org.overlord.commons.auth.filters

Class SamlSPFilter

java.lang.Object

org.overlord.commons.auth.filters.SamlSPFilter

All Implemented Interfaces:

javax.servlet.Filter

public class SamlSPFilter
extends Object
implements javax.servlet.Filter

A Filter that implements a service provider for SAML SSO (web profile). Code originally taken from picketlink-federation. Copied here to avoid waiting for a picketlink upgrade. Changes made will be contributed back to picketlink and this filter will be removed when possible.

Author:

eric.wittmann@redhat.com

Field Summary

Fields

Modifier and Type	Field and Description
protected String	canonicalizationMethod
protected String	configFile
protected String	identityURL
protected org.picketlink.config.federation.PicketLinkType	picketLinkConfiguration
protected String	serviceURL
protected org.picketlink.config.federation.SPType	spConfiguration

Constructor Summary

Constructors

Constructor and Description
SamlSPFilter()

Method Summary

Methods

Modifier and Type	Method and Description
protected org.picketlink.identity.federation.saml.v2.protocol.ResponseType	decryptAssertion(org.picketlink.identity.federation.saml.v2.protocol.ResponseType responseType)
void	destroy()
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)
Principal	handleSAMLResponse(javax.servlet.http.HttpServletRequest request, org.picketlink.identity.federation.saml.v2.protocol.ResponseType responseType) Handle the SAMLResponse from the IDP
void	init(javax.servlet.FilterConfig filterConfig)
protected void	isTrusted(String issuer)
protected void	sendRequestToIDP(org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType authnRequest, String relayState, javax.servlet.http.HttpServletResponse response)
protected void	sendToDestination(Document samlDocument, String relayState, String destination, javax.servlet.http.HttpServletResponse response, boolean request)
protected boolean	validate(javax.servlet.http.HttpServletRequest request)
protected boolean	verifySignature(org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder samlDocumentHolder)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

spConfiguration

protected org.picketlink.config.federation.SPType spConfiguration

picketLinkConfiguration

protected org.picketlink.config.federation.PicketLinkType picketLinkConfiguration

configFile

protected String configFile

serviceURL

protected String serviceURL

identityURL

protected String identityURL

canonicalizationMethod

protected String canonicalizationMethod

Constructor Detail

SamlSPFilter

public SamlSPFilter()

Method Detail

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
            javax.servlet.ServletResponse servletResponse,
            javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

sendRequestToIDP

protected void sendRequestToIDP(org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType authnRequest,
                    String relayState,
                    javax.servlet.http.HttpServletResponse response)
                         throws IOException,
                                SAXException,
                                GeneralSecurityException

Throws:

IOException

SAXException

GeneralSecurityException

sendToDestination

protected void sendToDestination(Document samlDocument,
                     String relayState,
                     String destination,
                     javax.servlet.http.HttpServletResponse response,
                     boolean request)
                          throws IOException,
                                 SAXException,
                                 GeneralSecurityException

Throws:

IOException

SAXException

GeneralSecurityException

validate

protected boolean validate(javax.servlet.http.HttpServletRequest request)
                    throws IOException,
                           GeneralSecurityException

Throws:

IOException

GeneralSecurityException

verifySignature

protected boolean verifySignature(org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder samlDocumentHolder)
                           throws org.picketlink.common.exceptions.fed.IssuerNotTrustedException

Throws:

org.picketlink.common.exceptions.fed.IssuerNotTrustedException

isTrusted

protected void isTrusted(String issuer)
                  throws org.picketlink.common.exceptions.fed.IssuerNotTrustedException

Throws:

org.picketlink.common.exceptions.fed.IssuerNotTrustedException

decryptAssertion

protected org.picketlink.identity.federation.saml.v2.protocol.ResponseType decryptAssertion(org.picketlink.identity.federation.saml.v2.protocol.ResponseType responseType)

handleSAMLResponse

public Principal handleSAMLResponse(javax.servlet.http.HttpServletRequest request,
                           org.picketlink.identity.federation.saml.v2.protocol.ResponseType responseType)
                             throws org.picketlink.common.exceptions.ConfigurationException,
                                    org.picketlink.common.exceptions.fed.AssertionExpiredException

Handle the SAMLResponse from the IDP

Parameters:

request - entire request from IDP

responseType - ResponseType that has been generated

serverEnvironment - tomcat,jboss etc

Returns:

Throws:

org.picketlink.common.exceptions.fed.AssertionExpiredException

org.picketlink.common.exceptions.ConfigurationException