Package org.pac4j.saml.exceptions

Examples of org.pac4j.saml.exceptions.SamlException

434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
     */
    protected void validateAudienceRestrictions(final List<AudienceRestriction> audienceRestrictions,
            final String spEntityId) {

        if (audienceRestrictions == null || audienceRestrictions.size() == 0) {
            throw new SamlException("Audience restrictions cannot be null or empty");
        }

        Set<String> audienceUris = new HashSet<String>();
        for (AudienceRestriction audienceRestriction : audienceRestrictions) {
            if (audienceRestriction.getAudiences() != null) {
                for (Audience audience : audienceRestriction.getAudiences()) {
                    audienceUris.add(audience.getAudienceURI());
                }
            }
        }
        if (!audienceUris.contains(spEntityId)) {
            throw new SamlException("Assertion audience " + audienceUris + " does not match SP configuration "
                    + spEntityId);
        }
    }
View Full Code Here
464
465
466
467
468
469
470
471
472
473
474
475
476
    protected void validateAuthenticationStatements(final List<AuthnStatement> authnStatements,
            final ExtendedSAMLMessageContext context) {

        for (AuthnStatement statement : authnStatements) {
            if (!isAuthnInstantValid(statement.getAuthnInstant())) {
                throw new SamlException("Authentication issue instant is too old or in the future");
            }
            if (statement.getSessionNotOnOrAfter() != null && statement.getSessionNotOnOrAfter().isBeforeNow()) {
                throw new SamlException("Authentication session between IDP and subject has ended");
            }
            // TODO implement authnContext validation
        }
    }
View Full Code Here
487
488
489
490
491
492
493
494
            final SignatureTrustEngine engine) {
        if (signature != null) {
            validateSignature(signature, context.getPeerEntityMetadata().getEntityID(), engine);
        } else if (((SPSSODescriptor) context.getLocalEntityRoleMetadata()).getWantAssertionsSigned()
                && !context.isInboundSAMLMessageAuthenticated()) {
            throw new SamlException("Assertion or response must be signed");
        }
    }
View Full Code Here
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
        SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
        try {
            validator.validate(signature);
        } catch (ValidationException e) {
            throw new SamlException("SAMLSignatureProfileValidator failed to validate signature", e);
        }

        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
        criteriaSet.add(new EntityIDCriteria(idpEntityId));

        boolean valid = false;
        try {
            valid = trustEngine.validate(signature, criteriaSet);
        } catch (SecurityException e) {
            throw new SamlException("An error occured during signature validation", e);
        }
        if (!valid) {
            throw new SamlException("Signature is not trusted");
        }
    }
View Full Code Here
40
41
42
43
44
45
46
47
48
        for (SingleSignOnService service : services) {
            if (service.getBinding().equals(binding)) {
                return service;
            }
        }
        throw new SamlException("Identity provider has no single sign on service available for the selected profile"
                + idpssoDescriptor);

    }
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
            for (AssertionConsumerService service : services) {
                if (acsIndex.equals(service.getIndex())) {
                    return service;
                }
            }
            throw new SamlException("Assertion consumer service with index " + acsIndex
                    + " could not be found for spDescriptor " + spDescriptor);
        }

        // Get default
        if (spDescriptor.getDefaultAssertionConsumerService() != null) {
            return spDescriptor.getDefaultAssertionConsumerService();
        }

        // Get first
        if (services.size() > 0) {
            return services.iterator().next();
        }

        throw new SamlException("No assertion consumer services could be found for " + spDescriptor);

    }
View Full Code Here
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
        try {
            entityDescriptor = this.metadata.getEntityDescriptor(this.spEntityId);
            roleDescriptor = this.metadata.getRole(this.spEntityId, SPSSODescriptor.DEFAULT_ELEMENT_NAME,
                    SAMLConstants.SAML20P_NS);
        } catch (MetadataProviderException e) {
            throw new SamlException("An error occured while getting SP descriptors", e);
        }

        if (entityDescriptor == null || roleDescriptor == null) {
            throw new SamlException("Cannot find entity " + this.spEntityId + " or role "
                    + SPSSODescriptor.DEFAULT_ELEMENT_NAME + " in metadata provider");
        }

        context.setLocalEntityMetadata(entityDescriptor);
        context.setLocalEntityRoleMetadata(roleDescriptor);
View Full Code Here
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
        try {
            entityDescriptor = this.metadata.getEntityDescriptor(this.idpEntityId);
            roleDescriptor = this.metadata.getRole(this.idpEntityId, IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
                    SAMLConstants.SAML20P_NS);
        } catch (MetadataProviderException e) {
            throw new SamlException("An error occured while getting IDP descriptors", e);
        }

        if (entityDescriptor == null || roleDescriptor == null) {
            throw new SamlException("Cannot find entity " + this.idpEntityId + " or role "
                    + IDPSSODescriptor.DEFAULT_ELEMENT_NAME + " in metadata provider");
        }

        context.setPeerEntityMetadata(entityDescriptor);
        context.setPeerEntityRoleMetadata(roleDescriptor);
View Full Code Here
63
64
65
66
67
68
69
70
            CriteriaSet cs = new CriteriaSet();
            EntityIDCriteria criteria = new EntityIDCriteria(this.privateKey);
            cs.add(criteria);
            return this.credentialResolver.resolveSingle(cs);
        } catch (org.opensaml.xml.security.SecurityException e) {
            throw new SamlException("Can't obtain SP private key", e);
        }
    }
View Full Code Here
74
75
76
77
78
79
80
81
82
83
84
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(inputStream, storePasswd == null ? null : storePasswd.toCharArray());
            return ks;
        } catch (Exception e) {
            this.logger.error("Error loading keystore", e);
            throw new SamlException("Error loading keystore", e);
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
View Full Code Here
TOP

Related Classes of org.pac4j.saml.exceptions.SamlException

  • org.pac4j.saml.client.Saml2Client
  • org.pac4j.saml.context.Saml2ContextProvider
  • org.pac4j.saml.crypto.CredentialProvider
  • org.pac4j.saml.metadata.Saml2MetadataGenerator
  • org.pac4j.saml.sso.Saml2ResponseValidator
  • org.pac4j.saml.sso.Saml2WebSSOProfileHandler
  • org.pac4j.saml.util.SamlUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.