<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
+ <classpathentry excluding="classpath/|conf/" including="META-INF/" kind="src" path="resources"/>
<classpathentry kind="src" path="resources/conf"/>
<classpathentry kind="src" path="tests"/>
- <classpathentry excluding="*|classpath/|conf/" including="META-INF" kind="src" path="resources"/>
<classpathentry kind="src" path="resources/classpath"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry combineaccessrules="false" exported="true" kind="src" path="/java-shib-common"/>
<mkdir dir="${idp.home}/logs" />
<mkdir dir="${idp.home}/bin" />
<mkdir dir="${idp.home}/war" />
+ <mkdir dir="${idp.home}/temp/metadata" />
<copy todir="${idp.home}/lib" preservelastmodified="true">
<fileset dir="${lib.dir}" />
<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
xmlns="urn:mace:shibboleth:2.0:afp"
+ xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd">
+ xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
+ urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
+
+ <AttributeFilterPolicy id="Anyone">
+ <PolicyRequirementRule xsi:type="basic:ANY" />
+
+ <AttributeRule attributeID="uid">
+ <PermitValueRule xsi:type="basic:ANY" />
+ </AttributeRule>
+
+ <AttributeRule attributeID="cn">
+ <PermitValueRule xsi:type="basic:ANY" />
+ </AttributeRule>
+
+ </AttributeFilterPolicy>
</AttributeFilterPolicyGroup>
\ No newline at end of file
<AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd">
-
+ xmlns:simple="urn:mace:shibboleth:2.0:resolver:ad:simple"
+ xmlns:static="urn:mace:shibboleth:2.0:resolver:dc:static"
+ xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
+ urn:mace:shibboleth:2.0:resolver:ad:simple classpath:/schema/shibboleth-2.0-attribute-resolver-ad-simple.xsd
+ urn:mace:shibboleth:2.0:resolver:dc:static classpath:/schema/shibboleth-2.0-attribute-resolver-dc-static.xsd">
+
+ <resolver:DataConnector xsi:type="static:Static" id="static">
+ <static:Attribute id="uid">
+ <static:Value>testuser</static:Value>
+ </static:Attribute>
+ <static:Attribute id="cn">
+ <static:Value>Test User</static:Value>
+ </static:Attribute>
+ </resolver:DataConnector>
+
</AttributeResolver>
\ No newline at end of file
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
default-autowire="byType">
-
- <bean id="shibboleth.ServletAttributeExporter"
- class="org.springframework.web.context.support.ServletContextAttributeExporter">
- <property name="attributes">
- <map>
- <entry>
- <key>
- <value>handlerManager</value>
- </key>
- <ref bean="shibboleth.ProfileHandler" />
- </entry>
- </map>
- </property>
- </bean>
+ <!-- Spring configuration file that boostraps OpenSAML -->
+ <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" lazy-init="false">
+ <constructor-arg>
+ <list>
+ <bean id="default" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/default-config.xml" />
+ </bean>
+ <bean id="schema" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/schema-config.xml" />
+ </bean>
+ <bean id="signature" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/signature-config.xml" />
+ </bean>
+ <bean id="encryption" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/encryption-config.xml" />
+ </bean>
+ <bean id="soap11" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/soap11-config.xml" />
+ </bean>
+ <bean id="saml1Assertion" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml1-assertion-config.xml" />
+ </bean>
+ <bean id="saml1Protocol" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml1-protocol-config.xml" />
+ </bean>
+ <bean id="saml1Metadata" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml1-metadata-config.xml" />
+ </bean>
+ <bean id="saml2Assertion" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml2-assertion-config.xml" />
+ </bean>
+ <bean id="saml2Protocol" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml2-protocol-config.xml" />
+ </bean>
+ <bean id="saml2ThirdParty" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml2-protocol-thirdparty-config.xml" />
+ </bean>
+ <bean id="saml2Metadata" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml2-metadata-config.xml" />
+ </bean>
+ <bean id="saml2MetadataQuery" class="org.opensaml.util.resource.ClasspathResource">
+ <constructor-arg value="/saml2-metadata-query-config.xml" />
+ </bean>
+ </list>
+ </constructor-arg>
+ </bean>
+
<bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" >
<property name="velocityProperties">
<props>
<property name="encoderBuilders">
<map>
<entry>
- <key value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
+ </key>
<bean id="shibboleth.SAML2HttpPostEncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPPostEncoderBuilder">
<constructor-arg ref="shibboleth.VelocityEngine" />
<constructor-arg value="/templates/saml2-post-binding.vm"/>
</bean>
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
- <bean id="shibboleth.SAML2HttpRedirectEncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPRedirectDefalteEncoderBuilder" />
+ <key>
+ <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
+ </key>
+ <bean id="shibboleth.SAML2HttpRedirectEncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoderBuilder" />
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
+ </key>
<bean id="shibboleth.SAML2HttpSoap11EncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11EncoderBuilder" />
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
+ </key>
<bean id="shibboleth.SAML1HttpPostEncoderBuilder" class="org.opensaml.saml1.binding.encoding.HTTPPostEncoderBuilder">
<constructor-arg ref="shibboleth.VelocityEngine" />
<constructor-arg value="/templates/saml1-post-binding.vm"/>
</bean>
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
+ </key>
<bean id="shibboleth.SAML1HttpSoap11EncoderBuilder" class="org.opensaml.saml1.binding.encoding.HTTPSOAP11EncoderBuilder" />
</entry>
</map>
<property name="decoderBuilders">
<map>
<entry>
- <key value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
+ </key>
<bean id="shibboleth.SAML2HttpPostDecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPPostDecoderBuilder" />
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
- <bean id="shibboleth.SAML2HttpRedirectDecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPRedirectDefalteDecoderBuilder" />
+ <key>
+ <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
+ </key>
+ <bean id="shibboleth.SAML2HttpRedirectDecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoderBuilder" />
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
+ </key>
<bean id="shibboleth.SAML2HttpSoap11DecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPSOAP11DecoderBuilder" />
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
+ </key>
<bean id="shibboleth.SAML1HttpPostDecoderBuilder" class="org.opensaml.saml1.binding.decoding.HTTPPostDecoderBuilder" />
</entry>
<entry>
- <key value="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"/>
+ <key>
+ <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
+ </key>
<bean id="shibboleth.SAML1HttpSoap11DecoderBuilder" class="org.opensaml.saml1.binding.decoding.HTTPSOAP11DecoderBuilder" />
</entry>
</map>
</property>
</bean>
+ <bean id="shibboleth.ServletAttributeExporter"
+ class="org.springframework.web.context.support.ServletContextAttributeExporter">
+ <property name="attributes">
+ <map>
+ <entry>
+ <key>
+ <value>handlerManager</value>
+ </key>
+ <ref bean="shibboleth.ProfileHandler" />
+ </entry>
+ </map>
+ </property>
+ </bean>
+
</beans>
\ No newline at end of file
<RequestPath>/shibboleth/IdP/status</RequestPath>
</ProfileHandler>
+<!--
<ProfileHandler xsi:type="idpProfile:SAML2SSO">
<RequestPath>/shibboleth/IdP/saml2/HTTP/SSO</RequestPath>
</ProfileHandler>
<ProfileHandler xsi:type="idpProfile:SAML2AttributeQuery">
<RequestPath>/shibboleth/IdP/saml2/SOAP/attribute</RequestPath>
</ProfileHandler>
+-->
</ProfileHandlerGroup>
\ No newline at end of file
<DefaultRelyingParty provider="http://example.org/IdP" />
<RelyingParty id="urn:mace:incommon"
- provider="http://example.org/IdP"
- defaultSigningCredentialRef="MySigningKey">
+ provider="http://example.org/IdP">
+ <!--
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
+ -->
</RelyingParty>
<MetadataProvider xsi:type="FileBackedURLMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
id="incommon-metadata"
- metadataUrl="https://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"
- backingFile="$IDP_HOME/temp/metadata/incommon.xml"/>
-
- <Credential xsi:type="InlineCredential" xmlns="urn:mace:shibboleth:2.0:credential"
- id="MySigningKey">
- <PrivateKey>
- <!-- Encoded key -->
- </PrivateKey>
- <PublicKey>
- <!-- Encoded key -->
- </PublicKey>
- </Credential>
+ metadataURL="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"
+ backingFile="$IDP_HOME$/temp/metadata/incommon.xml"/>
</RelyingPartyGroup>
\ No newline at end of file
urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
+<!--
<LoggingConfiguration>$IDP_HOME$/conf/logging.xml</LoggingConfiguration>
+-->
<Service id="shibboleth.ProfileHandler"
xmlns="urn:mace:shibboleth:2.0:services"
children = configChildren.get(new QName(IdPServicesNamespaceHandler.NAMESPACE, "LoggingConfiguration"));
if (children != null && children.size() > 0) {
- builder.addConstructorArg(SpringConfigurationUtils.parseCustomElement(children.get(0), context));
+ builder.addPropertyValue("loggingService", SpringConfigurationUtils.parseCustomElement(children.get(0), context));
}
children = configChildren.get(new QName(ServiceNamespaceHandler.NAMESPACE, "Service"));
import org.apache.log4j.Logger;
import org.opensaml.log.Level;
-import org.opensaml.resource.FilesystemResource;
-import org.opensaml.resource.ResourceChangeWatcher;
-import org.opensaml.resource.ResourceException;
+import org.opensaml.util.resource.FilesystemResource;
+import org.opensaml.util.resource.ResourceChangeWatcher;
+import org.opensaml.util.resource.ResourceException;
import org.opensaml.xml.util.DatatypeHelper;
import edu.internet2.middleware.shibboleth.common.log.Log4jConfigFileResourceListener;
* @param logging logging service for the IdP
* @param loadedServices service components loaded into the IdP
*/
- public IdPServicesBean(IdPLoggingService logging, List<BaseService> loadedServices) {
- loggingService = logging;
+ public IdPServicesBean(List<BaseService> loadedServices) {
services = loadedServices;
}
public IdPLoggingService getLoggingService() {
return loggingService;
}
+
+ public void setLoggingService(IdPLoggingService service){
+ loggingService = service;
+ }
/**
* Gets the service components loaded into the IdP.
package edu.internet2.middleware.shibboleth.idp.profile.saml1;
+import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
*/
public class AttributeQuery extends AbstractSAML1ProfileHandler {
- /** Class logger. */
- private static Logger log = Logger.getLogger(AttributeQuery.class);
-
/** {@inheritDoc} */
- public boolean processRequest(ProfileRequest request, ProfileResponse response) throws ServletException {
- if (log.isDebugEnabled()) {
- log.debug("begin processRequest");
- }
-
- // get message from the decoder
- org.opensaml.saml1.core.AttributeQuery message = null;
- try {
- message = (org.opensaml.saml1.core.AttributeQuery) decodeMessage(request);
- } catch (BindingException e) {
- log.error("Error decoding attribute query message", e);
- throw new ServletException("Error decoding attribute query message");
- }
-
- // get attribute statement from attribute authority
- AttributeAuthority aa = new AttributeAuthority();
- aa.setAttributeResolver(getAttributeResolver());
- aa.setFilteringEngine(getFilteringEngine());
- aa.setRelyingPartyConfiguration(getRelyingPartyConfiguration());
- aa.setSecurityPolicy(getDecoder().getSecurityPolicy());
- aa.setRequest(request);
- AttributeStatement statement = null;
- try {
- statement = aa.performAttributeQuery(message);
- } catch (AttributeResolutionException e) {
- log.error("Error resolving attributes", e);
- throw new ServletException("Error resolving attributes");
- } catch (FilteringException e) {
- log.error("Error filtering attributes", e);
- throw new ServletException("Error filtering attributes");
- }
-
- // construct response
- Response samlResponse = null;
- try {
- samlResponse = buildResponse(message, request.getRemoteHost(), new DateTime(), statement);
- } catch (EncryptionException e) {
- log.error("Error encrypting SAML response", e);
- throw new ServletException("Error encrypting SAML response");
- }
- if (log.isDebugEnabled()) {
- log.debug("built saml1 response: " + samlResponse);
- }
-
- // encode response
- try {
- encodeResponse(samlResponse);
- } catch (BindingException e) {
- log.error("Error encoding attribute query response", e);
- throw new ServletException("Error encoding attribute query response");
- }
-
- return true;
- }
-
- /**
- * This builds the response for this SAML request.
- *
- * @param message <code>AttributeQuery</code>
- * @param dest <code>String</code>
- * @param issueInstant <code>DateTime</code>
- * @param statement <code>AttributeStatement</code>
- * @return <code>Response</code>
- * @throws EncryptionException if an error occurs attempting to encrypt data
- */
- private Response buildResponse(org.opensaml.saml1.core.AttributeQuery message, String dest, DateTime issueInstant,
- AttributeStatement statement) throws EncryptionException {
- SAMLObjectBuilder<Response> responseBuilder = (SAMLObjectBuilder<Response>) getBuilderFactory().getBuilder(
- Response.DEFAULT_ELEMENT_NAME);
- /*
- * required: samlp:Status, ID, Version, IssueInstant
- */
- Response response = responseBuilder.buildObject();
- response.setVersion(SAML_VERSION);
- response.setID(getIdGenerator().generateIdentifier());
- response.setInResponseTo(getDecoder().getSecurityPolicy().getIssuer().toString());
- response.setIssueInstant(issueInstant);
- response.setRecipient(dest);
-
- response.setStatus(buildStatus());
- response.getAssertions().add(buildAssertion(message.getSubject(), issueInstant, statement));
- return response;
- }
-
- /**
- * This builds the status response for this SAML request.
- *
- * @return <code>Status</code>
- */
- private Status buildStatus() {
- // build status
- SAMLObjectBuilder<Status> statusBuilder = (SAMLObjectBuilder<Status>) getBuilderFactory().getBuilder(
- Status.DEFAULT_ELEMENT_NAME);
- Status status = statusBuilder.buildObject();
-
- // build status code
- SAMLObjectBuilder<StatusCode> statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) getBuilderFactory()
- .getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
- StatusCode statusCode = statusCodeBuilder.buildObject();
- statusCode.setValue("Success");
- status.setStatusCode(statusCode);
- return status;
- }
-
- /**
- * This builds the assertion for this SAML request.
- *
- * @param messageSubject <code>Subject</code>
- * @param issueInstant <code>DateTime</code>
- * @param statement <code>AttributeStatement</code> of attributes
- * @return <code>Assertion</code>
- * @throws EncryptionException if an error occurs attempting to encrypt data
- */
- private Assertion buildAssertion(Subject messageSubject, DateTime issueInstant, AttributeStatement statement)
- throws EncryptionException {
- // build assertion
- SAMLObjectBuilder<Assertion> assertionBuilder = (SAMLObjectBuilder<Assertion>) getBuilderFactory().getBuilder(
- Assertion.DEFAULT_ELEMENT_NAME);
- /*
- * required: saml:Issuer, ID, Version, IssueInstant
- */
- Assertion assertion = assertionBuilder.buildObject();
- assertion.setID(getIdGenerator().generateIdentifier());
- assertion.setIssueInstant(issueInstant);
- assertion.setVersion(SAML_VERSION);
- assertion.setIssuer(getRelyingPartyConfiguration().getProviderID());
-
- // build subject
- assertion.getSubjectStatements().add(buildSubjectStatement(messageSubject));
- // build conditions
- assertion.setConditions(buildConditions(issueInstant));
- // build advice
- assertion.setAdvice(buildAdvice());
- // add attribute statement
- assertion.getAttributeStatements().add(statement);
- return assertion;
+ public String getProfileId() {
+ // TODO Auto-generated method stub
+ return null;
}
- /**
- * This builds the subject statement for this SAML request.
- *
- * @param messageSubject <code>Subject</code>
- * @return <code>SubjectStatement</code>
- */
- private SubjectStatement buildSubjectStatement(Subject messageSubject) {
- // build subject
- SAMLObjectBuilder<SubjectStatement> subjectStatementBuilder = (SAMLObjectBuilder<SubjectStatement>) getBuilderFactory()
- .getBuilder(SubjectStatement.DEFAULT_ELEMENT_NAME);
- SubjectStatement subjectStatement = subjectStatementBuilder.buildObject();
- subjectStatement.setSubject(messageSubject);
- return subjectStatement;
- }
-
- /**
- * This builds the conditions for this SAML request.
- *
- * @param issueInstant <code>DateTime</code>
- * @return <code>Conditions</code>
- */
- private Conditions buildConditions(DateTime issueInstant) {
- SAMLObjectBuilder<Conditions> conditionsBuilder = (SAMLObjectBuilder<Conditions>) getBuilderFactory()
- .getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
- Conditions conditions = conditionsBuilder.buildObject();
- conditions.setNotBefore(issueInstant);
- // TODO conditions.setNotOnOrAfter();
- // TODO add additional conditions : conditions.getConditions().add(Condition);
- // TODO what about AudienceRestriction, OneTimeUse, ProxyRestriction?
- return conditions;
- }
-
- /**
- * This builds the advice for this SAML request.
- *
- * @return <code>Advice</code>
- */
- private Advice buildAdvice() {
- SAMLObjectBuilder<Advice> adviceBuilder = (SAMLObjectBuilder<Advice>) getBuilderFactory().getBuilder(
- Advice.DEFAULT_ELEMENT_NAME);
- Advice advice = adviceBuilder.buildObject();
- // advice.getAssertionIDReferences().add();
- // advice.getAssertionURIReferences().add();
- // advice.getAssertions().add();
- // advice.getEncryptedAssertions().add();
- // advice.addNamespace(namespace);
- return advice;
+ /** {@inheritDoc} */
+ public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response) throws ProfileException {
+ // TODO Auto-generated method stub
+
}
+//
+// /** Class logger. */
+// private static Logger log = Logger.getLogger(AttributeQuery.class);
+//
+// /** {@inheritDoc} */
+// public boolean processRequest(ProfileRequest request, ProfileResponse response) throws ServletException {
+// if (log.isDebugEnabled()) {
+// log.debug("begin processRequest");
+// }
+//
+// // get message from the decoder
+// org.opensaml.saml1.core.AttributeQuery message = null;
+// try {
+// message = (org.opensaml.saml1.core.AttributeQuery) decodeMessage(request);
+// } catch (BindingException e) {
+// log.error("Error decoding attribute query message", e);
+// throw new ServletException("Error decoding attribute query message");
+// }
+//
+// // get attribute statement from attribute authority
+// AttributeAuthority aa = new AttributeAuthority();
+// aa.setAttributeResolver(getAttributeResolver());
+// aa.setFilteringEngine(getFilteringEngine());
+// aa.setRelyingPartyConfiguration(getRelyingPartyConfiguration());
+// aa.setSecurityPolicy(getDecoder().getSecurityPolicy());
+// aa.setRequest(request);
+// AttributeStatement statement = null;
+// try {
+// statement = aa.performAttributeQuery(message);
+// } catch (AttributeResolutionException e) {
+// log.error("Error resolving attributes", e);
+// throw new ServletException("Error resolving attributes");
+// } catch (FilteringException e) {
+// log.error("Error filtering attributes", e);
+// throw new ServletException("Error filtering attributes");
+// }
+//
+// // construct response
+// Response samlResponse = null;
+// try {
+// samlResponse = buildResponse(message, request.getRemoteHost(), new DateTime(), statement);
+// } catch (EncryptionException e) {
+// log.error("Error encrypting SAML response", e);
+// throw new ServletException("Error encrypting SAML response");
+// }
+// if (log.isDebugEnabled()) {
+// log.debug("built saml1 response: " + samlResponse);
+// }
+//
+// // encode response
+// try {
+// encodeResponse(samlResponse);
+// } catch (BindingException e) {
+// log.error("Error encoding attribute query response", e);
+// throw new ServletException("Error encoding attribute query response");
+// }
+//
+// return true;
+// }
+//
+// /**
+// * This builds the response for this SAML request.
+// *
+// * @param message <code>AttributeQuery</code>
+// * @param dest <code>String</code>
+// * @param issueInstant <code>DateTime</code>
+// * @param statement <code>AttributeStatement</code>
+// * @return <code>Response</code>
+// * @throws EncryptionException if an error occurs attempting to encrypt data
+// */
+// private Response buildResponse(org.opensaml.saml1.core.AttributeQuery message, String dest, DateTime issueInstant,
+// AttributeStatement statement) throws EncryptionException {
+// SAMLObjectBuilder<Response> responseBuilder = (SAMLObjectBuilder<Response>) getBuilderFactory().getBuilder(
+// Response.DEFAULT_ELEMENT_NAME);
+// /*
+// * required: samlp:Status, ID, Version, IssueInstant
+// */
+// Response response = responseBuilder.buildObject();
+// response.setVersion(SAML_VERSION);
+// response.setID(getIdGenerator().generateIdentifier());
+// response.setInResponseTo(getDecoder().getSecurityPolicy().getIssuer().toString());
+// response.setIssueInstant(issueInstant);
+// response.setRecipient(dest);
+//
+// response.setStatus(buildStatus());
+// response.getAssertions().add(buildAssertion(message.getSubject(), issueInstant, statement));
+// return response;
+// }
+//
+// /**
+// * This builds the status response for this SAML request.
+// *
+// * @return <code>Status</code>
+// */
+// private Status buildStatus() {
+// // build status
+// SAMLObjectBuilder<Status> statusBuilder = (SAMLObjectBuilder<Status>) getBuilderFactory().getBuilder(
+// Status.DEFAULT_ELEMENT_NAME);
+// Status status = statusBuilder.buildObject();
+//
+// // build status code
+// SAMLObjectBuilder<StatusCode> statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) getBuilderFactory()
+// .getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
+// StatusCode statusCode = statusCodeBuilder.buildObject();
+// statusCode.setValue("Success");
+// status.setStatusCode(statusCode);
+// return status;
+// }
+//
+// /**
+// * This builds the assertion for this SAML request.
+// *
+// * @param messageSubject <code>Subject</code>
+// * @param issueInstant <code>DateTime</code>
+// * @param statement <code>AttributeStatement</code> of attributes
+// * @return <code>Assertion</code>
+// * @throws EncryptionException if an error occurs attempting to encrypt data
+// */
+// private Assertion buildAssertion(Subject messageSubject, DateTime issueInstant, AttributeStatement statement)
+// throws EncryptionException {
+// // build assertion
+// SAMLObjectBuilder<Assertion> assertionBuilder = (SAMLObjectBuilder<Assertion>) getBuilderFactory().getBuilder(
+// Assertion.DEFAULT_ELEMENT_NAME);
+// /*
+// * required: saml:Issuer, ID, Version, IssueInstant
+// */
+// Assertion assertion = assertionBuilder.buildObject();
+// assertion.setID(getIdGenerator().generateIdentifier());
+// assertion.setIssueInstant(issueInstant);
+// assertion.setVersion(SAML_VERSION);
+// assertion.setIssuer(getRelyingPartyConfiguration().getProviderID());
+//
+// // build subject
+// assertion.getSubjectStatements().add(buildSubjectStatement(messageSubject));
+// // build conditions
+// assertion.setConditions(buildConditions(issueInstant));
+// // build advice
+// assertion.setAdvice(buildAdvice());
+// // add attribute statement
+// assertion.getAttributeStatements().add(statement);
+// return assertion;
+// }
+//
+// /**
+// * This builds the subject statement for this SAML request.
+// *
+// * @param messageSubject <code>Subject</code>
+// * @return <code>SubjectStatement</code>
+// */
+// private SubjectStatement buildSubjectStatement(Subject messageSubject) {
+// // build subject
+// SAMLObjectBuilder<SubjectStatement> subjectStatementBuilder = (SAMLObjectBuilder<SubjectStatement>) getBuilderFactory()
+// .getBuilder(SubjectStatement.DEFAULT_ELEMENT_NAME);
+// SubjectStatement subjectStatement = subjectStatementBuilder.buildObject();
+// subjectStatement.setSubject(messageSubject);
+// return subjectStatement;
+// }
+//
+// /**
+// * This builds the conditions for this SAML request.
+// *
+// * @param issueInstant <code>DateTime</code>
+// * @return <code>Conditions</code>
+// */
+// private Conditions buildConditions(DateTime issueInstant) {
+// SAMLObjectBuilder<Conditions> conditionsBuilder = (SAMLObjectBuilder<Conditions>) getBuilderFactory()
+// .getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
+// Conditions conditions = conditionsBuilder.buildObject();
+// conditions.setNotBefore(issueInstant);
+// // TODO conditions.setNotOnOrAfter();
+// // TODO add additional conditions : conditions.getConditions().add(Condition);
+// // TODO what about AudienceRestriction, OneTimeUse, ProxyRestriction?
+// return conditions;
+// }
+//
+// /**
+// * This builds the advice for this SAML request.
+// *
+// * @return <code>Advice</code>
+// */
+// private Advice buildAdvice() {
+// SAMLObjectBuilder<Advice> adviceBuilder = (SAMLObjectBuilder<Advice>) getBuilderFactory().getBuilder(
+// Advice.DEFAULT_ELEMENT_NAME);
+// Advice advice = adviceBuilder.buildObject();
+// // advice.getAssertionIDReferences().add();
+// // advice.getAssertionURIReferences().add();
+// // advice.getAssertions().add();
+// // advice.getEncryptedAssertions().add();
+// // advice.addNamespace(namespace);
+// return advice;
+// }
}
\ No newline at end of file
import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
-import edu.internet2.middleware.shibboleth.common.relyingparty.saml2.AttributeQueryConfiguration;
+import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AttributeQueryConfiguration;
import edu.internet2.middleware.shibboleth.idp.session.ServiceInformation;
import edu.internet2.middleware.shibboleth.idp.session.Session;
Response samlResponse = getResponseBuilder().buildObject();
populateStatusResponse(samlResponse, issueInstant, requestContext.getAttributeQuery(), requestContext
.getRelyingPartyConfiguration());
+
// TODO handle subject
samlResponse.getAssertions().add(assertion);
import org.opensaml.xml.util.DatatypeHelper;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
-import edu.internet2.middleware.shibboleth.common.relyingparty.saml2.AbstractSAML2ProfileConfiguration;
+import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AbstractSAML2ProfileConfiguration;
import edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler;
/**
* Common implementation details for profile handlers.
*/
public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHandler {
-
+
/** SAML Version for this profile handler. */
public static final SAMLVersion SAML_VERSION = SAMLVersion.VERSION_20;
-
+
/** URI for the SAML 2 protocol. */
public static final String SAML20_PROTOCOL_URI = "urn:oasis:names:tc:SAML:2.0:protocol";
-
+
/** For building response. */
private SAMLObjectBuilder<Response> responseBuilder;
-
+
/** For building status. */
private SAMLObjectBuilder<Status> statusBuilder;
-
+
/** For building statuscode. */
private SAMLObjectBuilder<StatusCode> statusCodeBuilder;
-
+
/** For building StatusMessages. */
private SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
-
+
/** For building assertion. */
private SAMLObjectBuilder<Assertion> assertionBuilder;
-
+
/** For building issuer. */
private SAMLObjectBuilder<Issuer> issuerBuilder;
-
+
/** For building subject. */
private SAMLObjectBuilder<Subject> subjectBuilder;
-
+
/** For building conditions. */
private SAMLObjectBuilder<Conditions> conditionsBuilder;
-
+
/** For building audience restriction. */
private SAMLObjectBuilder<AudienceRestriction> audienceRestrictionBuilder;
-
+
/** For building proxy retrictions. */
private SAMLObjectBuilder<ProxyRestriction> proxyRestrictionBuilder;
-
+
/** For building audience. */
private SAMLObjectBuilder<Audience> audienceBuilder;
-
+
/** For building advice. */
private SAMLObjectBuilder<Advice> adviceBuilder;
-
+
/** For building signature. */
private XMLObjectBuilder<Signature> signatureBuilder;
-
+
/** Constructor. */
@SuppressWarnings("unchecked")
protected AbstractSAML2ProfileHandler() {
-
+
super();
-
- responseBuilder = (SAMLObjectBuilder<Response>) getBuilderFactory().getBuilder(Response.DEFAULT_ELEMENT_NAME);
- statusBuilder = (SAMLObjectBuilder<Status>) getBuilderFactory().getBuilder(Status.DEFAULT_ELEMENT_NAME);
- statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) getBuilderFactory().getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
- statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) getBuilderFactory().getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
- issuerBuilder = (SAMLObjectBuilder<Issuer>) getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
- assertionBuilder = (SAMLObjectBuilder<Assertion>) getBuilderFactory().getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
- subjectBuilder = (SAMLObjectBuilder<Subject>) getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME);
- conditionsBuilder = (SAMLObjectBuilder<Conditions>) getBuilderFactory().getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
- audienceRestrictionBuilder = (SAMLObjectBuilder<AudienceRestriction>) getBuilderFactory().getBuilder(AudienceRestriction.DEFAULT_ELEMENT_NAME);
- proxyRestrictionBuilder = (SAMLObjectBuilder<ProxyRestriction>) getBuilderFactory().getBuilder(ProxyRestriction.DEFAULT_ELEMENT_NAME);
- audienceBuilder = (SAMLObjectBuilder<Audience>) getBuilderFactory().getBuilder(Audience.DEFAULT_ELEMENT_NAME);
- adviceBuilder = (SAMLObjectBuilder<Advice>) getBuilderFactory().getBuilder(Advice.DEFAULT_ELEMENT_NAME);
- signatureBuilder = (XMLObjectBuilder<Signature>) getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME);
+
+ responseBuilder = (SAMLObjectBuilder<Response>) getBuilderFactory().getBuilder(Response.DEFAULT_ELEMENT_NAME);
+ statusBuilder = (SAMLObjectBuilder<Status>) getBuilderFactory().getBuilder(Status.DEFAULT_ELEMENT_NAME);
+ statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) getBuilderFactory().getBuilder(
+ StatusCode.DEFAULT_ELEMENT_NAME);
+ statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) getBuilderFactory().getBuilder(
+ StatusMessage.DEFAULT_ELEMENT_NAME);
+ issuerBuilder = (SAMLObjectBuilder<Issuer>) getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
+ assertionBuilder = (SAMLObjectBuilder<Assertion>) getBuilderFactory()
+ .getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
+ subjectBuilder = (SAMLObjectBuilder<Subject>) getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME);
+ conditionsBuilder = (SAMLObjectBuilder<Conditions>) getBuilderFactory().getBuilder(
+ Conditions.DEFAULT_ELEMENT_NAME);
+ audienceRestrictionBuilder = (SAMLObjectBuilder<AudienceRestriction>) getBuilderFactory().getBuilder(
+ AudienceRestriction.DEFAULT_ELEMENT_NAME);
+ proxyRestrictionBuilder = (SAMLObjectBuilder<ProxyRestriction>) getBuilderFactory().getBuilder(
+ ProxyRestriction.DEFAULT_ELEMENT_NAME);
+ audienceBuilder = (SAMLObjectBuilder<Audience>) getBuilderFactory().getBuilder(Audience.DEFAULT_ELEMENT_NAME);
+ adviceBuilder = (SAMLObjectBuilder<Advice>) getBuilderFactory().getBuilder(Advice.DEFAULT_ELEMENT_NAME);
+ signatureBuilder = (XMLObjectBuilder<Signature>) getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME);
}
-
+
/**
* Convenience method for getting the SAML 2 advice builder.
- *
+ *
* @return SAML 2 advice builder
*/
public SAMLObjectBuilder<Advice> getAdviceBuilder() {
return adviceBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 assertion builder.
- *
+ *
* @return SAML 2 assertion builder
*/
public SAMLObjectBuilder<Assertion> getAssertionBuilder() {
return assertionBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 audience builder.
- *
+ *
* @return SAML 2 audience builder
*/
public SAMLObjectBuilder<Audience> getAudienceBuilder() {
return audienceBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 audience restriction builder.
- *
+ *
* @return SAML 2 audience restriction builder
*/
public SAMLObjectBuilder<AudienceRestriction> getAudienceRestrictionBuilder() {
return audienceRestrictionBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 conditions builder.
- *
+ *
* @return SAML 2 conditions builder
*/
public SAMLObjectBuilder<Conditions> getConditionsBuilder() {
return conditionsBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 Issuer builder.
- *
+ *
* @return SAML 2 Issuer builder
*/
public SAMLObjectBuilder<Issuer> getIssuerBuilder() {
return issuerBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 proxy restriction builder.
- *
+ *
* @return SAML 2 proxy restriction builder
*/
public SAMLObjectBuilder<ProxyRestriction> getProxyRestrictionBuilder() {
return proxyRestrictionBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 response builder.
- *
+ *
* @return SAML 2 response builder
*/
public SAMLObjectBuilder<Response> getResponseBuilder() {
return responseBuilder;
}
-
+
/**
* Convenience method for getting the Signature builder.
- *
+ *
* @return signature builder
*/
public XMLObjectBuilder<Signature> getSignatureBuilder() {
return signatureBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 status builder.
- *
+ *
* @return SAML 2 status builder
*/
public SAMLObjectBuilder<Status> getStatusBuilder() {
return statusBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 status code builder.
- *
+ *
* @return SAML 2 status code builder
*/
public SAMLObjectBuilder<StatusCode> getStatusCodeBuilder() {
return statusCodeBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 status message builder.
- *
+ *
* @return SAML 2 status message builder
*/
public SAMLObjectBuilder<StatusMessage> getStatusMessageBuilder() {
return statusMessageBuilder;
}
-
+
/**
* Convenience method for getting the SAML 2 subject builder.
- *
+ *
* @return SAML 2 subject builder
*/
public SAMLObjectBuilder<Subject> getSubjectBuilder() {
return subjectBuilder;
}
-
+
/**
* Populates the response's id, in response to, issue instant, version, and issuer properties.
- *
+ *
* @param response the response to populate
* @param issueInstant timestamp to use as the issue instant for the response
* @param request the request that the response is for
*/
protected void populateStatusResponse(StatusResponseType response, DateTime issueInstant,
RequestAbstractType request, RelyingPartyConfiguration rpConfig) {
-
+
response.setID(getIdGenerator().generateIdentifier());
response.setInResponseTo(request.getID());
response.setIssueInstant(issueInstant);
response.setVersion(SAMLVersion.VERSION_20);
response.setIssuer(buildEntityIssuer(rpConfig));
}
-
+
/**
* Build a status message, with an optional second-level failure message.
- *
- * @param topLevelCode
- * The top-level status code. Should be from saml-core-2.0-os,
- * sec. 3.2.2.2
- * @param secondLevelCode
- * An optional second-level failure code. Should be from
- * saml-core-2.0-is, sec 3.2.2.2. If null, no second-level Status
- * element will be set.
- * @param secondLevelFailureMessage
- * An optional second-level failure message.
- *
+ *
+ * @param topLevelCode The top-level status code. Should be from saml-core-2.0-os, sec. 3.2.2.2
+ * @param secondLevelCode An optional second-level failure code. Should be from saml-core-2.0-is, sec 3.2.2.2. If
+ * null, no second-level Status element will be set.
+ * @param secondLevelFailureMessage An optional second-level failure message.
+ *
* @return a Status object.
*/
- protected Status buildStatus(String topLevelCode, String secondLevelCode,
- String secondLevelFailureMessage) {
-
+ protected Status buildStatus(String topLevelCode, String secondLevelCode, String secondLevelFailureMessage) {
+
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
-
+
statusCode.setValue(DatatypeHelper.safeTrimOrNullString(topLevelCode));
if (secondLevelCode != null) {
StatusCode secondLevelStatusCode = statusCodeBuilder.buildObject();
secondLevelStatusCode.setValue(DatatypeHelper.safeTrimOrNullString(secondLevelCode));
statusCode.setStatusCode(secondLevelStatusCode);
}
-
+
if (secondLevelFailureMessage != null) {
StatusMessage msg = statusMessageBuilder.buildObject();
msg.setMessage(secondLevelFailureMessage);
status.setStatusMessage(msg);
}
-
+
return status;
}
-
+
/**
* Builds a basic assertion with its id, issue instant, SAML version, issuer, subject, and conditions populated.
- *
+ *
* @param issueInstant time to use as assertion issue instant
* @param rpConfig the relying party configuration
* @param profileConfig current profile configuration
- *
+ *
* @return the built assertion
*/
protected Assertion buildAssertion(final DateTime issueInstant, final RelyingPartyConfiguration rpConfig,
final AbstractSAML2ProfileConfiguration profileConfig) {
-
+
Assertion assertion = assertionBuilder.buildObject();
assertion.setID(getIdGenerator().generateIdentifier());
assertion.setIssueInstant(issueInstant);
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setIssuer(buildEntityIssuer(rpConfig));
- //TODO assertion.setSubject(buildSubject());
-
+ // TODO assertion.setSubject(buildSubject());
+
Conditions conditions = buildConditions(issueInstant, profileConfig);
assertion.setConditions(conditions);
-
+
return assertion;
}
-
+
/**
* Builds an entity type Issuer populated with the correct provider Id for this relying party configuration.
- *
+ *
* @param rpConfig the relying party configuration
- *
+ *
* @return the built Issuer
*/
protected Issuer buildEntityIssuer(final RelyingPartyConfiguration rpConfig) {
-
+
Issuer issuer = getIssuerBuilder().buildObject();
issuer.setFormat(Issuer.ENTITY);
issuer.setValue(rpConfig.getProviderId());
-
+
return issuer;
}
-
+
/**
* Builds the SAML subject for the user for the service provider.
- *
+ *
* @return SAML subject for the user for the service provider
- *
+ *
* @throws EncryptionException thrown if there is a problem encryption the subject's NameID
*/
protected Subject buildSubject() throws EncryptionException {
// TODO
return null;
}
-
+
/**
* Builds a SAML assertion condition set. The following fields are set; not before, not on or after, audience
* restrictions, and proxy restrictions.
- *
+ *
* @param issueInstant timestamp the assertion was created
* @param profileConfig current profile configuration
- *
+ *
* @return constructed conditions
*/
- protected Conditions buildConditions(final DateTime issueInstant, final AbstractSAML2ProfileConfiguration profileConfig) {
-
+ protected Conditions buildConditions(final DateTime issueInstant,
+ final AbstractSAML2ProfileConfiguration profileConfig) {
+
Conditions conditions = conditionsBuilder.buildObject();
conditions.setNotBefore(issueInstant);
conditions.setNotOnOrAfter(issueInstant.plus(profileConfig.getAssertionLifetime()));
-
+
Collection<String> audiences;
-
+
// add audience restrictions
audiences = profileConfig.getAssertionAudiences();
if (audiences != null && audiences.size() > 0) {
}
conditions.getAudienceRestrictions().add(audienceRestriction);
}
-
+
// add proxy restrictions
audiences = profileConfig.getProxyAudiences();
if (audiences != null && audiences.size() > 0) {
audience.setAudienceURI(audienceUri);
proxyRestriction.getAudiences().add(audience);
}
-
+
proxyRestriction.setProxyCount(profileConfig.getProxyCount());
conditions.getConditions().add(proxyRestriction);
}
-
+
return conditions;
}
-
+
/**
* Signs the given assertion if either the current profile configuration or the relying party configuration contains
* signing credentials.
- *
+ *
* @param assertion assertion to sign
* @param rpConfig relying party configuration
* @param profileConfig current profile configuration
if (!profileConfig.getSignAssertions()) {
return;
}
-
+
Credential signatureCredential = profileConfig.getSigningCredential();
if (signatureCredential == null) {
signatureCredential = rpConfig.getDefaultSigningCredential();
}
-
+
if (signatureCredential == null) {
return;
}
-
+
SAMLObjectContentReference contentRef = new SAMLObjectContentReference(assertion);
Signature signature = signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
signature.getContentReferences().add(contentRef);
assertion.setSignature(signature);
-
- Signer.signObject(signature);
- }
-
- protected void signResponse(StatusResponseType response, RelyingPartyConfiguration rpConfig, AbstractSAML2ProfileConfiguration profileConfig){
- if (!profileConfig.getSignResponses()) {
- return;
- }
-
- Credential signatureCredential = profileConfig.getSigningCredential();
- if (signatureCredential == null) {
- signatureCredential = rpConfig.getDefaultSigningCredential();
- }
-
- if (signatureCredential == null) {
- return;
- }
-
- SAMLObjectContentReference contentRef = new SAMLObjectContentReference(response);
- Signature signature = signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
- signature.getContentReferences().add(contentRef);
- response.setSignature(signature);
-
+
Signer.signObject(signature);
}
-
+
// TODO encryption support
}
\ No newline at end of file
throw new ProfileException("No request decoder was registered for binding type: " + BINDING);
}
- requestContext.setMessageDecoder(decoder);
+ super.populateMessageDecoder(decoder);
decoder.setRequest(requestContext.getProfileRequest().getRawRequest());
+ requestContext.setMessageDecoder(decoder);
}
/** {@inheritDoc} */
throw new ProfileException("No response encoder was registered for binding type: " + BINDING);
}
- requestContext.setMessageEncoder(encoder);
+ super.populateMessageEncoder(encoder);
encoder.setResponse(requestContext.getProfileResponse().getRawResponse());
encoder.setSamlMessage(requestContext.getAttributeQueryResponse());
+ requestContext.setMessageEncoder(encoder);
}
}
\ No newline at end of file
--- /dev/null
+package edu.internet2.middleware.shibboleth.idp.config;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.util.resource.ClasspathResource;
+import org.opensaml.util.resource.Resource;
+import org.opensaml.util.resource.ResourceException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.GenericApplicationContext;
+
+import edu.internet2.middleware.shibboleth.common.BaseTestCase;
+import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils;
+
+/**
+ * Base unit test case for Spring configuration tests.
+ */
+public class BaseConfigTestCase extends BaseTestCase {
+
+ /** Configuration resources to be loaded for all unit tests. */
+ private List<Resource> configResources;
+
+ /** {@inheritDoc} */
+ protected void setUp() throws Exception {
+ configResources = new ArrayList<Resource>();
+ }
+
+ /**
+ * Creates a Spring application context from the instance defined config resources.
+ *
+ * @return the created context
+ *
+ * @throws ResourceException thrown if there is a problem reading the configuration resources
+ */
+ protected ApplicationContext createSpringContext() throws ResourceException {
+ return createSpringContext(configResources);
+ }
+
+ /**
+ * Creates a Spring application context from the given configuration and any instance registered configurations.
+ *
+ * @param config spring configuration file to be located on the classpath
+ *
+ * @return the configured spring context
+ *
+ * @throws ResourceException thrown if the given resources can not be located
+ */
+ protected ApplicationContext createSpringContext(String config) throws ResourceException {
+ String[] configs = new String[1];
+ configs[0] = config;
+ return createSpringContext(configs);
+ }
+
+ /**
+ * Creates a Spring application context from the given configurations and any instance registered configurations.
+ *
+ * @param configs spring configuration files to be located on the classpath
+ *
+ * @return the configured spring context
+ *
+ * @throws ResourceException thrown if the given resources can not be located
+ */
+ protected ApplicationContext createSpringContext(String[] configs) throws ResourceException {
+ ArrayList<Resource> resources = new ArrayList<Resource>();
+ resources.addAll(configResources);
+ if (configs != null) {
+ for (String config : configs) {
+ resources.add(new ClasspathResource(config));
+ }
+ }
+
+ return createSpringContext(resources);
+ }
+
+ /**
+ * Creates a Spring context from the given resources.
+ *
+ * @param configs context configuration resources
+ *
+ * @return the created context
+ *
+ * @throws ResourceException thrown if there is a problem reading the configuration resources
+ */
+ protected ApplicationContext createSpringContext(List<Resource> configs) throws ResourceException {
+ GenericApplicationContext gContext = new GenericApplicationContext();
+ SpringConfigurationUtils.populateRegistry(gContext, configs);
+ gContext.refresh();
+ return gContext;
+ }
+}
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.config.services;
+
+import org.springframework.context.ApplicationContext;
+
+import edu.internet2.middleware.shibboleth.idp.config.BaseConfigTestCase;
+import edu.internet2.middleware.shibboleth.idp.config.service.IdPServicesBean;
+
+/**
+ *
+ */
+public class ServicesTestCase extends BaseConfigTestCase {
+
+ public void testServiceLoading() throws Exception {
+ String[] configs = {"/internal.xml", "/service.xml", };
+ ApplicationContext appCtx = createSpringContext(configs);
+
+ String[] beanNames = appCtx.getBeanNamesForType(IdPServicesBean.class);
+ IdPServicesBean idpServices = (IdPServicesBean) appCtx.getBean(beanNames[0]);
+ }
+}
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<!-- ===================================================================== -->
+<!-- -->
+<!-- Log4j Configuration -->
+<!-- -->
+<!-- ===================================================================== -->
+
+<!--
+ | For more configuration infromation and examples see the Jakarta Log4j
+ | owebsite: http://jakarta.apache.org/log4j
+-->
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
+
+ <renderer renderedClass="edu.internet2.middleware.shibboleth.common.log.AuditLogEntry"
+ renderingClass="edu.internet2.middleware.shibboleth.common.log.CSVAuditEventRenderer" />
+
+ <!-- ================================= -->
+ <!-- Preserve messages in a local file -->
+ <!-- ================================= -->
+
+ <!-- A time/date based rolling appender -->
+ <appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="idptest.log" />
+ <param name="Append" value="false" />
+
+ <!-- Rollover at midnight each day -->
+ <param name="DatePattern" value="'.'yyyy-MM-dd" />
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message -->
+ <!-- param name="ConversionPattern" value="%d %-5p [%c] %m%n"/-->\r
+\r
+ <!-- The debug pattern (very slow): Date Priority [Class#Method:Line Number] Message -->\r
+ <param name="ConversionPattern" value="%d %-5p [%C{1}#%M:%L] %m%n" />
+ </layout>
+
+ </appender>
+
+ <!-- ============================== -->
+ <!-- Append messages to the console -->
+ <!-- ============================== -->
+
+ <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+ <param name="Target" value="System.out" />
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message -->\r
+ <!-- param name="ConversionPattern" value="%d %-5p [%c] %m%n"/-->\r
+\r
+ <!-- The debug pattern (very slow): Date Priority [Class#Method:Line Number] Message -->\r
+ <param name="ConversionPattern" value="%d %-5p [%C{1}#%M:%L] %m%n" />
+ </layout>
+ </appender>
+
+
+ <!-- ================ -->
+ <!-- Limit categories -->
+ <!-- ================ -->
+
+ <category name="Shibboleth-Audit">
+ <priority value="CRITICAL" />
+ </category>
+
+ <category name="edu.internet2.middleware.shibboleth.idp">
+ <priority value="DEBUG" />
+ </category>
+
+ <category name="edu.internet2.middleware.shibboleth.common">
+ <priority value="DEBUG" />
+ </category>
+
+ <category name="org.opensaml.resource">
+ <priority value="DEBUG" />
+ </category>
+
+ <category name="org.springframework">\r
+ <priority value="DEBUG" />\r
+ </category>\r
+\r
+\r
+ <!-- ======================= -->
+ <!-- Setup the Root category -->
+ <!-- ======================= -->
+
+ <root>
+ <priority value="WARN" />
+ <appender-ref ref="CONSOLE" />
+ </root>
+
+</log4j:configuration>
\ No newline at end of file