com.onelogin.saml2.settings.SettingsBuilder Java Examples

The following examples show how to use com.onelogin.saml2.settings.SettingsBuilder. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up
private void initIdpEndpoints(IDPSSODescriptor idpSsoDescriptor, HashMap<String, Object> configProperties)
        throws SamlConfigException {
    SingleSignOnService singleSignOnService = this.findSingleSignOnService(idpSsoDescriptor,
            "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");

    configProperties.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY,
            singleSignOnService.getLocation());
    configProperties.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY,
            singleSignOnService.getBinding());
    configProperties.put(SettingsBuilder.IDP_ENTITYID_PROPERTY_KEY, this.esSettings.get("idp.entity_id"));

    SingleLogoutService singleLogoutService = this.findSingleLogoutService(idpSsoDescriptor,
            "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");

    if (singleLogoutService != null) {
        configProperties.put(SettingsBuilder.IDP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY,
                singleLogoutService.getLocation());
        configProperties.put(SettingsBuilder.IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY,
                singleLogoutService.getBinding());
    } else {
        log.warn(
                "The IdP does not provide a Single Logout Service. In order to ensure that users have to re-enter their password after logging out, Open Distro Security will issue all SAML authentication requests with a mandatory password input (ForceAuthn=true)");
    }
}
 
Example #2
Source File: SSOControllerTest.java    From uyuni with GNU General Public License v2.0 6 votes vote down vote up
public void setUp() throws Exception {
    super.setUp();
    Map<String, Object> samlData = new HashMap<>();
    SettingsBuilder builder = new SettingsBuilder();
    samlData.put("onelogin.saml2.sp.entityid", "https://localhost/metadata.jsp");
    samlData.put("onelogin.saml2.sp.assertion_consumer_service.url", new URL("https://localhost/acs.jsp"));
    samlData.put("onelogin.saml2.security.want_xml_validation", true);
    samlData.put("onelogin.saml2.idp.entityid", "https://idp");
    samlData.put("onelogin.saml2.idp.single_sign_on_service.url", "https://idp/sso");
    samlData.put("onelogin.saml2.idp.x509cert", "-----BEGIN CERTIFICATE-----\n" +
            "MIICNDCCAZ2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADA3MQswCQYDVQQGEwJ1czEM\n" +
            "MAoGA1UECAwDZm9vMQwwCgYDVQQKDANiYXIxDDAKBgNVBAMMA3llczAeFw0xOTA1\n" +
            "MDkxNjI5MjlaFw0yMDA1MDgxNjI5MjlaMDcxCzAJBgNVBAYTAnVzMQwwCgYDVQQI\n" +
            "DANmb28xDDAKBgNVBAoMA2JhcjEMMAoGA1UEAwwDeWVzMIGfMA0GCSqGSIb3DQEB\n" +
            "AQUAA4GNADCBiQKBgQDDxirCp0Fyr3lM+qciXW1oOKegScth2uVzCbah9+JyEB4S\n" +
            "dFSPdsT9BB5Jj2/BZlQVHTr9C3TXaow79tSg1IDVjGwhSDQLnkfkXRr3h+reQFlj\n" +
            "/zCS7gi2Yv+KJG9/ZODDSUp/YrDWuGLQfScR3KGZxxPd//vPLaE/yocuK3kdzQID\n" +
            "AQABo1AwTjAdBgNVHQ4EFgQU2nQoIcw2rwCVj1Mxh7PYnUs4qjIwHwYDVR0jBBgw\n" +
            "FoAU2nQoIcw2rwCVj1Mxh7PYnUs4qjIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\n" +
            "AQ0FAAOBgQAkGZg7TM7DCKLFM1E7rcPfg5SLPGueNbDK3i5oizrMa//L7auVRM+r\n" +
            "jHaIbhGK5KlF5vaabSygxRTfgtI4Npv6aF3Bs57sqKsIVnxaOm+w7VUAB4Yv9Riz\n" +
            "FHQbixAeSxYR8QKSjSvQKdrCrbksUUOudq0eB+Wfir+HFIIW1tgh1g==\n" +
            "-----END CERTIFICATE-----");
    Saml2Settings settings = builder.fromValues(samlData).build();
    SSOController.setSsoConfig(Optional.of(settings));
}
 
Example #3
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
Saml2Settings get() throws SamlConfigException {
    try {
        HashMap<String, Object> configProperties = new HashMap<>();

        EntityDescriptor entityDescriptor = this.metadataResolver
                .resolveSingle(new CriteriaSet(new EntityIdCriterion(this.idpEntityId)));

        if (entityDescriptor == null) {
            throw new SamlConfigException("Could not find entity descriptor for " + this.idpEntityId);
        }

        IDPSSODescriptor idpSsoDescriptor = entityDescriptor
                .getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");

        if (idpSsoDescriptor == null) {
            throw new SamlConfigException("Could not find IDPSSODescriptor supporting SAML 2.0 in "
                    + this.idpEntityId + "; role descriptors: " + entityDescriptor.getRoleDescriptors());
        }

        initIdpEndpoints(idpSsoDescriptor, configProperties);
        initIdpCerts(idpSsoDescriptor, configProperties);

        initSpEndpoints(configProperties);

        initMisc(configProperties);

        SettingsBuilder settingsBuilder = new SettingsBuilder();

        // TODO allow overriding of IdP metadata?
        settingsBuilder.fromValues(configProperties);
        settingsBuilder.fromValues(new SamlSettingsMap(this.esSettings));

        return settingsBuilder.build();
    } catch (ResolverException e) {
        throw new AuthenticatorUnavailableException(e);
    }
}
 
Example #4
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private void initSpEndpoints(HashMap<String, Object> configProperties) {
    configProperties.put(SettingsBuilder.SP_ASSERTION_CONSUMER_SERVICE_URL_PROPERTY_KEY,
            this.buildKibanaAssertionConsumerEndpoint(this.esSettings.get("kibana_url")));
    configProperties.put(SettingsBuilder.SP_ASSERTION_CONSUMER_SERVICE_BINDING_PROPERTY_KEY,
            "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
    configProperties.put(SettingsBuilder.SP_ENTITYID_PROPERTY_KEY, this.esSettings.get("sp.entity_id"));
}
 
Example #5
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private void initIdpCerts(IDPSSODescriptor idpSsoDescriptor, HashMap<String, Object> configProperties) {
    int i = 0;

    for (KeyDescriptor keyDescriptor : idpSsoDescriptor.getKeyDescriptors()) {
        if (UsageType.SIGNING.equals(keyDescriptor.getUse())
                || UsageType.UNSPECIFIED.equals(keyDescriptor.getUse())) {
            for (X509Data x509data : keyDescriptor.getKeyInfo().getX509Datas()) {
                for (X509Certificate x509Certificate : x509data.getX509Certificates()) {
                    configProperties.put(SettingsBuilder.IDP_X509CERTMULTI_PROPERTY_KEY + "." + (i++),
                            x509Certificate.getValue());
                }
            }
        }
    }
}
 
Example #6
Source File: SSOConfig.java    From uyuni with GNU General Public License v2.0 5 votes vote down vote up
private SSOConfig() {

        final Map<String, Object> samlData = new HashMap<>();
        Config.get().getNamespaceProperties(ConfigDefaults.get().SINGLE_SIGN_ON_ENABLED).forEach((k, v) -> {
            if (k.toString().startsWith(ConfigDefaults.get().SINGLE_SIGN_ON_ENABLED + ".")) {
                LOG.info("putting " + k.toString() + " into SAML configuration");
                samlData.put(k.toString().replace(
                        ConfigDefaults.get().SINGLE_SIGN_ON_ENABLED + ".", ""),
                        Config.get().getString((String) k));
            }
            final SettingsBuilder builder = new SettingsBuilder();
            singletonConfig = builder.fromValues(samlData).build();
        });
    }
 
Example #7
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 4 votes vote down vote up
private void initMisc(HashMap<String, Object> configProperties) {
    configProperties.put(SettingsBuilder.STRICT_PROPERTY_KEY, true);
    configProperties.put(SettingsBuilder.SECURITY_REJECT_UNSOLICITED_RESPONSES_WITH_INRESPONSETO, true);
}
 
Example #8
Source File: ConfigurationService.java    From guacamole-client with Apache License 2.0 4 votes vote down vote up
/**
 * Returns the collection of SAML settings used to initialize the client.
 *
 * @return
 *     The collection of SAML settings used to initialize the SAML client.
 *
 * @throws GuacamoleException
 *     If guacamole.properties cannot be parsed or if required parameters
 *     are missing.
 */
public Saml2Settings getSamlSettings() throws GuacamoleException {

    // Try to get the XML file, first.
    URI idpMetadata = getIdpMetadata();
    Map<String, Object> samlMap;
    if (idpMetadata != null) {
        try {
            samlMap = IdPMetadataParser.parseRemoteXML(idpMetadata.toURL());
        }
        catch (Exception e) {
            throw new GuacamoleServerException(
                    "Could not parse SAML IdP Metadata file.", e);
        }
    }

    // If no XML metadata is provided, fall-back to individual values.
    else {
        samlMap = new HashMap<>();
        samlMap.put(SettingsBuilder.IDP_ENTITYID_PROPERTY_KEY,
                getIdpUrl().toString());
        samlMap.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY,
                getIdpUrl().toString());
        samlMap.put(SettingsBuilder.IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY,
                Constants.BINDING_HTTP_REDIRECT);
    }

    // Read entity ID from properties if not provided within metadata XML
    if (!samlMap.containsKey(SettingsBuilder.SP_ENTITYID_PROPERTY_KEY)) {
        URI entityId = getEntityId();
        if (entityId == null)
            throw new GuacamoleServerException("SAML Entity ID was not found"
                    + " in either the metadata XML file or guacamole.properties");
        samlMap.put(SettingsBuilder.SP_ENTITYID_PROPERTY_KEY, entityId.toString());
    }

    // Derive ACS URL from properties if not provided within metadata XML
    if (!samlMap.containsKey(SettingsBuilder.SP_ASSERTION_CONSUMER_SERVICE_URL_PROPERTY_KEY)) {
        samlMap.put(SettingsBuilder.SP_ASSERTION_CONSUMER_SERVICE_URL_PROPERTY_KEY,
                UriBuilder.fromUri(getCallbackUrl()).path("api/ext/saml/callback").build().toString());
    }

    SettingsBuilder samlBuilder = new SettingsBuilder();
    Saml2Settings samlSettings = samlBuilder.fromValues(samlMap).build();
    samlSettings.setStrict(getStrict());
    samlSettings.setDebug(getDebug());
    samlSettings.setCompressRequest(getCompressRequest());
    samlSettings.setCompressResponse(getCompressResponse());

    return samlSettings;
}