}
}
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
- "Unable to construct NameIdentifier"));
+ "Unable to construct NameIdentifier"));
throw new ProfileException("No principal attribute supported encoding into the a supported name ID format.");
} catch (AttributeEncodingException e) {
log.error("Unable to construct NameIdentifier", e);
}
/**
+ * Resolved the attributes for the principal.
+ *
+ * @param requestContext current request context
+ *
+ * @throws ProfileException thrown if attributes can not be resolved
+ */
+ protected void resolveAttributes(SAML1ProfileRequestContext requestContext) throws ProfileException {
+ AbstractSAML1ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
+ SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
+
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
+ + " of SAML request from relying party " + requestContext.getRelyingPartyId());
+ }
+ Map<String, BaseAttribute> principalAttributes = attributeAuthority
+ .getAttributes(buildAttributeRequestContext(requestContext));
+
+ requestContext.setPrincipalAttributes(principalAttributes);
+ } catch (AttributeRequestException e) {
+ log.error("Error resolving attributes for SAML request from relying party "
+ + requestContext.getRelyingPartyId(), e);
+ requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error resolving attributes"));
+ throw new ProfileException("Error resolving attributes for SAML request from relying party "
+ + requestContext.getRelyingPartyId(), e);
+ }
+ }
+
+ /**
* Executes a query for attributes and builds a SAML attribute statement from the results.
*
* @param requestContext current request context
SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
try {
- if (log.isDebugEnabled()) {
- log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
- + " of SAML request from relying party " + requestContext.getRelyingPartyId());
- }
- Map<String, BaseAttribute> principalAttributes = attributeAuthority
- .getAttributes(buildAttributeRequestContext(requestContext));
-
- requestContext.setPrincipalAttributes(principalAttributes);
-
AttributeStatement statment;
if (requestContext.getSamlRequest() instanceof AttributeQuery) {
statment = attributeAuthority.buildAttributeStatement((AttributeQuery) requestContext.getSamlRequest(),
- principalAttributes.values());
+ requestContext.getPrincipalAttributes().values());
} else {
- statment = attributeAuthority.buildAttributeStatement(null, principalAttributes.values());
+ statment = attributeAuthority.buildAttributeStatement(null, requestContext.getPrincipalAttributes()
+ .values());
}
Subject statementSubject = buildSubject(requestContext, subjectConfMethod);
return statment;
} catch (AttributeRequestException e) {
- log.error("Error resolving attributes for SAML request from relying party "
- + requestContext.getRelyingPartyId(), e);
+ log.error("Error encoding attributes for principal " + requestContext.getPrincipalName(), e);
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error resolving attributes"));
- throw new ProfileException("Error resolving attributes for SAML request from relying party "
- + requestContext.getRelyingPartyId(), e);
+ throw new ProfileException("Error encoding attributes for principal " + requestContext.getPrincipalName(),
+ e);
}
}
auditLogEntry.setPrincipalName(context.getPrincipalName());
auditLogEntry.setAssertingPartyId(context.getAssertingPartyId());
auditLogEntry.setRelyingPartyId(context.getRelyingPartyId());
- if(context.getMessageDecoder() != null){
+ if (context.getMessageDecoder() != null) {
auditLogEntry.setRequestBinding(context.getMessageDecoder().getBindingURI());
}
auditLogEntry.setRequestId(null);
auditLogEntry.setResponseBinding(context.getMessageEncoder().getBindingURI());
auditLogEntry.setResponseId(context.getSamlResponse().getID());
- if(context.getPrincipalAttributes() != null){
+ if (context.getPrincipalAttributes() != null) {
auditLogEntry.getReleasedAttributes().addAll(context.getPrincipalAttributes().keySet());
}
getAduitLog().log(Level.CRITICAL, auditLogEntry);
}
resolvePrincipal(requestContext);
+ resolveAttributes(requestContext);
ArrayList<Statement> statements = new ArrayList<Statement>();
statements.add(buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"));
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "User failed authentication"));
throw new ProfileException("User failed authentication");
}
-
- //TODO currently attribute query must come first in order to get the principal's attributes, fix this
- AttributeStatement attributeStatement = buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:bearer");
- AuthenticationStatement authnStatement = buildAuthenticationStatement(requestContext);
+
+ resolveAttributes(requestContext);
ArrayList<Statement> statements = new ArrayList<Statement>();
- //TODO make this more effecient
- statements.add(authnStatement);
+ statements.add(buildAuthenticationStatement(requestContext));
if (requestContext.getProfileConfiguration().includeAttributeStatement()) {
- statements.add(attributeStatement);
+ statements.add(buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:bearer"));
}
samlResponse = buildResponse(requestContext, statements);
response.setVersion(SAMLVersion.VERSION_20);
response.setIssuer(buildEntityIssuer(requestContext));
}
+
+ /**
+ * Resolves the attributes for the principal.
+ *
+ * @param requestContext current request context
+ *
+ * @throws ProfileException thrown if there is a problem resolved attributes
+ */
+ protected void resolveAttributes(SAML2ProfileRequestContext requestContext) throws ProfileException{
+ AbstractSAML2ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
+ SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
+
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
+ + " of SAML request " + requestContext.getSamlRequest().getID() + " from relying party "
+ + requestContext.getRelyingPartyId());
+ }
+ Map<String, BaseAttribute> principalAttributes = attributeAuthority
+ .getAttributes(buildAttributeRequestContext(requestContext));
+
+ requestContext.setPrincipalAttributes(principalAttributes);
+ } catch (AttributeRequestException e) {
+ log.error("Error resolving attributes for SAML request " + requestContext.getSamlRequest().getID()
+ + " from relying party " + requestContext.getRelyingPartyId(), e);
+ requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error resolving attributes"));
+ throw new ProfileException("Error resolving attributes for SAML request "
+ + requestContext.getSamlRequest().getID() + " from relying party "
+ + requestContext.getRelyingPartyId(), e);
+ }
+ }
/**
* Executes a query for attributes and builds a SAML attribute statement from the results.
*/
protected AttributeStatement buildAttributeStatement(SAML2ProfileRequestContext requestContext)
throws ProfileException {
-
if (log.isDebugEnabled()) {
log.debug("Creating attribute statement in response to SAML request "
+ requestContext.getSamlRequest().getID() + " from relying party "
+ requestContext.getRelyingPartyId());
}
-
AbstractSAML2ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
-
try {
- if (log.isDebugEnabled()) {
- log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
- + " of SAML request " + requestContext.getSamlRequest().getID() + " from relying party "
- + requestContext.getRelyingPartyId());
- }
- Map<String, BaseAttribute> principalAttributes = attributeAuthority
- .getAttributes(buildAttributeRequestContext(requestContext));
-
- requestContext.setPrincipalAttributes(principalAttributes);
-
if (requestContext.getSamlRequest() instanceof AttributeQuery) {
return attributeAuthority.buildAttributeStatement((AttributeQuery) requestContext.getSamlRequest(),
- principalAttributes.values());
+ requestContext.getPrincipalAttributes().values());
} else {
- return attributeAuthority.buildAttributeStatement(null, principalAttributes.values());
+ return attributeAuthority.buildAttributeStatement(null, requestContext.getPrincipalAttributes().values());
}
} catch (AttributeRequestException e) {
- log.error("Error resolving attributes for SAML request " + requestContext.getSamlRequest().getID()
- + " from relying party " + requestContext.getRelyingPartyId(), e);
+ log.error("Error encoding attributes for principal " + requestContext.getPrincipalName(), e);
requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error resolving attributes"));
- throw new ProfileException("Error resolving attributes for SAML request "
- + requestContext.getSamlRequest().getID() + " from relying party "
- + requestContext.getRelyingPartyId(), e);
+ throw new ProfileException("Error encoding attributes for principal " + requestContext.getPrincipalName(), e);
}
}
// Resolve attribute query name id to principal name and place in context
resolvePrincipal(requestContext);
+
+ resolveAttributes(requestContext);
// Lookup principal name and attributes, create attribute statement from information
ArrayList<Statement> statements = new ArrayList<Statement>();
import org.opensaml.common.binding.encoding.MessageEncoder;
import org.opensaml.common.binding.security.SAMLSecurityPolicy;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.SubjectLocality;
import org.opensaml.saml2.binding.AuthnResponseEndpointSelector;
-import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextDeclRef;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Statement;
import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.SubjectLocality;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
Response samlResponse;
try {
if (loginContext.getPrincipalName() == null) {
+ log.error("User's login context did not contain a principal, user considered unauthenticiated.");
requestContext
.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI, null));
throw new ProfileException("User failed authentication");
}
-
- AuthnStatement authnStatement = buildAuthnStatement(requestContext);
- AttributeStatement attributeStatement = buildAttributeStatement(requestContext);
+
+ resolveAttributes(requestContext);
ArrayList<Statement> statements = new ArrayList<Statement>();
- statements.add(authnStatement);
- //TODO this isn't very effecient, support this flag better
+ statements.add(buildAuthnStatement(requestContext));
if(requestContext.getProfileConfiguration().includeAttributeStatement()){
- statements.add(attributeStatement);
+ statements.add(buildAttributeStatement(requestContext));
}
samlResponse = buildResponse(requestContext, "urn:oasis:names:tc:SAML:2.0:cm:bearer", statements);
projects / java-idp.git / commitdiff