import org.opensaml.saml1.core.Statement;
import org.opensaml.saml1.core.StatusCode;
import org.opensaml.saml1.core.Subject;
+import org.opensaml.saml1.core.SubjectLocality;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.RoleDescriptor;
/** Builder of AuthenticationStatement objects. */
private SAMLObjectBuilder<AuthenticationStatement> authnStatementBuilder;
+ /** Builder of SubjectLocality objects. */
+ private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
+
/** URL of the authentication manager servlet. */
private String authenticationManagerPath;
authnStatementBuilder = (SAMLObjectBuilder<AuthenticationStatement>) getBuilderFactory().getBuilder(
AuthenticationStatement.DEFAULT_ELEMENT_NAME);
+
+ subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
+ SubjectLocality.DEFAULT_ELEMENT_NAME);
}
/**
requestContext.setRelyingPartyId(relyingPartyId);
populateRelyingPartyData(requestContext);
-
+
populateAssertingPartyData(requestContext);
-
+
return requestContext;
}
ShibbolethConstants.SAML11P_NS);
if (relyingPartyRole == null) {
- relyingPartyRole = requestContext.getRelyingPartyMetadata()
- .getSPSSODescriptor(ShibbolethConstants.SAML10P_NS);
+ relyingPartyRole = requestContext.getRelyingPartyMetadata().getSPSSODescriptor(
+ ShibbolethConstants.SAML10P_NS);
if (relyingPartyRole == null) {
throw new MetadataProviderException("Unable to locate SPSSO role descriptor for entity "
+ requestContext.getRelyingPartyId());
statement.setAuthenticationInstant(loginContext.getAuthenticationInstant());
statement.setAuthenticationMethod(loginContext.getAuthenticationMethod());
- // TODO
- statement.setSubjectLocality(null);
+ statement.setSubjectLocality(buildSubjectLocality(requestContext));
Subject statementSubject = buildSubject(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
statement.setSubject(statementSubject);
}
/**
+ * Constructs the subject locality for the authentication statement.
+ *
+ * @param requestContext curent request context
+ *
+ * @return subject locality for the authentication statement
+ */
+ protected SubjectLocality buildSubjectLocality(ShibbolethSSORequestContext requestContext) {
+ SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+
+ ShibbolethSSOConfiguration profileConfig = requestContext.getProfileConfiguration();
+ HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getProfileRequest().getRawRequest();
+
+ if (profileConfig.getLocalityAddress() != null) {
+ subjectLocality.setIPAddress(profileConfig.getLocalityAddress());
+ } else {
+ subjectLocality.setIPAddress(httpRequest.getLocalAddr());
+ }
+
+ if (profileConfig.getLocalityDNSName() != null) {
+ subjectLocality.setDNSAddress(profileConfig.getLocalityDNSName());
+ } else {
+ subjectLocality.setDNSAddress(httpRequest.getLocalName());
+ }
+
+ return subjectLocality;
+ }
+
+ /**
* Encodes the request's SAML response and writes it to the servlet response.
*
* @param requestContext current request context
import org.opensaml.common.binding.encoding.MessageEncoder;
import org.opensaml.common.binding.security.SAMLSecurityPolicy;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.SubjectLocality;
import org.opensaml.saml2.binding.AuthnResponseEndpointSelector;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
/** Builder of AuthnContextDeclRef objects. */
private SAMLObjectBuilder<AuthnContextDeclRef> authnContextDeclRefBuilder;
+ /** Builder of SubjectLocality objects. */
+ private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
+
/** URL of the authentication manager servlet. */
private String authenticationManagerPath;
AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
authnContextDeclRefBuilder = (SAMLObjectBuilder<AuthnContextDeclRef>) getBuilderFactory().getBuilder(
AuthnContextDeclRef.DEFAULT_ELEMENT_NAME);
+ subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
+ SubjectLocality.DEFAULT_ELEMENT_NAME);
}
/**
String relyingParty = securityPolicy.getIssuer();
RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingParty);
- if(rpConfig == null){
+ if (rpConfig == null) {
log.error("No relying party configuration for " + relyingParty);
throw new ProfileException("No relying party configuration for " + relyingParty);
}
loginContext.getAuthenticationDuration()));
}
- // TODO
- statement.setSubjectLocality(null);
+ statement.setSubjectLocality(buildSubjectLocality(requestContext));
return statement;
}
}
/**
+ * Constructs the subject locality for the authentication statement.
+ *
+ * @param requestContext curent request context
+ *
+ * @return subject locality for the authentication statement
+ */
+ protected SubjectLocality buildSubjectLocality(SSORequestContext requestContext) {
+ SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+
+ SSOConfiguration profileConfig = requestContext.getProfileConfiguration();
+ HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getProfileRequest().getRawRequest();
+
+ if (profileConfig.getLocalityAddress() != null) {
+ subjectLocality.setAddress(profileConfig.getLocalityAddress());
+ } else {
+ subjectLocality.setAddress(httpRequest.getLocalAddr());
+ }
+
+ if (profileConfig.getLocalityDNSName() != null) {
+ subjectLocality.setDNSName(profileConfig.getLocalityDNSName());
+ } else {
+ subjectLocality.setDNSName(httpRequest.getLocalName());
+ }
+
+ return subjectLocality;
+ }
+
+ /**
* Encodes the request's SAML response and writes it to the servlet response.
*
* @param requestContext current request context
encoder.setRelyingParty(requestContext.getRelyingPartyMetadata());
encoder.setRelyingPartyEndpoint(relyingPartyEndpoint);
encoder.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
- ProfileResponse<ServletResponse> profileResponse = requestContext.getProfileResponse();
+ ProfileResponse<ServletResponse> profileResponse = requestContext.getProfileResponse();
encoder.setResponse(profileResponse.getRawResponse());
encoder.setSamlMessage(requestContext.getSamlResponse());
requestContext.setMessageEncoder(encoder);