureValidator.validate(idpAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
    return inboundMatchingServiceRequestUnmarshaller.fromSaml(validatedAttributeQuery, validatedHubAssertions, validatedIdpAssertions);
}
 
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:18,代码来源:VerifyAttributeQueryToInboundMatchingServiceRequestTransformer.java

示例5: shouldHaveAnIDPSSODescriptor

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
@Test
public void shouldHaveAnIDPSSODescriptor() throws ResolverException, FederationMetadataLoadingException {
    when(certificateStore.getSigningCertificates()).thenReturn(asList(getCertificate()));

    Document matchingServiceAdapterMetadata = matchingServiceAdapterMetadataRepository.getMatchingServiceAdapterMetadata();
    EntityDescriptor msa = getEntityDescriptor(matchingServiceAdapterMetadata, entityId);

    assertThat(msa.getRoleDescriptors().size()).isEqualTo(2);
    IDPSSODescriptor idpssoDescriptor = msa.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
    assertThat(idpssoDescriptor).isNotNull();
    assertThat(idpssoDescriptor.getSingleSignOnServices()).hasSize(1);
    assertThat(idpssoDescriptor.getSingleSignOnServices().get(0).getLocation()).isEqualTo(hubSsoEndPoint);

    // Shibboleth SP doesn't like the xsi:type="md:EndpointType" attribute on the SingleSignOnService element:
    assertThat(idpssoDescriptor.getSingleSignOnServices().get(0).getSchemaType()).isNull();

    assertThat(idpssoDescriptor.getKeyDescriptors()).hasSize(1);
}
 
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:19,代码来源:MatchingServiceAdapterMetadataRepositoryTest.java

示例6: setDefaults

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
private static void setDefaults(KeyStore ks, EntityDescriptor ed,
		IDPSSODescriptor idp, AuthMechType currentMechanism,
		HashMap<String, ParamType> params) {
	
	if (params.get("assertionsSigned") == null || params.get("assertionsSigned").getValue().equalsIgnoreCase("false")) {
		setProperty("responsesSigned","true",params,currentMechanism);
	} else {
		setProperty("responsesSigned","false",params,currentMechanism);
	}
	
	setProperty("jumpPage","",params,currentMechanism);
	setProperty("sigAlg","RSA-SHA1",params,currentMechanism);
	setProperty("authCtxRef","",params,currentMechanism);
	setProperty("forceToSSL","false",params,currentMechanism);
	setProperty("ldapAttribute","uid",params,currentMechanism);
	setProperty("dnOU","SAML2",params,currentMechanism);
	setProperty("defaultOC","inetOrgPerson",params,currentMechanism);
	setProperty("dontLinkToLDAP","false",params,currentMechanism);
	setProperty("responsesSigned","true",params,currentMechanism);
	setProperty("assertionsSigned","false",params,currentMechanism);
	
	
	
}
 
开发者ID:TremoloSecurity,项目名称:OpenUnison,代码行数:25,代码来源:OpenUnisonUtils.java

示例7: handleResponsePost

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.RESPONSE_POST_PATH)
@Timed
public Response handleResponsePost(SamlRequestDto samlRequestDto) {

    final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
    MDC.put("SessionId", sessionId);

    relayStateValidator.validate(samlRequestDto.getRelayState());

    org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());

    SamlValidationResponse signatureValidationResponse = authnResponseSignatureValidator.validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnResponse(
            samlResponse,
            Direction.INBOUND,
            signatureValidationResponse.isOK());

    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }

    final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(
            samlRequestDto.getSamlRequest(),
            sessionId,
            samlRequestDto.getPrincipalIpAsSeenByFrontend()
    );

    return Response.ok(sessionProxy.receiveAuthnResponseFromIdp(authnResponseDto, sessionId)).build();
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:34,代码来源:SamlMessageReceiverApi.java

示例8: handleEidasResponsePost

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.EIDAS_RESPONSE_POST_PATH)
@Timed
public Response handleEidasResponsePost(SamlRequestDto samlRequestDto) {

    if (eidasAuthnResponseSignatureValidator.isPresent()) {
        final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
        MDC.put("SessionId", sessionId);

        relayStateValidator.validate(samlRequestDto.getRelayState());

        org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());

        SamlValidationResponse signatureValidationResponse = eidasAuthnResponseSignatureValidator.get().validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        protectiveMonitoringLogger.logAuthnResponse(
            samlResponse,
            Direction.INBOUND,
            signatureValidationResponse.isOK());

        if (!signatureValidationResponse.isOK()) {
            SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
            throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
        }

        final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(
            samlRequestDto.getSamlRequest(),
            sessionId,
            samlRequestDto.getPrincipalIpAsSeenByFrontend()
        );

        return Response.ok(sessionProxy.receiveAuthnResponseFromCountry(authnResponseDto, sessionId)).build();
    }
    return Response.status(Response.Status.NOT_FOUND).build();
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:37,代码来源:SamlMessageReceiverApi.java

示例9: createCountryEntityDescriptor

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
    Signature entityDescriptorSignature = createSignature();
    KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder
            .anIdpSsoDescriptor()
            .addKeyDescriptor(keyDescriptor)
            .build();
    try {
        return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
    } catch (MarshallingException | SignatureException e) {
        throw Throwables.propagate(e);
    }
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:14,代码来源:NodeMetadataFactory.java

示例10: getEntityDescriptor

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
private static EntityDescriptor getEntityDescriptor(String entityID, IDPSSODescriptor idpssoDescriptor, Signature entityDescriptorSignature) throws MarshallingException, SignatureException {
    return EntityDescriptorBuilder
            .anEntityDescriptor()
            .withEntityId(entityID)
            .withIdpSsoDescriptor(idpssoDescriptor)
            .withSignature(entityDescriptorSignature)
            .build();
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:9,代码来源:NodeMetadataFactory.java

示例11: getSingleSignOn

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
public URI getSingleSignOn(String entityId) {
    EidasMetadataResolver metadataResolver = new EidasMetadataResolver(new Timer(), client, URI.create(entityId));

    try {
        EntityDescriptor idpEntityDescriptor;
        try {
            CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(entityId));
            idpEntityDescriptor = metadataResolver.resolveSingle(criteria);
        } catch (ResolverException e) {
            LOG.error(format("Exception when accessing metadata: {0}", e));
            throw propagate(e);
        }

        if (idpEntityDescriptor != null) {
            final IDPSSODescriptor idpssoDescriptor = idpEntityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
            final List<SingleSignOnService> singleSignOnServices = idpssoDescriptor.getSingleSignOnServices();
            if (singleSignOnServices.isEmpty()) {
                LOG.error(format("No singleSignOnServices present for IDP entityId: {0}", entityId));
            } else {
                if (singleSignOnServices.size() > 1) {
                    LOG.warn(format("More than one singleSignOnService present: {0} for {1}", singleSignOnServices.size(), entityId));
                }
                return URI.create(singleSignOnServices.get(0).getLocation());
            }
        }

        throw ApplicationException.createUnauditedException(ExceptionType.NOT_FOUND, UUID.randomUUID(), new RuntimeException(format("no entity descriptor for IDP: {0}", entityId)));
    } finally {
        if (metadataResolver != null) {
            metadataResolver.destroy();
        }
    }
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:34,代码来源:CountrySingleSignOnServiceHelper.java

示例12: getEntityDescriptor

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
private static EntityDescriptor getEntityDescriptor(String entityID, IDPSSODescriptor idpssoDescriptor, Signature entityDescriptorSignature) throws MarshallingException, SignatureException {
    return EntityDescriptorBuilder
        .anEntityDescriptor()
        .withEntityId(entityID)
        .withIdpSsoDescriptor(idpssoDescriptor)
        .withSignature(entityDescriptorSignature)
        .build();
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:9,代码来源:NodeMetadataFactory.java

示例13: setup

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
@Before
public void setup() throws Exception {
    IdaSamlBootstrap.bootstrap();
    service = new CountryAuthnResponseTranslatorService(
            stringToOpenSamlResponseTransformer,
            responseFromCountryValidator,
            new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()),
            responseAssertionsFromCountryValidator,
            validateSamlResponseIssuedByIdpDestination,
            assertionDecrypter,
            assertionBlobEncrypter,
            samlResponseSignatureValidator,
            samlAssertionsSignatureValidator,
            new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));

    Response eidasSAMLResponse = (Response) buildResponseFromFile();
    ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
    List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();

    when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
    when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
    when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
    doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
    when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
    when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
    when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
    when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
 
开发者ID:alphagov,项目名称:verify-hub,代码行数:29,代码来源:CountryAuthnResponseTranslatorServiceTest.java

示例14: translate

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
public TranslatedResponseBody translate(
    List<Assertion> assertions,
    String expectedInResponseTo,
    LevelOfAssurance expectedLevelOfAssurance,
    String entityId
) {
    validateAssertions(assertions);
    Assertion assertion = assertions.get(0);

    assertionValidator.validate(assertion, expectedInResponseTo, entityId);
    assertionsSignatureValidator.validate(assertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);

    AuthnStatement authnStatement = assertion.getAuthnStatements().get(0);

    LevelOfAssurance levelOfAssurance = extractLevelOfAssurance(authnStatement);
    LevelOfAssuranceValidator levelOfAssuranceValidator = new LevelOfAssuranceValidator();
    levelOfAssuranceValidator.validate(levelOfAssurance, expectedLevelOfAssurance);

    String nameID = assertion.getSubject().getNameID().getValue();
    List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    if (isUserAccountCreation(attributeStatements)) {
        return new TranslatedResponseBody(
            ACCOUNT_CREATION,
            nameID,
            levelOfAssurance,
            AttributeTranslationService.translateAttributes(attributeStatements.get(0))
        );

    }

    return new TranslatedResponseBody(SUCCESS_MATCH, nameID, levelOfAssurance, null);
}
 
开发者ID:alphagov,项目名称:verify-service-provider,代码行数:33,代码来源:AssertionTranslator.java

示例15: invokeOutboundMessageHandlers

import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; //导入依赖的package包/类
protected final void invokeOutboundMessageHandlers(final SPSSODescriptor spDescriptor,
                                                   final IDPSSODescriptor idpssoDescriptor,
                                                   final SAML2MessageContext outboundContext) {

    try {
        final EndpointURLSchemeSecurityHandler handlerEnd =
                new EndpointURLSchemeSecurityHandler();
        handlerEnd.initialize();
        handlerEnd.invoke(outboundContext);

        final SAMLOutboundDestinationHandler handlerDest =
                new SAMLOutboundDestinationHandler();
        handlerDest.initialize();
        handlerDest.invoke(outboundContext);

        if (spDescriptor.isAuthnRequestsSigned()) {
            final SAMLOutboundProtocolMessageSigningHandler handler = new
                    SAMLOutboundProtocolMessageSigningHandler();
            handler.invoke(outboundContext);

        } else if (idpssoDescriptor.getWantAuthnRequestsSigned()) {
            logger.warn("IdP wants authn requests signed, it will perhaps reject your authn requests unless you provide a keystore");
        }
    } catch (final Exception e) {
        throw new SAMLException(e);
    }

}
 
开发者ID:yaochi,项目名称:pac4j-plus,代码行数:29,代码来源:SAML2WebSSOMessageSender.java


注:本文中的org.opensaml.saml.saml2.metadata.IDPSSODescriptor类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。