org.opensaml.saml2.core.Response类的使用及代码示例
本文整理了Java中org.opensaml.saml2.core.Response类的一些代码示例,展示了Response类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Response类的具体详情如下:
包路径:org.opensaml.saml2.core.Response
类名称:Response
Response介绍
[英]SAML 2.0 Core Response.
[中]SAML2.0核心响应。
代码示例
代码示例来源:origin: cloudfoundry/uaa
private Response createResponse(SAMLMessageContext context, AssertionConsumerService assertionConsumerService,
Assertion assertion, AuthnRequest authnRequest) {
@SuppressWarnings("unchecked")
SAMLObjectBuilder<Response> responseBuilder = (SAMLObjectBuilder<Response>) builderFactory
.getBuilder(Response.DEFAULT_ELEMENT_NAME);
Response response = responseBuilder.buildObject();
buildCommonAttributes(context.getLocalEntityId(), response, assertionConsumerService, authnRequest);
response.getAssertions().add(assertion);
buildStatusSuccess(response);
return response;
}代码示例来源:origin: cloudfoundry/uaa
private void buildCommonAttributes(String localEntityId, Response response, Endpoint service,
AuthnRequest authnRequest) {
response.setID(generateID());
response.setIssuer(getIssuer(localEntityId));
response.setInResponseTo(authnRequest.getID());
response.setVersion(SAMLVersion.VERSION_20);
response.setIssueInstant(new DateTime());
if (service != null) {
response.setDestination(service.getLocation());
}
}代码示例来源:origin: cloudfoundry/uaa
public static Response wrapAssertionIntoResponse(Assertion assertion, String assertionIssuer) {
Response response = new ResponseBuilder().buildObject();
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(assertionIssuer);
response.setIssuer(issuer);
response.setID("id-" + System.currentTimeMillis());
Status stat = new StatusBuilder().buildObject();
// Set the status code
StatusCode statCode = new StatusCodeBuilder().buildObject();
statCode.setValue("urn:oasis:names:tc:SAML:2.0:status:Success");
stat.setStatusCode(statCode);
// Set the status Message
StatusMessage statMesssage = new StatusMessageBuilder().buildObject();
statMesssage.setMessage(null);
stat.setStatusMessage(statMesssage);
response.setStatus(stat);
response.setVersion(SAMLVersion.VERSION_20);
response.setIssueInstant(new DateTime());
response.getAssertions().add(assertion);
//XMLHelper.adoptElement(assertion.getDOM(), assertion.getDOM().getOwnerDocument());
return response;
}代码示例来源:origin: cloudfoundry/uaa
@Test
public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException,
SecurityException, MarshallingException, SignatureException {
String authenticationId = UUID.randomUUID().toString();
Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId);
SAMLMessageContext context = samlTestUtils.mockSamlMessageContext();
IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions();
options.setAssertionsSigned(false);
profile.buildResponse(authentication, context, options);
AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage();
Response response = (Response) context.getOutboundSAMLMessage();
assertEquals(request.getID(), response.getInResponseTo());
Assertion assertion = response.getAssertions().get(0);
Subject subject = assertion.getSubject();
assertEquals("marissa", subject.getNameID().getValue());
assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat());
SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0);
SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
assertEquals(request.getID(), subjectConfirmationData.getInResponseTo());
verifyAssertionAttributes(authenticationId, assertion);
}代码示例来源:origin: org.opensaml/opensaml
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
throws UnmarshallingException {
Response resp = (Response) parentSAMLObject;
if (childSAMLObject instanceof Assertion) {
resp.getAssertions().add((Assertion) childSAMLObject);
} else if (childSAMLObject instanceof EncryptedAssertion) {
resp.getEncryptedAssertions().add((EncryptedAssertion) childSAMLObject);
} else {
super.processChildElement(parentSAMLObject, childSAMLObject);
}
}代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine
@Override
public Response build() {
Response saml2Response = new ResponseBuilder().buildObject();
saml2Response.setIssueInstant(issueInstant);
saml2Response.setVersion(SAMLVersion.VERSION_20);
saml2Response.setID(id);
saml2Response.setInResponseTo(inResponseTo);
saml2Response.setIssuer(issuer);
saml2Response.setStatus(status);
saml2Response.setSignature(signature);
if(assertions.size() >0){
for (Assertion assertion : assertions) {
saml2Response.getAssertions().add(assertion);
}
}
return saml2Response;
}
}代码示例来源:origin: org.wso2.carbon.identity.framework/org.wso2.carbon.identity.entitlement
.getBuilder(Response.DEFAULT_ELEMENT_NAME);
Response response = builder.buildObject();
response.getAssertions().add(assertion);
response.setIssuer(createIssuer());
DateTime issueInstant = new DateTime();
response.setIssueInstant(issueInstant);
response = setSignature(response, XMLSignature.ALGO_ID_SIGNATURE_RSA, createBasicCredentials());
try {代码示例来源:origin: coveo/saml-client
private void validateSignature(Response response) throws SamlException {
Signature responseSignature = response.getSignature();
Signature assertionSignature = response.getAssertions().get(0).getSignature();
if (responseSignature == null && assertionSignature == null) {
throw new SamlException("No signature is present in either response or assertion");
}
if (responseSignature != null && !validate(responseSignature)) {
throw new SamlException("The response signature is invalid");
}
if (assertionSignature != null && !validate(assertionSignature)) {
throw new SamlException("The assertion signature is invalid");
}
}代码示例来源:origin: org.springframework.security.extensions/spring-security-saml2-core
String statusCode = response.getStatus().getStatusCode().getValue();
if (!StatusCode.SUCCESS_URI.equals(statusCode)) {
StatusMessage statusMessage = response.getStatus().getStatusMessage();
String statusMessageText = null;
if (statusMessage != null) {
if (response.getSignature() != null && !context.isInboundSAMLMessageAuthenticated()) {
log.debug("Verifying Response signature");
verifySignature(response.getSignature(), context.getPeerEntityId(), context.getLocalTrustEngine());
context.setInboundSAMLMessageAuthenticated(true);
DateTime time = response.getIssueInstant();
if (!isDateTimeSkewValid(getResponseSkew(), time)) {
throw new SAMLException("Response issue time is either too old or with date in the future, skew " + getResponseSkew() + ", time " + time);
if (!context.getPeerExtendedMetadata().isSupportUnsolicitedResponse() && response.getInResponseTo() == null) {
throw new SAMLException("Reception of Unsolicited Response messages (without InResponseToField) is disabled");
if (messageStorage != null && response.getInResponseTo() != null) {
XMLObject xmlObject = messageStorage.retrieveMessage(response.getInResponseTo());
if (xmlObject == null) {
throw new SAMLException("InResponseToField of the Response doesn't correspond to sent message " + response.getInResponseTo());
} else if (xmlObject instanceof AuthnRequest) {
request = (AuthnRequest) xmlObject;
} else {
throw new SAMLException("Sent request was of different type than the expected AuthnRequest " + response.getInResponseTo());
verifyEndpoint(context.getLocalEntityEndpoint(), response.getDestination());代码示例来源:origin: apache/cloudstack
final String samlResponse = ((String[])params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
Response processedSAMLResponse = this.processSAMLResponse(samlResponse);
String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(),
Issuer issuer = processedSAMLResponse.getIssuer();
SAMLProviderMetadata spMetadata = samlAuthManager.getSPMetadata();
SAMLProviderMetadata idpMetadata = samlAuthManager.getIdPMetadata(issuer.getValue());
String responseToId = processedSAMLResponse.getInResponseTo();
s_logger.debug("Received SAMLResponse in response to id=" + responseToId);
SAMLTokenVO token = samlAuthManager.getToken(responseToId);
Signature sig = processedSAMLResponse.getSignature();
if (idpMetadata.getSigningCertificate() != null && sig != null) {
BasicX509Credential credential = new BasicX509Credential();
username = SAMLUtils.getValueFromAssertions(processedSAMLResponse.getAssertions(), SAML2AuthManager.SAMLUserAttributeName.value());
for (Assertion assertion: processedSAMLResponse.getAssertions()) {
if (assertion!= null && assertion.getSubject() != null && assertion.getSubject().getNameID() != null) {
session.setAttribute(SAMLPluginConstants.SAML_NAMEID, assertion.getSubject().getNameID().getValue());
Decrypter decrypter = new Decrypter(null, keyInfoResolver, keyResolver);
decrypter.setRootInNewDocument(true);
List<EncryptedAssertion> encryptedAssertions = processedSAMLResponse.getEncryptedAssertions();
if (encryptedAssertions != null) {
for (EncryptedAssertion encryptedAssertion : encryptedAssertions) {Response samlResponse;
samlResponse = (Response) samlObject;
List<Assertion> assertions = samlResponse.getAssertions();
Assertion assertion = null;
if (assertions != null && assertions.size() > 0) {
assertion = assertions.get(0);
} else {
List<EncryptedAssertion> encryptedAssertions = samlResponse.getEncryptedAssertions();
EncryptedAssertion encryptedAssertion;
if (encryptedAssertions.size() > 0) {
if (samlResponse.getStatus() != null &&
samlResponse.getStatus().getStatusCode() != null &&
samlResponse.getStatus().getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:Responder") &&
samlResponse.getStatus().getStatusCode().getStatusCode() != null &&
samlResponse.getStatus().getStatusCode().getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:NoPassive")) {
if (samlResponse.getStatus() != null &&
samlResponse.getStatus().getStatusMessage() != null) {
log.error(samlResponse.getStatus().getStatusMessage().getMessage());
} else {
log.error("SAML Assertion not found in the Response.");if (validateIssuer(samlResponseObject.getIssuer())) {
if (validateSignature(samlResponseObject.getSignature())) {
List<Assertion> assertionList = samlResponseObject.getAssertions();代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.sso.saml.ui
public static String generateErrorneousResponse() {
Response response = new ResponseBuilder().buildObject();
response.setIssuer(getIssuer());
response.setStatus(buildStatus());
response.setVersion(SAMLVersion.VERSION_20);
response.setID(UIDGenerator.generateUID());
try {
return encode(marshall(response));
} catch (IdentityException e) {
if (log.isDebugEnabled()) {
log.debug("Error while encoding.", e);
}
return null;
}
}代码示例来源:origin: be.fedict.eid-idp/eid-idp-sp-protocol-saml2
if (!samlResponse.getInResponseTo().equals(requestId)) {
Status status = samlResponse.getStatus();
StatusCode statusCode = status.getStatusCode();
String statusValue = statusCode.getValue();
List<Assertion> assertions = samlResponse.getAssertions();
if (assertions.isEmpty()) {
throw new AuthenticationResponseProcessorException(
if (null == samlResponse.getSignature() && expectResponseSigned) {
throw new AuthenticationResponseProcessorException(
"Expected a signed response but was not so! ");
if (null != samlResponse.getSignature()) {
.getCertificates(samlResponse.getSignature()
.getKeyInfo());response.getAssertions().add(assertion);
new SAML2SSOResponseBuilderException(StatusCode.RESPONDER_URI,
"Encryption certificate is not configured.");
ex.setInResponseTo(response.getID());
ex.setAcsUrl(response.getDestination());
throw ex;
new SAML2SSOResponseBuilderException(StatusCode.RESPONDER_URI,
"Invalid encoded certificate: " + encodedCert);
ex.setInResponseTo(response.getID());
ex.setAcsUrl(response.getDestination());
throw ex;
"Error occurred while encrypting assertion.", e);
ex.setInResponseTo(assertion.getID());
ex.setAcsUrl(response.getDestination());
throw ex;
"Error occurred while encrypting assertion.", e);
ex.setInResponseTo(assertion.getID());
ex.setAcsUrl(response.getDestination());
throw ex;
response.getEncryptedAssertions().add(encryptedAssertion);代码示例来源:origin: org.adeptnet.auth/auth-saml
private void validate(final Response response) throws ValidationException {
if (response.getStatus() == null
|| response.getStatus().getStatusCode() == null
|| !(StatusCode.SUCCESS_URI
.equals(response.getStatus().getStatusCode().getValue()))) {
throw new ValidationException("Response has an unsuccessful status code");
if (!config.getSPConfig().getAcs().equals(response.getDestination())) {
throw new ValidationException("Response is destined for a different endpoint");
final DateTime issueInstant = response.getIssueInstant();
for (Assertion assertion : response.getAssertions()) {代码示例来源:origin: org.wso2.carbon.identity.carbon.auth.saml2/org.wso2.carbon.identity.authenticator.saml2.sso
/**
* Validate the signature of a SAML2 Response
*
* @param response SAML2 Response
* @param domainName domain name of the subject
* @return true, if signature is valid.
*/
private boolean validateSignature(Response response, String domainName) {
boolean isSignatureValid = false;
if (response == null || response.getSignature() == null) {
log.error("SAML Response is not signed or response not available. Authentication process will be " +
"terminated.");
} else {
if (log.isDebugEnabled()) {
log.debug("Validating SAML Response Signature.");
}
isSignatureValid = validateSignature(response.getSignature(), domainName);
}
return isSignatureValid;
}代码示例来源:origin: lastpass/saml-sdk-java
Signature sig = response.getSignature();
if (sig != null)
sigValidator.validate(sig);
if (response.getStatus() == null ||
response.getStatus().getStatusCode() == null ||
!(StatusCode.SUCCESS_URI
.equals(response.getStatus().getStatusCode().getValue()))) {
throw new ValidationException(
"Response has an unsuccessful status code");
if (!spConfig.getAcs().equals(response.getDestination()))
throw new ValidationException(
"Response is destined for a different endpoint");
DateTime issueInstant = response.getIssueInstant();代码示例来源:origin: apache/cloudstack
final String samlResponse = ((String[])params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse);
String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(),代码示例来源:origin: coveo/saml-client
private void validateResponse(Response response) throws SamlException {
try {
new ResponseSchemaValidator().validate(response);
} catch (ValidationException ex) {
throw new SamlException("The response schema validation failed", ex);
}
if (!response.getIssuer().getValue().equals(responseIssuer)) {
throw new SamlException("The response issuer didn't match the expected value");
}
String statusCode = response.getStatus().getStatusCode().getValue();
if (!statusCode.equals("urn:oasis:names:tc:SAML:2.0:status:Success")) {
throw new SamlException("Invalid status code: " + statusCode);
}
}内容来源于网络,如有侵权,请联系作者删除!
