Java源码示例:org.opensaml.saml.saml2.core.impl.IssuerBuilder
示例1
public AuthnRequest build(String serviceEntityId) {
AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID(String.format("_%s", UUID.randomUUID()));
authnRequest.setIssueInstant(DateTime.now());
authnRequest.setForceAuthn(false);
authnRequest.setDestination(destination.toString());
authnRequest.setExtensions(createExtensions());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(serviceEntityId);
authnRequest.setIssuer(issuer);
authnRequest.setSignature(createSignature());
try {
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
Signer.signObject(authnRequest.getSignature());
} catch (SignatureException | MarshallingException e) {
throw new SAMLRuntimeException("Unknown problem while signing SAML object", e);
}
return authnRequest;
}
示例2
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId, String nameIdFormat) {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
return logoutReq;
}
示例3
/**
* Overload Logout request for sessionIndexId is not exist case
*
* @param subject Subject
* @param reason Reason for logout
* @param issuerId id of issuer
* @return SAML logout request
*/
public LogoutRequest buildLogoutRequest(String subject, String reason,
String issuerId, String nameIdFormat) {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
logoutReq.setReason(reason);
return logoutReq;
}
示例4
@Before
public void mockAuthnRequestFactory() {
authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID(TEST_REQUEST_ID);
authnRequest.setDestination(TEST_DESTINATION);
authnRequest.setIssueInstant(DateTime.parse(TEST_ISSUE_INSTANT));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(TEST_ISSUER);
authnRequest.setIssuer(issuer);
reset(authnRequestFactory);
}
示例5
/**
* Create the issuer object to be added
*
* @return : the issuer of the statements
*/
private static Issuer createIssuer() {
IssuerBuilder issuer = (IssuerBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().
getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
Issuer issuerObject = issuer.buildObject();
issuerObject.setValue("https://identity.carbon.wso2.org");
issuerObject.setSPProvidedID("SPPProvierId");
return issuerObject;
}
示例6
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildSignedLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
throws SSOHostObjectException {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
logoutReq.setDestination(destination);
SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentCarbonX509Credential));
return logoutReq;
}
示例7
/**
* Overload Logout request for sessionIndexId is not exist case
*
* @param subject Subject
* @param reason Reason for logout
* @param issuerId id of issuer
* @return Signed SAML logout request
*/
public LogoutRequest buildSignedLogoutRequest(String subject, String reason,
String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
throws SSOHostObjectException {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
logoutReq.setReason(reason);
logoutReq.setDestination(destination);
SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentCarbonX509Credential));
return logoutReq;
}
示例8
/**
* Build the issuer object
*
* @return Issuer object
*/
private static Issuer buildIssuer(String issuerId) {
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
return issuer;
}
示例9
@PreAuthorize("isAuthenticated() and not(hasRole('" + IdRepoEntitlement.ANONYMOUS + "'))")
public SAML2RequestTO createLogoutRequest(final String accessToken, final String spEntityID) {
check();
// 1. fetch the current JWT used for Syncope authentication
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
throw new IllegalArgumentException("Invalid signature found in Access Token");
}
// 2. look for IdP
String idpEntityID = (String) consumer.getJwtClaims().getClaim(JWT_CLAIM_IDP_ENTITYID);
if (idpEntityID == null) {
throw new NotFoundException("No SAML 2.0 IdP information found in the access token");
}
SAML2IdPEntity idp = cache.get(idpEntityID);
if (idp == null) {
throw new NotFoundException("SAML 2.0 IdP '" + idpEntityID + '\'');
}
if (idp.getSLOLocation(idp.getBindingType()) == null) {
throw new IllegalArgumentException("No SingleLogoutService available for " + idp.getId());
}
// 3. create LogoutRequest
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
logoutRequest.setID('_' + SecureRandomUtils.generateRandomUUID().toString());
logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation());
DateTime now = new DateTime();
logoutRequest.setIssueInstant(now);
logoutRequest.setNotOnOrAfter(now.plusMinutes(5));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(spEntityID);
logoutRequest.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_FORMAT));
nameID.setValue((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_VALUE));
logoutRequest.setNameID(nameID);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_SESSIONINDEX));
logoutRequest.getSessionIndexes().add(sessionIndex);
SAML2RequestTO requestTO = new SAML2RequestTO();
requestTO.setIdpServiceAddress(logoutRequest.getDestination());
requestTO.setBindingType(idp.getBindingType());
try {
// 3. generate relay state as JWT
Map<String, Object> claims = new HashMap<>();
claims.put(JWT_CLAIM_IDP_DEFLATE,
idp.getBindingType() == SAML2BindingType.REDIRECT ? true : idp.isUseDeflateEncoding());
Pair<String, Date> relayState = accessTokenDataBinder.generateJWT(
SecureRandomUtils.generateRandomUUID().toString(),
logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
requestTO.setRelayState(relayState.getLeft());
// 4. sign and encode AuthnRequest
switch (idp.getBindingType()) {
case REDIRECT:
requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, true));
requestTO.setSignAlg(saml2rw.getSigAlgo());
requestTO.setSignature(saml2rw.sign(requestTO.getContent(), requestTO.getRelayState()));
break;
case POST:
default:
saml2rw.sign(logoutRequest);
requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, idp.isUseDeflateEncoding()));
}
} catch (Exception e) {
LOG.error("While generating LogoutRequest", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
return requestTO;
}
