org.apereo.cas.support.saml.web.idp.profile

Class AbstractSamlProfileHandlerController

java.lang.Object

org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController

Direct Known Subclasses:

AbstractSamlSLOProfileHandlerController, ECPProfileHandlerController, IdPInitiatedProfileHandlerController, Saml1ArtifactResolutionProfileHandlerController, Saml2AttributeQueryProfileHandlerController, SSOSamlPostProfileHandlerController, SSOSamlPostSimpleSignProfileHandlerController, SSOSamlProfileCallbackHandlerController

@Controller
public abstract class AbstractSamlProfileHandlerController
extends java.lang.Object

A parent controller to handle SAML requests. Specific profile endpoints are handled by extensions. This parent provides the necessary ops for profile endpoint controllers to respond to end points.

Since:

5.0.0

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apereo.cas.authentication.AuthenticationSystemSupport	authenticationSystemSupport Authentication support to handle credentials and authn subsystem calls.
protected org.apereo.cas.authentication.principal.Service	callbackService Callback service.
protected org.apereo.cas.configuration.CasConfigurationProperties	casProperties The cas properties.
protected org.apereo.cas.support.saml.OpenSamlConfigBean	configBean The Config bean.
protected net.shibboleth.utilities.java.support.xml.ParserPool	parserPool The Parser pool.
protected SamlProfileObjectBuilder<? extends org.opensaml.saml.common.SAMLObject>	responseBuilder The Response builder.
protected SamlObjectSignatureValidator	samlObjectSignatureValidator Signature validator.
protected SamlIdPObjectSigner	samlObjectSigner The Saml object signer.
protected org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver	samlRegisteredServiceCachingMetadataResolver The Saml registered service caching metadata resolver.
protected org.apereo.cas.services.ServicesManager	servicesManager The Services manager.
protected org.apereo.cas.authentication.principal.ServiceFactory<org.apereo.cas.authentication.principal.WebApplicationService>	webApplicationServiceFactory The Web application service factory.

Constructor Summary

Constructors

Constructor and Description
AbstractSamlProfileHandlerController()

Method Summary

Modifier and Type	Method and Description
protected org.jasig.cas.client.validation.Assertion	buildCasAssertion(org.apereo.cas.authentication.Authentication authentication, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.services.RegisteredService registeredService, java.util.Map<java.lang.String,java.lang.Object> attributesToCombine) Build cas assertion.
protected org.jasig.cas.client.validation.Assertion	buildCasAssertion(java.lang.String principal, org.apereo.cas.services.RegisteredService registeredService, java.util.Map<java.lang.String,java.lang.Object> attributes) Build cas assertion.
protected java.lang.String	buildRedirectUrlByRequestedAuthnContext(java.lang.String initialUrl, org.opensaml.saml.saml2.core.AuthnRequest authnRequest, javax.servlet.http.HttpServletRequest request) Build redirect url by requested authn context.
protected void	buildSamlResponse(javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpServletRequest request, org.apache.commons.lang3.tuple.Pair<org.opensaml.saml.saml2.core.AuthnRequest,org.opensaml.messaging.context.MessageContext> authenticationContext, org.jasig.cas.client.validation.Assertion casAssertion, java.lang.String binding) Build saml response.
protected java.lang.String	constructServiceUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair) Construct service url string.
protected org.opensaml.messaging.context.MessageContext	decodeSoapRequest(javax.servlet.http.HttpServletRequest request) Decode soap 11 context.
protected java.util.Map<java.lang.String,java.lang.String>	getAuthenticationContextMappings() Gets authentication context mappings.
protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	getRegisteredServiceAndFacade(org.opensaml.saml.saml2.core.AuthnRequest request) Gets registered service and facade.
protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService, org.opensaml.saml.saml2.core.RequestAbstractType authnRequest) Gets saml metadata adaptor for service.
protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService, java.lang.String entityId) Gets saml metadata adaptor for service.
org.springframework.web.servlet.ModelAndView	handleUnauthorizedServiceException(javax.servlet.http.HttpServletRequest req, java.lang.Exception ex) Handle unauthorized service exception.
protected void	initiateAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair, javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpServletRequest request) Initiate authentication request.
protected void	issueAuthenticationRequestRedirect(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Redirect request for authentication.
protected void	logCasValidationAssertion(org.jasig.cas.client.validation.Assertion assertion) Log cas validation assertion.
protected org.opensaml.saml.saml2.core.AuthnRequest	retrieveSamlAuthenticationRequestFromHttpRequest(javax.servlet.http.HttpServletRequest request) Retrieve authn request authn request.
protected void	verifyAuthenticationContextSignature(org.opensaml.messaging.context.MessageContext ctx, javax.servlet.http.HttpServletRequest request, org.opensaml.saml.saml2.core.RequestAbstractType authnRequest, org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor) Verify authentication context signature.
protected void	verifyAuthenticationContextSignature(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext, javax.servlet.http.HttpServletRequest request, org.opensaml.saml.saml2.core.RequestAbstractType authnRequest, org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor) Verify authentication context signature.
protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	verifySamlAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext, javax.servlet.http.HttpServletRequest request) Verify saml authentication request.
protected org.apereo.cas.support.saml.services.SamlRegisteredService	verifySamlRegisteredService(java.lang.String serviceId) Gets registered service and verify.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

samlObjectSigner

protected final SamlIdPObjectSigner samlObjectSigner

The Saml object signer.

parserPool

protected final net.shibboleth.utilities.java.support.xml.ParserPool parserPool

The Parser pool.

authenticationSystemSupport

protected final org.apereo.cas.authentication.AuthenticationSystemSupport authenticationSystemSupport

Authentication support to handle credentials and authn subsystem calls.

servicesManager

protected final org.apereo.cas.services.ServicesManager servicesManager

The Services manager.

webApplicationServiceFactory

protected final org.apereo.cas.authentication.principal.ServiceFactory<org.apereo.cas.authentication.principal.WebApplicationService> webApplicationServiceFactory

The Web application service factory.

samlRegisteredServiceCachingMetadataResolver

protected final org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver

The Saml registered service caching metadata resolver.

configBean

protected final org.apereo.cas.support.saml.OpenSamlConfigBean configBean

The Config bean.

responseBuilder

protected final SamlProfileObjectBuilder<? extends org.opensaml.saml.common.SAMLObject> responseBuilder

The Response builder.

casProperties

protected final org.apereo.cas.configuration.CasConfigurationProperties casProperties

The cas properties.

samlObjectSignatureValidator

protected final SamlObjectSignatureValidator samlObjectSignatureValidator

Signature validator.

callbackService

protected final org.apereo.cas.authentication.principal.Service callbackService

Callback service.

Constructor Detail

AbstractSamlProfileHandlerController

public AbstractSamlProfileHandlerController()

Method Detail

getSamlMetadataFacadeFor

protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService,
                                                                                                                                                            org.opensaml.saml.saml2.core.RequestAbstractType authnRequest)

Gets saml metadata adaptor for service.

Parameters:

registeredService - the registered service

authnRequest - the authn request

Returns:

the saml metadata adaptor for service

getSamlMetadataFacadeFor

protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService,
                                                                                                                                                            java.lang.String entityId)

Gets saml metadata adaptor for service.

Parameters:

registeredService - the registered service

entityId - the entity id

Returns:

the saml metadata adaptor for service

verifySamlRegisteredService

protected org.apereo.cas.support.saml.services.SamlRegisteredService verifySamlRegisteredService(java.lang.String serviceId)

Gets registered service and verify.

Parameters:

serviceId - the service id

Returns:

the registered service and verify

retrieveSamlAuthenticationRequestFromHttpRequest

protected org.opensaml.saml.saml2.core.AuthnRequest retrieveSamlAuthenticationRequestFromHttpRequest(javax.servlet.http.HttpServletRequest request)
                                                                                              throws java.lang.Exception

Retrieve authn request authn request.

Parameters:

request - the request

Returns:

the authn request

Throws:

java.lang.Exception - the exception

buildCasAssertion

protected org.jasig.cas.client.validation.Assertion buildCasAssertion(org.apereo.cas.authentication.Authentication authentication,
                                                                      org.apereo.cas.authentication.principal.Service service,
                                                                      org.apereo.cas.services.RegisteredService registeredService,
                                                                      java.util.Map<java.lang.String,java.lang.Object> attributesToCombine)

Build cas assertion.

Parameters:

authentication - the authentication

service - the service

registeredService - the registered service

attributesToCombine - the attributes to combine

Returns:

the assertion

buildCasAssertion

protected org.jasig.cas.client.validation.Assertion buildCasAssertion(java.lang.String principal,
                                                                      org.apereo.cas.services.RegisteredService registeredService,
                                                                      java.util.Map<java.lang.String,java.lang.Object> attributes)

Build cas assertion.

Parameters:

principal - the principal

registeredService - the registered service

attributes - the attributes

Returns:

the assertion

logCasValidationAssertion

protected void logCasValidationAssertion(org.jasig.cas.client.validation.Assertion assertion)

Log cas validation assertion.

Parameters:

assertion - the assertion

issueAuthenticationRequestRedirect

protected void issueAuthenticationRequestRedirect(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair,
                                                  javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response)
                                           throws java.lang.Exception

Redirect request for authentication.

Parameters:

pair - the pair

request - the request

response - the response

Throws:

java.lang.Exception - the exception

getAuthenticationContextMappings

protected java.util.Map<java.lang.String,java.lang.String> getAuthenticationContextMappings()

Gets authentication context mappings.

Returns:

the authentication context mappings

buildRedirectUrlByRequestedAuthnContext

protected java.lang.String buildRedirectUrlByRequestedAuthnContext(java.lang.String initialUrl,
                                                                   org.opensaml.saml.saml2.core.AuthnRequest authnRequest,
                                                                   javax.servlet.http.HttpServletRequest request)

Build redirect url by requested authn context.

Parameters:

initialUrl - the initial url

authnRequest - the authn request

request - the request

Returns:

the redirect url

constructServiceUrl

protected java.lang.String constructServiceUrl(javax.servlet.http.HttpServletRequest request,
                                               javax.servlet.http.HttpServletResponse response,
                                               org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair)
                                        throws org.apereo.cas.support.saml.SamlException

Construct service url string.

Parameters:

request - the request

response - the response

pair - the pair

Returns:

the string

Throws:

org.apereo.cas.support.saml.SamlException - the saml exception

initiateAuthenticationRequest

protected void initiateAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair,
                                             javax.servlet.http.HttpServletResponse response,
                                             javax.servlet.http.HttpServletRequest request)
                                      throws java.lang.Exception

Initiate authentication request.

Parameters:

pair - the pair

response - the response

request - the request

Throws:

java.lang.Exception - the exception

verifySamlAuthenticationRequest

protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext,
                                                                                                                                                                                                                                               javax.servlet.http.HttpServletRequest request)
                                                                                                                                                                                                                                        throws java.lang.Exception

Verify saml authentication request.

Parameters:

authenticationContext - the pair

request - the request

Returns:

the pair

Throws:

java.lang.Exception - the exception

verifyAuthenticationContextSignature

protected void verifyAuthenticationContextSignature(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext,
                                                    javax.servlet.http.HttpServletRequest request,
                                                    org.opensaml.saml.saml2.core.RequestAbstractType authnRequest,
                                                    org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor)
                                             throws java.lang.Exception

Verify authentication context signature.

Parameters:

authenticationContext - the authentication context

request - the request

authnRequest - the authn request

adaptor - the adaptor

Throws:

java.lang.Exception - the exception

verifyAuthenticationContextSignature

protected void verifyAuthenticationContextSignature(org.opensaml.messaging.context.MessageContext ctx,
                                                    javax.servlet.http.HttpServletRequest request,
                                                    org.opensaml.saml.saml2.core.RequestAbstractType authnRequest,
                                                    org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor)
                                             throws java.lang.Exception

Verify authentication context signature.

Parameters:

ctx - the authentication context

request - the request

authnRequest - the authn request

adaptor - the adaptor

Throws:

java.lang.Exception - the exception

buildSamlResponse

protected void buildSamlResponse(javax.servlet.http.HttpServletResponse response,
                                 javax.servlet.http.HttpServletRequest request,
                                 org.apache.commons.lang3.tuple.Pair<org.opensaml.saml.saml2.core.AuthnRequest,org.opensaml.messaging.context.MessageContext> authenticationContext,
                                 org.jasig.cas.client.validation.Assertion casAssertion,
                                 java.lang.String binding)

Build saml response.

Parameters:

response - the response

request - the request

authenticationContext - the authentication context

casAssertion - the cas assertion

binding - the binding

getRegisteredServiceAndFacade

protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> getRegisteredServiceAndFacade(org.opensaml.saml.saml2.core.AuthnRequest request)

Gets registered service and facade.

Parameters:

request - the request

Returns:

the registered service and facade

decodeSoapRequest

protected org.opensaml.messaging.context.MessageContext decodeSoapRequest(javax.servlet.http.HttpServletRequest request)

Decode soap 11 context.

Parameters:

request - the request

Returns:

the soap 11 context

handleUnauthorizedServiceException

@ExceptionHandler(value=org.apereo.cas.services.UnauthorizedServiceException.class)
public org.springframework.web.servlet.ModelAndView handleUnauthorizedServiceException(javax.servlet.http.HttpServletRequest req,
                                                                                                                                                                            java.lang.Exception ex)

Handle unauthorized service exception.

Parameters:

req - the req

ex - the ex

Returns:

the model and view