org.apereo.cas.support.saml.web.idp.profile

Class AbstractSamlProfileHandlerController

java.lang.Object

org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController

Direct Known Subclasses:

AbstractSamlSLOProfileHandlerController, ECPProfileHandlerController, IdPInitiatedProfileHandlerController, Saml1ArtifactResolutionProfileHandlerController, Saml2AttributeQueryProfileHandlerController, SSOSamlPostProfileHandlerController, SSOSamlPostSimpleSignProfileHandlerController, SSOSamlProfileCallbackHandlerController

@Controller
public abstract class AbstractSamlProfileHandlerController
extends java.lang.Object

A parent controller to handle SAML requests. Specific profile endpoints are handled by extensions. This parent provides the necessary ops for profile endpoint controllers to respond to end points.

Since:

5.0.0

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apereo.cas.authentication.AuthenticationSystemSupport	authenticationSystemSupport Authentication support to handle credentials and authn subsystem calls.
protected org.apereo.cas.authentication.principal.Service	callbackService Callback service.
protected org.apereo.cas.configuration.CasConfigurationProperties	casProperties The cas properties.
protected org.apereo.cas.support.saml.OpenSamlConfigBean	configBean The Config bean.
protected net.shibboleth.utilities.java.support.xml.ParserPool	parserPool The Parser pool.
protected SamlProfileObjectBuilder<? extends org.opensaml.saml.common.SAMLObject>	responseBuilder The Response builder.
protected SamlObjectSignatureValidator	samlObjectSignatureValidator Signature validator.
protected BaseSamlObjectSigner	samlObjectSigner The Saml object signer.
protected org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver	samlRegisteredServiceCachingMetadataResolver The Saml registered service caching metadata resolver.
protected org.apereo.cas.services.ServicesManager	servicesManager The Services manager.
protected org.apereo.cas.authentication.principal.ServiceFactory<org.apereo.cas.authentication.principal.WebApplicationService>	webApplicationServiceFactory The Web application service factory.

Constructor Summary

Constructors

Constructor and Description

AbstractSamlProfileHandlerController(BaseSamlObjectSigner samlObjectSigner, net.shibboleth.utilities.java.support.xml.ParserPool parserPool, org.apereo.cas.authentication.AuthenticationSystemSupport authenticationSystemSupport, org.apereo.cas.services.ServicesManager servicesManager, org.apereo.cas.authentication.principal.ServiceFactory<org.apereo.cas.authentication.principal.WebApplicationService> webApplicationServiceFactory, org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, org.apereo.cas.support.saml.OpenSamlConfigBean configBean, SamlProfileObjectBuilder<? extends org.opensaml.saml.common.SAMLObject> responseBuilder, org.apereo.cas.configuration.CasConfigurationProperties casProperties, SamlObjectSignatureValidator samlObjectSignatureValidator) Instantiates a new Abstract saml profile handler controller.

Method Summary

Modifier and Type	Method and Description
protected org.jasig.cas.client.validation.Assertion	buildCasAssertion(org.apereo.cas.authentication.Authentication authentication, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.services.RegisteredService registeredService, java.util.Map<java.lang.String,java.lang.Object> attributesToCombine) Build cas assertion.
protected org.jasig.cas.client.validation.Assertion	buildCasAssertion(java.lang.String principal, org.apereo.cas.services.RegisteredService registeredService, java.util.Map<java.lang.String,java.lang.Object> attributes) Build cas assertion.
protected java.lang.String	buildRedirectUrlByRequestedAuthnContext(java.lang.String initialUrl, org.opensaml.saml.saml2.core.AuthnRequest authnRequest, javax.servlet.http.HttpServletRequest request) Build redirect url by requested authn context.
protected void	buildSamlResponse(javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpServletRequest request, org.apache.commons.lang3.tuple.Pair<org.opensaml.saml.saml2.core.AuthnRequest,org.opensaml.messaging.context.MessageContext> authenticationContext, org.jasig.cas.client.validation.Assertion casAssertion, java.lang.String binding) Build saml response.
protected java.lang.String	constructServiceUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair) Construct service url string.
protected org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext>	decodeSamlContextFromHttpRequest(javax.servlet.http.HttpServletRequest request, org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder decoder, java.lang.Class<? extends org.opensaml.saml.common.SignableSAMLObject> clazz) Decode authentication request saml object.
protected org.opensaml.messaging.context.MessageContext	decodeSoapRequest(javax.servlet.http.HttpServletRequest request) Decode soap 11 context.
protected java.util.Map<java.lang.String,java.lang.String>	getAuthenticationContextMappings() Gets authentication context mappings.
protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	getRegisteredServiceAndFacade(org.opensaml.saml.saml2.core.AuthnRequest request) Gets registered service and facade.
protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService, org.opensaml.saml.saml2.core.RequestAbstractType authnRequest) Gets saml metadata adaptor for service.
protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService, java.lang.String entityId) Gets saml metadata adaptor for service.
org.springframework.web.servlet.ModelAndView	handleUnauthorizedServiceException(javax.servlet.http.HttpServletRequest req, java.lang.Exception ex) Handle unauthorized service exception.
protected void	initialize() Post constructor placeholder for additional extensions.
protected void	initiateAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair, javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpServletRequest request) Initiate authentication request.
protected void	issueAuthenticationRequestRedirect(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Redirect request for authentication.
protected void	logCasValidationAssertion(org.jasig.cas.client.validation.Assertion assertion) Log cas validation assertion.
protected org.apereo.cas.authentication.principal.Service	registerCallback(java.lang.String callbackUrl) Initialize callback service.
protected org.opensaml.saml.saml2.core.AuthnRequest	retrieveSamlAuthenticationRequestFromHttpRequest(javax.servlet.http.HttpServletRequest request) Retrieve authn request authn request.
protected void	verifyAuthenticationContextSignature(org.opensaml.messaging.context.MessageContext ctx, javax.servlet.http.HttpServletRequest request, org.opensaml.saml.saml2.core.RequestAbstractType authnRequest, org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor) Verify authentication context signature.
protected void	verifyAuthenticationContextSignature(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext, javax.servlet.http.HttpServletRequest request, org.opensaml.saml.saml2.core.RequestAbstractType authnRequest, org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor) Verify authentication context signature.
protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade>	verifySamlAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext, javax.servlet.http.HttpServletRequest request) Verify saml authentication request.
protected org.apereo.cas.support.saml.services.SamlRegisteredService	verifySamlRegisteredService(java.lang.String serviceId) Gets registered service and verify.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authenticationSystemSupport

protected org.apereo.cas.authentication.AuthenticationSystemSupport authenticationSystemSupport

Authentication support to handle credentials and authn subsystem calls.

samlObjectSigner

protected BaseSamlObjectSigner samlObjectSigner

The Saml object signer.

samlObjectSignatureValidator

protected SamlObjectSignatureValidator samlObjectSignatureValidator

Signature validator.

parserPool

protected net.shibboleth.utilities.java.support.xml.ParserPool parserPool

The Parser pool.

callbackService

protected org.apereo.cas.authentication.principal.Service callbackService

Callback service.

servicesManager

protected org.apereo.cas.services.ServicesManager servicesManager

The Services manager.

webApplicationServiceFactory

protected org.apereo.cas.authentication.principal.ServiceFactory<org.apereo.cas.authentication.principal.WebApplicationService> webApplicationServiceFactory

The Web application service factory.

samlRegisteredServiceCachingMetadataResolver

protected org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver

The Saml registered service caching metadata resolver.

configBean

protected org.apereo.cas.support.saml.OpenSamlConfigBean configBean

The Config bean.

responseBuilder

protected SamlProfileObjectBuilder<? extends org.opensaml.saml.common.SAMLObject> responseBuilder

The Response builder.

casProperties

protected org.apereo.cas.configuration.CasConfigurationProperties casProperties

The cas properties.

Constructor Detail

AbstractSamlProfileHandlerController

public AbstractSamlProfileHandlerController(BaseSamlObjectSigner samlObjectSigner,
                                            net.shibboleth.utilities.java.support.xml.ParserPool parserPool,
                                            org.apereo.cas.authentication.AuthenticationSystemSupport authenticationSystemSupport,
                                            org.apereo.cas.services.ServicesManager servicesManager,
                                            org.apereo.cas.authentication.principal.ServiceFactory<org.apereo.cas.authentication.principal.WebApplicationService> webApplicationServiceFactory,
                                            org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver,
                                            org.apereo.cas.support.saml.OpenSamlConfigBean configBean,
                                            SamlProfileObjectBuilder<? extends org.opensaml.saml.common.SAMLObject> responseBuilder,
                                            org.apereo.cas.configuration.CasConfigurationProperties casProperties,
                                            SamlObjectSignatureValidator samlObjectSignatureValidator)

Instantiates a new Abstract saml profile handler controller.

Parameters:

samlObjectSigner - the saml object signer

parserPool - the parser pool

authenticationSystemSupport - the authentication system support

servicesManager - the services manager

webApplicationServiceFactory - the web application service factory

samlRegisteredServiceCachingMetadataResolver - the saml registered service caching metadata resolver

configBean - the config bean

responseBuilder - the response builder

casProperties - the cas properties

samlObjectSignatureValidator - the saml object signature validator

Method Detail

initialize

@PostConstruct
protected void initialize()

Post constructor placeholder for additional extensions. This method is called after the object has completely initialized itself.

getSamlMetadataFacadeFor

protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService,
                                                                                                                                                            org.opensaml.saml.saml2.core.RequestAbstractType authnRequest)

Gets saml metadata adaptor for service.

Parameters:

registeredService - the registered service

authnRequest - the authn request

Returns:

the saml metadata adaptor for service

getSamlMetadataFacadeFor

protected java.util.Optional<org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> getSamlMetadataFacadeFor(org.apereo.cas.support.saml.services.SamlRegisteredService registeredService,
                                                                                                                                                            java.lang.String entityId)

Gets saml metadata adaptor for service.

Parameters:

registeredService - the registered service

entityId - the entity id

Returns:

the saml metadata adaptor for service

verifySamlRegisteredService

protected org.apereo.cas.support.saml.services.SamlRegisteredService verifySamlRegisteredService(java.lang.String serviceId)

Gets registered service and verify.

Parameters:

serviceId - the service id

Returns:

the registered service and verify

registerCallback

protected org.apereo.cas.authentication.principal.Service registerCallback(java.lang.String callbackUrl)

Initialize callback service.

Parameters:

callbackUrl - the callback url

Returns:

the service

retrieveSamlAuthenticationRequestFromHttpRequest

protected org.opensaml.saml.saml2.core.AuthnRequest retrieveSamlAuthenticationRequestFromHttpRequest(javax.servlet.http.HttpServletRequest request)
                                                                                              throws java.lang.Exception

Retrieve authn request authn request.

Parameters:

request - the request

Returns:

the authn request

Throws:

java.lang.Exception - the exception

buildCasAssertion

protected org.jasig.cas.client.validation.Assertion buildCasAssertion(org.apereo.cas.authentication.Authentication authentication,
                                                                      org.apereo.cas.authentication.principal.Service service,
                                                                      org.apereo.cas.services.RegisteredService registeredService,
                                                                      java.util.Map<java.lang.String,java.lang.Object> attributesToCombine)

Build cas assertion.

Parameters:

authentication - the authentication

service - the service

registeredService - the registered service

attributesToCombine - the attributes to combine

Returns:

the assertion

buildCasAssertion

protected org.jasig.cas.client.validation.Assertion buildCasAssertion(java.lang.String principal,
                                                                      org.apereo.cas.services.RegisteredService registeredService,
                                                                      java.util.Map<java.lang.String,java.lang.Object> attributes)

Build cas assertion.

Parameters:

principal - the principal

registeredService - the registered service

attributes - the attributes

Returns:

the assertion

decodeSamlContextFromHttpRequest

protected org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> decodeSamlContextFromHttpRequest(javax.servlet.http.HttpServletRequest request,
                                                                                                                                                                                    org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder decoder,
                                                                                                                                                                                    java.lang.Class<? extends org.opensaml.saml.common.SignableSAMLObject> clazz)

Decode authentication request saml object.

Parameters:

request - the request

decoder - the decoder

clazz - the clazz

Returns:

the saml object

logCasValidationAssertion

protected void logCasValidationAssertion(org.jasig.cas.client.validation.Assertion assertion)

Log cas validation assertion.

Parameters:

assertion - the assertion

issueAuthenticationRequestRedirect

protected void issueAuthenticationRequestRedirect(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair,
                                                  javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response)
                                           throws java.lang.Exception

Redirect request for authentication.

Parameters:

pair - the pair

request - the request

response - the response

Throws:

java.lang.Exception - the exception

getAuthenticationContextMappings

protected java.util.Map<java.lang.String,java.lang.String> getAuthenticationContextMappings()

Gets authentication context mappings.

Returns:

the authentication context mappings

buildRedirectUrlByRequestedAuthnContext

protected java.lang.String buildRedirectUrlByRequestedAuthnContext(java.lang.String initialUrl,
                                                                   org.opensaml.saml.saml2.core.AuthnRequest authnRequest,
                                                                   javax.servlet.http.HttpServletRequest request)

Build redirect url by requested authn context.

Parameters:

initialUrl - the initial url

authnRequest - the authn request

request - the request

Returns:

the redirect url

constructServiceUrl

protected java.lang.String constructServiceUrl(javax.servlet.http.HttpServletRequest request,
                                               javax.servlet.http.HttpServletResponse response,
                                               org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair)
                                        throws org.apereo.cas.support.saml.SamlException

Construct service url string.

Parameters:

request - the request

response - the response

pair - the pair

Returns:

the string

Throws:

org.apereo.cas.support.saml.SamlException - the saml exception

initiateAuthenticationRequest

protected void initiateAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> pair,
                                             javax.servlet.http.HttpServletResponse response,
                                             javax.servlet.http.HttpServletRequest request)
                                      throws java.lang.Exception

Initiate authentication request.

Parameters:

pair - the pair

response - the response

request - the request

Throws:

java.lang.Exception - the exception

verifySamlAuthenticationRequest

protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext,
                                                                                                                                                                                                                                               javax.servlet.http.HttpServletRequest request)
                                                                                                                                                                                                                                        throws java.lang.Exception

Verify saml authentication request.

Parameters:

authenticationContext - the pair

request - the request

Returns:

the pair

Throws:

java.lang.Exception - the exception

verifyAuthenticationContextSignature

protected void verifyAuthenticationContextSignature(org.apache.commons.lang3.tuple.Pair<? extends org.opensaml.saml.common.SignableSAMLObject,org.opensaml.messaging.context.MessageContext> authenticationContext,
                                                    javax.servlet.http.HttpServletRequest request,
                                                    org.opensaml.saml.saml2.core.RequestAbstractType authnRequest,
                                                    org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor)
                                             throws java.lang.Exception

Verify authentication context signature.

Parameters:

authenticationContext - the authentication context

request - the request

authnRequest - the authn request

adaptor - the adaptor

Throws:

java.lang.Exception - the exception

verifyAuthenticationContextSignature

protected void verifyAuthenticationContextSignature(org.opensaml.messaging.context.MessageContext ctx,
                                                    javax.servlet.http.HttpServletRequest request,
                                                    org.opensaml.saml.saml2.core.RequestAbstractType authnRequest,
                                                    org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade adaptor)
                                             throws java.lang.Exception

Verify authentication context signature.

Parameters:

ctx - the authentication context

request - the request

authnRequest - the authn request

adaptor - the adaptor

Throws:

java.lang.Exception - the exception

buildSamlResponse

protected void buildSamlResponse(javax.servlet.http.HttpServletResponse response,
                                 javax.servlet.http.HttpServletRequest request,
                                 org.apache.commons.lang3.tuple.Pair<org.opensaml.saml.saml2.core.AuthnRequest,org.opensaml.messaging.context.MessageContext> authenticationContext,
                                 org.jasig.cas.client.validation.Assertion casAssertion,
                                 java.lang.String binding)

Build saml response.

Parameters:

response - the response

request - the request

authenticationContext - the authentication context

casAssertion - the cas assertion

binding - the binding

getRegisteredServiceAndFacade

protected org.apache.commons.lang3.tuple.Pair<org.apereo.cas.support.saml.services.SamlRegisteredService,org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade> getRegisteredServiceAndFacade(org.opensaml.saml.saml2.core.AuthnRequest request)

Gets registered service and facade.

Parameters:

request - the request

Returns:

the registered service and facade

decodeSoapRequest

protected org.opensaml.messaging.context.MessageContext decodeSoapRequest(javax.servlet.http.HttpServletRequest request)

Decode soap 11 context.

Parameters:

request - the request

Returns:

the soap 11 context

handleUnauthorizedServiceException

@ExceptionHandler(value=org.apereo.cas.services.UnauthorizedServiceException.class)
public org.springframework.web.servlet.ModelAndView handleUnauthorizedServiceException(javax.servlet.http.HttpServletRequest req,
                                                                                                                                                                           java.lang.Exception ex)

Handle unauthorized service exception.

Parameters:

req - the req

ex - the ex

Returns:

the model and view