Examples of org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest

• org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest
  Default SAML2HandlerRequest @author Anil.Saldhana@redhat.com @since Oct 1, 2009

            //Create the request/response
            SAML2HandlerRequest saml2HandlerRequest =
               new DefaultSAML2HandlerRequest(protocolContext,
                     holder.getIssuer(), null,
                     HANDLER_TYPE.SP);
            SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

            saml2HandlerResponse.setDestination(identityURL);

            //Reset the state
            try
            {
               for(SAML2Handler handler: handlers)
               {
                  handler.reset();
                  if(saml2HandlerResponse.isInError())
                  {
                     response.sendError(saml2HandlerResponse.getErrorCode());
                     break;
                  }
                  saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
                  handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
               }
            }
            catch(ProcessingException pe)
            {
               throw new RuntimeException(pe);
            }
            Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
            String relayState = saml2HandlerResponse.getRelayState();

            String destination = saml2HandlerResponse.getDestination();


            if(destination != null &&
                  samlResponseDocument != null)
            {
               try
               {
                  this.sendToDestination(samlResponseDocument, relayState, destination, response);
               }
               catch (Exception e)
               {
                  if(trace)
                     log.trace("Exception:",e);
                  throw new ServletException("Server Error");
               }
               return;
            }
         }

         //See if we got a response from IDP
         if(samlResponse != null && samlResponse.length() > 0 )
         {
            boolean isValid = false;
            try
            {
               isValid = this.validate(request);
            }
            catch (Exception e)
            {
               throw new ServletException(e);
            }
            if(!isValid)
               throw new ServletException("Validity check failed");

            //deal with SAML response from IDP
            byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
            InputStream is = new ByteArrayInputStream(base64DecodedResponse);

            try
            {
               SAML2Response saml2Response = new SAML2Response();

               SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is);

               Set<SAML2Handler> handlers = chain.handlers();
               IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
               ProtocolContext protocolContext = new HTTPContext(request,response, context);
               //Create the request/response
               SAML2HandlerRequest saml2HandlerRequest =
                  new DefaultSAML2HandlerRequest(protocolContext,
                        holder.getIssuer(), samlObject,
                        HANDLER_TYPE.SP);

               Map<String,Object> requestOptions = new HashMap<String,Object>();
               requestOptions.put(GeneralConstants.CONFIGURATION, this.spConfiguration);
               saml2HandlerRequest.setOptions(requestOptions);

               SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

               //Deal with handler chains
               for(SAML2Handler handler : handlers)
               {
                  if(saml2HandlerResponse.isInError())
                  {
                     response.sendError(saml2HandlerResponse.getErrorCode());
                     break;
                  }
                  if(samlObject instanceof RequestAbstractType)
                  {
                     handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
                  }
                  else
                  {
                     handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
                  }
               }

               Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
               String relayState = saml2HandlerResponse.getRelayState();

               String destination = saml2HandlerResponse.getDestination();


               if(destination != null &&
                     samlResponseDocument != null)
               {

            holder = new IssuerInfoHolder(this.serviceURL);
        } else {
            holder = new IssuerInfoHolder(issuer);
        }

        return new DefaultSAML2HandlerRequest(httpContext, holder.getIssuer(), documentHolder, HANDLER_TYPE.SP);
    }

                    String issuer = null;
                    IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
                    ProtocolContext protocolContext = new HTTPContext(request, response, context);
                    // Create the request/response
                    SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
                            idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);

                    saml2HandlerRequest.setRelayState(relayState);

                    SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

                    Set<SAML2Handler> handlers = chain.handlers();

                    if (samlObject instanceof StatusResponseType) {
                        statusResponseType = (StatusResponseType) samlObject;
                        issuer = statusResponseType.getIssuer().getValue();
                        webRequestUtil.isTrusted(issuer);

                        if (handlers != null) {
                            for (SAML2Handler handler : handlers) {
                                handler.reset();
                                handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
                                willSendRequest = saml2HandlerResponse.getSendRequest();
                            }
                        }
                    } else
                        throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
                                + samlObject.getClass().getName());

                    samlResponse = saml2HandlerResponse.getResultingDocument();
                    relayState = saml2HandlerResponse.getRelayState();

                    destination = saml2HandlerResponse.getDestination();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }

            } else
            // Send valid saml response after processing the request
            if (samlRequestMessage != null) {
                // Get the SAML Request Message
                RequestAbstractType requestAbstractType = null;

                try {
                    samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
                    samlObject = samlDocumentHolder.getSamlObject();

                    boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                    boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
                            samlRequestMessage, null), isPost);

                    if (!isValid)
                        throw new GeneralSecurityException(ErrorCodes.VALIDATION_CHECK_FAILED + "Validation check failed");

                    String issuer = null;
                    IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
                    ProtocolContext protocolContext = new HTTPContext(request, response, context);
                    // Create the request/response
                    SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
                            idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
                    saml2HandlerRequest.setRelayState(relayState);

                    // Set the options on the handler request
                    Map<String, Object> requestOptions = new HashMap<String, Object>();
                    requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
                    requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);

                    Map<String, Object> attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
                    requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);

                    saml2HandlerRequest.setOptions(requestOptions);

                    List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID);
                    if (roles == null) {
                        roles = roleGenerator.generateRoles(userPrincipal);
                        session.setAttribute(GeneralConstants.ROLES_ID, roles);

                throw logger.samlIDPValidationCheckFailed();

            IssuerInfoHolder idpIssuer = new IssuerInfoHolder(getIdentityURL());
            ProtocolContext protocolContext = new HTTPContext(request, response, getContext().getServletContext());
            // Create the request/response
            SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext, idpIssuer.getIssuer(),
                    samlDocumentHolder, HANDLER_TYPE.IDP);
            saml2HandlerRequest.setRelayState(relayState);
            if (StringUtil.isNotNull(loginType)) {
                saml2HandlerRequest.addOption(GeneralConstants.LOGIN_TYPE, loginType);
            }

            String assertionID = (String) session.getSession().getAttribute(GeneralConstants.ASSERTION_ID);

            // Set the options on the handler request
            Map<String, Object> requestOptions = new HashMap<String, Object>();

            requestOptions.put(GeneralConstants.IGNORE_SIGNATURES, willIgnoreSignatureOfCurrentRequest(issuer));
            requestOptions.put(GeneralConstants.SP_SSO_METADATA_DESCRIPTOR, spSSOMetadataMap.get(issuer));
            requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
            requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
            requestOptions.put(GeneralConstants.SAML_IDP_STRICT_POST_BINDING, this.idpConfiguration.isStrictPostBinding());
            requestOptions.put(GeneralConstants.SUPPORTS_SIGNATURES, this.idpConfiguration.isSupportsSignature());

            if (assertionID != null)
                requestOptions.put(GeneralConstants.ASSERTION_ID, assertionID);

            if (this.keyManager != null) {
                PublicKey validatingKey = getIssuerPublicKey(request, issuer);
                requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY, validatingKey);
                requestOptions.put(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
            }

            // if this is a SAML AuthnRequest load the roles using the generator.
            if (requestAbstractType instanceof AuthnRequestType) {
                List<String> roles = roleGenerator.generateRoles(userPrincipal);
                session.getSession().setAttribute(GeneralConstants.ROLES_ID, roles);

                Map<String, Object> attribs = this.attribManager.getAttributes(
                                     passUserPrincipalToAttributeManager == true
                                         ?  request.getUserPrincipal()
                                         : userPrincipal,
                                     attributeKeys);
                requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
            }

            if (auditHelper != null) {
                requestOptions.put(GeneralConstants.AUDIT_HELPER, auditHelper);
                requestOptions.put(GeneralConstants.CONTEXT_PATH, contextPath);
            }

            saml2HandlerRequest.setOptions(requestOptions);

            SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

            Set<SAML2Handler> handlers = chain.handlers();

                throw logger.samlIDPValidationCheckFailed();

            IssuerInfoHolder idpIssuer = new IssuerInfoHolder(getIdentityURL());
            ProtocolContext protocolContext = new HTTPContext(request, response, getContext().getServletContext());
            // Create the request/response
            SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext, idpIssuer.getIssuer(),
                    samlDocumentHolder, HANDLER_TYPE.IDP);
            Map<String, Object> options = new HashMap<String, Object>();

            if (this.idpConfiguration.isSupportsSignature() || this.idpConfiguration.isEncrypt()) {
                PublicKey publicKey = getIssuerPublicKey(request, issuer);
                options.put(GeneralConstants.SENDER_PUBLIC_KEY, publicKey);
            }

            options.put(GeneralConstants.SAML_IDP_STRICT_POST_BINDING, this.idpConfiguration.isStrictPostBinding());
            options.put(GeneralConstants.SUPPORTS_SIGNATURES, this.idpConfiguration.isSupportsSignature());
            if (auditHelper != null) {
                options.put(GeneralConstants.AUDIT_HELPER, auditHelper);
                options.put(GeneralConstants.CONTEXT_PATH, contextPath);
            }

            saml2HandlerRequest.setOptions(options);
            saml2HandlerRequest.setRelayState(relayState);

            SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();

            Set<SAML2Handler> handlers = chain.handlers();

        SAML2Object saml2Object = new SAML2Object() {
        };

        SAMLDocumentHolder docHolder = new SAMLDocumentHolder(saml2Object, null);
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
                SAML2Handler.HANDLER_TYPE.IDP);
        SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();

        session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() {
            public String getName() {

        ResponseType saml2Object = new SAML2Response().createResponseType("fake_id");

        SAMLDocumentHolder docHolder = new SAMLDocumentHolder(saml2Object, null);
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
                SAML2Handler.HANDLER_TYPE.IDP);
        SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();

        AssertionType assertion = new AssertionType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant());

        Map<String, Object> myattr = new HashMap<String, Object>();
        myattr.put("testKey", "hello");
        AttributeStatementType attState = StatementUtil.createAttributeStatement(myattr);
        assertion.addStatement(attState);

        request.addOption(GeneralConstants.ASSERTION, assertion);
        handler.handleStatusResponseType(request, response);

        Map<String, List<Object>> sessionMap = (Map<String, List<Object>>) session
                .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP);
        assertNotNull(sessionMap);

        AuthnRequestType authnRequestType = new AuthnRequestType("ID_123456789", null);
        authnRequestType.setIssuer(issuer);
        SAMLDocumentHolder documentHolder = new SAMLDocumentHolder(authnRequestType);

        // Create request and response
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, null, documentHolder,
              SAML2Handler.HANDLER_TYPE.IDP);
        SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();

        // Test localhost
        issuer.setValue("http://localhost:8080/sales");

        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        // Create handler request and response
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/sales/");
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), null,
                SAML2Handler.HANDLER_TYPE.SP);
        request.setTypeOfRequestToBeGenerated(SAML2HandlerRequest.GENERATE_REQUEST_TYPE.AUTH);
        SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();

        // 2) GENERATE SAML AUTHENTICATION REQUEST

        // Generate SAML AuthnRequest with handlers

    private SAML2HandlerResponse sendRequestToIdp(AuthnRequestType authnRequest, Document samlReqDoc, HTTPContext httpContext,
            SAML2HandlerConfig handlerConfig) throws Exception {
        // Generate handler request and handler response for IDP
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
        SAMLDocumentHolder docHolder = new SAMLDocumentHolder(authnRequest, samlReqDoc);
        SAML2HandlerRequest idpHandlerRequest = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
                SAML2Handler.HANDLER_TYPE.IDP);
        idpHandlerRequest.addOption(GeneralConstants.ASSERTIONS_VALIDITY, 10000l);
        SAML2HandlerResponse idpHandlerResponse = new DefaultSAML2HandlerResponse();

        // Create chainConfig for IDP
        Map<String, Object> chainOptionsIdp = new HashMap<String, Object>();
        IDPType idpType = new IDPType();