Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
benjamin.ertl
aai-identity-harmonization
Commits
0ac9b296
Commit
0ac9b296
authored
Mar 15, 2016
by
benjamin.ertl
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
saml delegation
parent
a479a9a5
Changes
8
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
1264 additions
and
245 deletions
+1264
-245
assertions/fbhcfgee
assertions/fbhcfgee
+51
-0
pom.xml
pom.xml
+23
-4
src/main/java/edu/kit/scc/AuthenticationController.java
src/main/java/edu/kit/scc/AuthenticationController.java
+271
-9
src/main/java/edu/kit/scc/EncryptedAssertion.java
src/main/java/edu/kit/scc/EncryptedAssertion.java
+64
-0
src/main/java/edu/kit/scc/EncryptedAssertionRepository.java
src/main/java/edu/kit/scc/EncryptedAssertionRepository.java
+10
-0
src/main/java/edu/kit/scc/saml/SamlClient.java
src/main/java/edu/kit/scc/saml/SamlClient.java
+781
-232
src/main/resources/templates/saml.html
src/main/resources/templates/saml.html
+29
-0
src/test/java/edu/kit/scc/test/saml/SamlClientTest.java
src/test/java/edu/kit/scc/test/saml/SamlClientTest.java
+35
-0
No files found.
assertions/fbhcfgee
0 → 100644
View file @
0ac9b296
H6GNGExp4J8vHLeTGCaV86oeLsJfYXpYHoldMn6TckgUiapgt-ctIRHdRbIKasYW8rvsZufORIw_
ylH6fLW4SH3WUNw4LrnsrLq9CwtnSpd2bNRBXgS9mDx9oMUfbCLnh28GU9JYBIObpFiPDZRBMRzB
Jtemq5e7T3EFOGReOFf8YAWYVbJ7kl10C8O65A3SXU3nTD2q8HFJgnBpl4tLdygXS5PJHjZ77I5N
cc6SI0DWgiv6AhNfs1nC1Hll7ouCC9JYebDrgGZ76yBJOEkms6v8yV1WFG4kd8QYnhmWHSOJ3ZpX
92kP9U-ywE03VvJnvSpFB4YoS6jYJBThPL0o1e4HKy9zns3LUpeH3N37JLXxWIXv_UBh6pli4Jnk
f1mDRgtEN9rRSHaILO1ACb2JbECXBTkfhN153CjO4DYkvaRFFw0KXnZqbEs_O49QfccKVuxj8JnZ
BEyYYOUY5BoiTsRc3fIhotXKlWD5QBsjXB2EcuFYBujLx6z8Xxg-fDYaFgMQXTKJxmkbg4EJHLoG
L02ar7-U_c0h2J6ewyZDg3O3vALxNuOz18rwlXm7x-3hqoIIvmice4XUnmuJTRz1At8OeBx7P2_E
uqMMUWoPW-B3JkYTUjkxom-lm7pMwWdRxBCYEpvsKswrA2HlwN3EvciU3ZkxcFw3ckhlVsdOpWCF
LxGT5x2d4Yp9TWANNIosG9gQrHTZk7FB_JHhJCiftxBkR9j51yKejWWr7zIkRQdagXlXdkzcVhUz
XrKFYTLqKZRXWUxNhc4SeX2QqVXB1XAGzmebuK4K8FvoPB-T1aDFqqDF6MuHG3OnESkIrRODQsux
h9gV1zwrSKJbhYb3q4sTz7iRkYpy7yjVF9TgDczQI8SLoW5XyOgrrKxOCbkq_1E23rLANJSVFY0X
Hfh3U5uAzgqzWLf7vc9x-22uVKkWmCa428_mjq44J1whm_GwCpznij8agEn6mKxlY6Bnnro5VQft
m-ypsnqQnUtYZr2tRBUrlUTCTG4jthlKtu1RbVahOwk8GYtcX4nEuWceOTPiz3iQB5KYylv8GoDM
EX5zrLTfWfBHoHcMpQO7QtiMfygsgop6Pf165XkTBv396Atp2Y-yWGbLcR7tvYsDBAvQ6Z5bsZSf
tKiTECQEtVp7d5_aZSVZElyT2qQtolAHygwzBQKizzCSFgDpg7asXtElR3JMmBXt8uuQ-z6mR54z
zvQgiTL4Q5l9A_NMqMtxaKw1ws6YuFbkorNZjm_c0i_eIJSbYdNqKGco2rG-z2eshdSZPyBBTfyv
MaFyR8GAGeJhdCWE9PkTq4jyHIVzs6hKc9OuzqT_oVt5fJVOhzSLrB3ptrNbJdrZt3PHJFYiaHdP
YGs3Y9GFpIYzRoLiidPVFuCWkRfZCbjKftvc_70yetgF3nx1c2_tseB_1vKV-udQMJhFbeiVOpA9
tSti_NX_q3iRAmXo5jCrZEYBt1I7SjUn3suvkkVna-UaiUeoncl8ATg22_F7lv1nKUZJ32bpKeTb
7WY-wAYYqebb_Hj-bH7BIX9sv1768buLM_XmiOBGydx1AmDHvpiboR8-9UdW02n5AnOrWh4JVcYA
e9vGhHQZjo2hPRGy2cMmzAaVxhZkJTYCcwH-yvQwIgIE1cxjDnXv9bZWrZZeRpWdaaumEyXfUZv4
_zik7-8AJuBjlczb6v63nNa1BUzMAXjXQ2G8U07EV0d_CzzU4mcgOYkeNq7IMbe6I522dq_i5eTY
a3y__zI7FQxN1KpSOSokmm9haEm0MuyxWbFn1c-QjVprnhC7YojF-p-FLGx8PgD_tappyNKP2gyQ
ba_COv3d9gGSkUh6I6rU20jgsOfD4yZ2CWu81WK3RKtlixGhJXhSO2C0Gv0HOVo1fz1Rcb25EtS0
6ra6ZlQII333k4TYBzwKH_2xgU_1chKZBqSvVHWeirOml7ETye6CD-NQ4Tj7UyO8V5WNhnu0LzZS
doiREk_lpzor7EU_MehB0aIOMVBKf5S1bvCkF61qLL0mJEVtMThsi8ObuzA0udE4cvx8LWUeaPdM
x00SZJhKu5WNJ8RifYHWvFhlo4BRImo8nOEvzDcouMIqQPj2S50Dkm0mY_V3u_6KLQi-c4kbjr8g
uFIUYhe-DFGEETpkAGV_dhGVD3OZTBS1J__hG7B5pBrTvkUvx3KKXBSSVDPFXKlBJ5boqmDHhFAK
mohYyHzja1Z2aGyS4nMdi9BYSaTyK4fr6zBlkf1XE2MDlhgBnW69dcenkx4HU_Dkf-iVf91i7NUS
XvwCnca892lWJgthskizwfe4bIZrn45HzXbjq6z-eeo5UXgilRs35JYw_9semmCzg8Z-nhIszro8
m2oQThCFGH-XHKAwRY8SpeUdNR20wxh4WrO84Wb3Ypu3xwbpmTi4VbliRiAj4v9wDOVjmkQppbds
xAaJLn8t9Vi39eJ3bGSEozm-jMxIpF6pHMfCoQOyG6WGZmftK7L-x5Asns-ZRJVXLMIV3hIZZU78
et8I9lpb30kZngE7mVQp8PEVbs0TaNbRxEp-zqKK39vjo4bS0Xg1DKRvxtvYZ_OZ1cZJHOnA8EuV
rw0Nmi8Mhc4gEwGYtK2wIc8t0U9iyxGMQelyPTwd5SStV4fy0FH8r_XpGvKqeOK13Hb63EjcgVlI
fdRQVkkmy1EnffIxCymBPaO-KUXTa1ThZ6dSRBzQi65uxFUP1stOcsLtAunG5fPawcU1GTMLszfw
UcLC1NSJ3FE-3rFV3rVRPjnp1Vy-zuXamg0z1syoxbOyNNicphmdJ_Ku6Gkdo6xcyYBIAb8Xi6mw
JR-sJftkZIsKS_dwRyg0oYRZQgr7URnzEVVJ19Tv4-bwNi7ZlhN_E_WWhQqKkpwTm9EhKR_fYOr_
Rx27X5xr48hCWYKmLbDfPaRHqkB5hOR9tbfwqdQrHIUoKdPBStRNNJuTP1_dRvY_Lc3M4yZjjO68
xJi9YevPfghj2pmYpMIMBp7tCp4jAmtLyOmdwsxMPdqNJeKbm3uXvhxCaHW6SuDQTcmicvjz0U0N
WLKFZap4_RtqWNWo3TQVTsYC2aM1nDEfzO5VPkNOB-2VDaEHoAtsPxnrwGLSJs8k1O3VzzoBM1cu
m1i8D7tEtkw3I7WSQbzL-IscBLsezP3HPL6maG0dHCf9gcl1RxceBhNOWHaE6UQrNcVzEzxaoWZI
tlP__nGmQ0iObfDi2OF433IMGlIgIL9DNWh0YCKZ13XxGtJD6FBpetJKh1sPluTfvGLjJchPdxP3
qGsEBtBwWExk39P4wnRtNO62sfAO3tHnDR_rHG6vFwkf-9FhZLL-1QkjpcFBdUpaLHlS1q1fhJmc
XtwRXriTQH4EnqQTKCYdw3l2IgU_X9chVScZoeF5Druc9aP9ffV0RIlbgHCrocfvvyX_OxYbEPYR
9WRZ_s9FpRhpkGWSXowv18O8XYhG88Au74glE8v_Dvjn6qGqYvPaqPT9-8wiXAxQubCRYqc3pAFf
LNB6YalHn2ZCp_nxKdqEJQ9gRG-sSEsvJSFsGtvH4Jsys7cjgBd0B8XyC1YEPlho0E5HpiuSmha6
sSEcfq9JDKA62rujw7wS_7hJgQvmK_hq-R26QTn8B24D8NYDRXr2JhARsGaSKW9RuzD4DplgjUS_
LdPU8Sq83x5pwUYrWxLgD2sQAlKrgtT9vgqWV67F9xvaDmrKKUL2uD3ch9FPU3ctjD33rX6yUWGt
81zGTzNJ3UVO4K4ZOknLcjCk2vl9i6Lkersk5sBm54b_s6ldobGtz-d4kV_u-D82IrPfdLMYkV72
UDwZjIJ6jaipztNlJjA
pom.xml
View file @
0ac9b296
...
...
@@ -17,6 +17,14 @@
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-maven-plugin
</artifactId>
</plugin>
<plugin>
<groupId>
org.apache.maven.plugins
</groupId>
<artifactId>
maven-surefire-plugin
</artifactId>
<version>
2.19.1
</version>
<configuration>
<skipTests>
true
</skipTests>
</configuration>
</plugin>
</plugins>
</build>
...
...
@@ -39,6 +47,14 @@
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-thymeleaf
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-data-jpa
</artifactId>
</dependency>
<dependency>
<groupId>
com.h2database
</groupId>
<artifactId>
h2
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework
</groupId>
<artifactId>
spring-core
</artifactId>
...
...
@@ -97,11 +113,14 @@
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-test
</artifactId>
</dependency>
<dependency>
<groupId>
org.apache.hadoop
</groupId>
<artifactId>
hadoop-core
</artifactId>
<version>
1.0.0
</version>
<groupId>
org.jdom
</groupId>
<artifactId>
jdom
</artifactId>
<version>
2.0.2
</version>
</dependency>
<dependency>
<groupId>
org.hibernate
</groupId>
<artifactId>
hibernate-jpamodelgen
</artifactId>
</dependency>
</dependencies>
</project>
\ No newline at end of file
src/main/java/edu/kit/scc/AuthenticationController.java
View file @
0ac9b296
...
...
@@ -8,13 +8,57 @@
*/
package
edu.kit.scc
;
import
java.io.ByteArrayInputStream
;
import
java.io.ByteArrayOutputStream
;
import
java.io.IOException
;
import
java.io.OutputStream
;
import
java.io.UnsupportedEncodingException
;
import
java.net.URLEncoder
;
import
java.nio.charset.StandardCharsets
;
import
java.nio.file.Files
;
import
java.nio.file.Path
;
import
java.nio.file.Paths
;
import
java.nio.file.StandardOpenOption
;
import
java.security.SecureRandom
;
import
java.security.Security
;
import
java.util.Enumeration
;
import
java.util.Map.Entry
;
import
java.util.zip.DataFormatException
;
import
java.util.zip.DeflaterOutputStream
;
import
java.util.zip.Inflater
;
import
java.util.zip.InflaterInputStream
;
import
javax.crypto.Cipher
;
import
javax.crypto.spec.IvParameterSpec
;
import
javax.crypto.spec.SecretKeySpec
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
javax.ws.rs.FormParam
;
import
javax.xml.bind.DatatypeConverter
;
import
org.apache.commons.codec.binary.Base64
;
import
org.bouncycastle.jce.provider.BouncyCastleProvider
;
import
org.jdom2.Document
;
import
org.jdom2.Element
;
import
org.jdom2.JDOMException
;
import
org.jdom2.filter.ElementFilter
;
import
org.jdom2.input.SAXBuilder
;
import
org.jdom2.output.Format
;
import
org.jdom2.output.XMLOutputter
;
import
org.opensaml.xml.util.XMLHelper
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.ui.Model
;
import
org.springframework.util.MimeType
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RequestParam
;
import
org.springframework.web.servlet.HandlerMapping
;
import
edu.kit.scc.saml.SamlClient
;
@Controller
public
class
AuthenticationController
{
...
...
@@ -30,16 +74,234 @@ public class AuthenticationController {
@Value
(
"${oauth2.clientId}"
)
private
String
oauth2ClientId
;
@Autowired
SamlClient
samlClient
;
@Autowired
EncryptedAssertionRepository
repository
;
@RequestMapping
(
path
=
"/assertions/**"
)
// , produces =
// "application/octet-stream")
public
void
getAssertion
(
HttpServletRequest
request
,
HttpServletResponse
response
)
{
String
path
=
(
String
)
request
.
getAttribute
(
HandlerMapping
.
PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE
);
log
.
debug
(
path
);
path
=
path
.
replace
(
"/assertions/"
,
""
);
log
.
debug
(
path
);
Path
p
=
Paths
.
get
(
"assertions"
,
path
);
try
{
byte
[]
content
=
Files
.
readAllBytes
(
p
);
response
.
setContentLength
(
content
.
length
);
OutputStream
outStream
=
response
.
getOutputStream
();
outStream
.
write
(
content
);
outStream
.
close
();
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
e
.
printStackTrace
();
}
}
@RequestMapping
(
path
=
"/SAML2/POST"
,
method
=
RequestMethod
.
POST
)
public
String
saml
(
@RequestParam
(
"SAMLResponse"
)
String
samlResponse
,
HttpServletRequest
request
,
Model
model
)
{
String
path
=
(
String
)
request
.
getAttribute
(
HandlerMapping
.
PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE
);
log
.
debug
(
path
);
// for (Enumeration<String> e = request.getAttributeNames();
// e.hasMoreElements();) {
// String attribute = e.nextElement();
// log.debug("{} {}", attribute, request.getAttribute(attribute));
// }
for
(
Entry
entry
:
request
.
getParameterMap
().
entrySet
())
log
.
debug
(
"{} {}"
,
entry
.
getKey
(),
entry
.
getValue
());
String
decodedAuthnRequestXML
=
""
;
try
{
Base64
base64Decoder
=
new
Base64
();
byte
[]
xmlBytes
=
samlResponse
.
getBytes
(
"UTF-8"
);
byte
[]
base64DecodedByteArray
=
base64Decoder
.
decode
(
xmlBytes
);
try
{
Inflater
inflater
=
new
Inflater
(
true
);
inflater
.
setInput
(
base64DecodedByteArray
);
byte
[]
xmlMessageBytes
=
new
byte
[
5000
];
int
resultLength
=
inflater
.
inflate
(
xmlMessageBytes
);
if
(!
inflater
.
finished
())
{
throw
new
RuntimeException
(
"didn't allocate enough space to hold "
+
"decompressed data"
);
}
inflater
.
end
();
decodedAuthnRequestXML
=
new
String
(
xmlMessageBytes
,
0
,
resultLength
,
"UTF-8"
);
}
catch
(
DataFormatException
e
)
{
log
.
warn
(
"WARNING {}"
,
e
.
getMessage
());
ByteArrayInputStream
bais
=
new
ByteArrayInputStream
(
base64DecodedByteArray
);
ByteArrayOutputStream
baos
=
new
ByteArrayOutputStream
();
InflaterInputStream
iis
=
new
InflaterInputStream
(
bais
);
byte
[]
buf
=
new
byte
[
1024
];
int
count
=
iis
.
read
(
buf
);
while
(
count
!=
-
1
)
{
baos
.
write
(
buf
,
0
,
count
);
count
=
iis
.
read
(
buf
);
}
iis
.
close
();
decodedAuthnRequestXML
=
new
String
(
baos
.
toByteArray
());
}
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
// e.printStackTrace();
}
if
(
decodedAuthnRequestXML
.
equals
(
""
))
{
try
{
Base64
base64Decoder
=
new
Base64
();
byte
[]
xmlBytes
=
samlResponse
.
getBytes
(
"UTF-8"
);
byte
[]
base64DecodedByteArray
=
base64Decoder
.
decode
(
xmlBytes
);
decodedAuthnRequestXML
=
new
String
(
base64DecodedByteArray
);
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
e
.
printStackTrace
();
}
}
SAXBuilder
builder
=
new
SAXBuilder
();
String
assertionXMLCompact
=
""
;
try
{
Document
document
=
builder
.
build
(
new
ByteArrayInputStream
(
decodedAuthnRequestXML
.
getBytes
()));
String
[]
samlRequestAttributes
=
new
String
[
4
];
Element
rootElement
=
document
.
getRootElement
();
samlRequestAttributes
[
0
]
=
rootElement
.
getAttributeValue
(
"IssueInstant"
);
samlRequestAttributes
[
1
]
=
rootElement
.
getAttributeValue
(
"ProviderName"
);
samlRequestAttributes
[
2
]
=
rootElement
.
getAttributeValue
(
"AssertionConsumerServiceURL"
);
samlRequestAttributes
[
3
]
=
rootElement
.
getAttributeValue
(
"ID"
);
ElementFilter
filter
=
new
ElementFilter
(
"Assertion"
);
for
(
Element
e
:
rootElement
.
getDescendants
(
filter
))
{
XMLOutputter
outputter
=
new
XMLOutputter
(
Format
.
getPrettyFormat
());
String
assertionXMLPretty
=
outputter
.
outputString
(
e
);
outputter
.
setFormat
(
Format
.
getCompactFormat
());
assertionXMLCompact
=
outputter
.
outputString
(
e
);
model
.
addAttribute
(
"Assertion"
,
assertionXMLPretty
);
model
.
addAttribute
(
"Delegate"
,
assertionXMLCompact
);
}
model
.
addAttribute
(
"IssueInstant"
,
samlRequestAttributes
[
0
]);
model
.
addAttribute
(
"ProviderName"
,
samlRequestAttributes
[
1
]);
model
.
addAttribute
(
"AssertionConsumerServiceURL"
,
samlRequestAttributes
[
2
]);
model
.
addAttribute
(
"ID"
,
samlRequestAttributes
[
3
]);
try
{
Security
.
addProvider
(
new
BouncyCastleProvider
());
byte
[]
byteArray
=
assertionXMLCompact
.
getBytes
();
SecureRandom
secRnd
=
new
SecureRandom
();
char
[]
fileChars
=
new
char
[
8
];
char
[]
VALID_CHARACTERS
=
"abcdefghijklmnopqrstuvwxyz"
.
toCharArray
();
for
(
int
i
=
0
;
i
<
fileChars
.
length
;
i
++)
fileChars
[
i
]
=
VALID_CHARACTERS
[
secRnd
.
nextInt
(
fileChars
.
length
)];
byte
[]
iv
=
new
byte
[
16
];
secRnd
.
nextBytes
(
iv
);
byte
[]
key
=
new
byte
[
16
];
secRnd
.
nextBytes
(
key
);
IvParameterSpec
init_vector
=
new
IvParameterSpec
(
iv
);
SecretKeySpec
secretKey
=
new
SecretKeySpec
(
key
,
"AES"
);
Cipher
c
=
Cipher
.
getInstance
(
"AES/CBC/PKCS7Padding"
);
c
.
init
(
Cipher
.
ENCRYPT_MODE
,
secretKey
,
init_vector
);
byte
[]
encryptedBytes
=
c
.
doFinal
(
byteArray
);
log
.
debug
(
"Init vector {}"
,
DatatypeConverter
.
printHexBinary
(
iv
));
model
.
addAttribute
(
"iv"
,
DatatypeConverter
.
printHexBinary
(
iv
));
log
.
debug
(
"Key {}"
,
DatatypeConverter
.
printHexBinary
(
key
));
model
.
addAttribute
(
"key"
,
DatatypeConverter
.
printHexBinary
(
key
));
byte
[]
returnBytes
=
new
byte
[
encryptedBytes
.
length
+
iv
.
length
];
System
.
arraycopy
(
iv
,
0
,
returnBytes
,
0
,
iv
.
length
);
System
.
arraycopy
(
encryptedBytes
,
0
,
returnBytes
,
iv
.
length
,
encryptedBytes
.
length
);
log
.
debug
(
"Encrypted assertion {}"
,
DatatypeConverter
.
printHexBinary
(
returnBytes
));
model
.
addAttribute
(
"encassertion"
,
DatatypeConverter
.
printHexBinary
(
returnBytes
));
Base64
b64
=
new
Base64
(
true
);
log
.
debug
(
"Encoded assertion {}"
,
new
String
(
b64
.
encode
(
returnBytes
)));
model
.
addAttribute
(
"delegate"
,
new
String
(
b64
.
encode
(
returnBytes
)));
// repository.save(new EncryptedAssertion(key, iv, new
// String(b64.encode(returnBytes))));
Path
p
=
Paths
.
get
(
"assertions"
,
new
String
(
fileChars
));
Files
.
write
(
p
,
new
String
(
b64
.
encode
(
returnBytes
)).
getBytes
(),
StandardOpenOption
.
WRITE
,
StandardOpenOption
.
CREATE_NEW
);
model
.
addAttribute
(
"file"
,
new
String
(
fileChars
));
}
catch
(
Exception
e
)
{
log
.
warn
(
"ERROR {}"
,
e
.
getMessage
());
e
.
printStackTrace
();
}
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
e
.
printStackTrace
();
}
model
.
addAttribute
(
"samlResponse"
,
samlResponse
);
model
.
addAttribute
(
"decodedAuthnRequestXML"
,
decodedAuthnRequestXML
);
return
"saml"
;
}
@RequestMapping
(
"/login"
)
public
String
login
(
Model
model
)
{
String
redirectUrl
=
oauth2AuthorizeUri
.
replaceAll
(
"/$"
,
""
);
redirectUrl
+=
"?response_type=code&scope=openid%20email&client_id="
;
redirectUrl
+=
oauth2ClientId
;
redirectUrl
+=
"&redirect_uri="
;
redirectUrl
+=
oauth2RedirectUri
;
log
.
debug
(
"Redirect to {}"
,
redirectUrl
);
return
"redirect:"
+
redirectUrl
;
public
String
login
(
Model
model
)
throws
UnsupportedEncodingException
{
// String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
// redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
// redirectUrl += oauth2ClientId;
// redirectUrl += "&redirect_uri=";
// redirectUrl += oauth2RedirectUri;
// log.debug("Redirect to {}", redirectUrl);
String
request
=
samlClient
.
getAuthNAssertion
(
"https://192.168.122.99:9443/samlsso"
,
"https://192.168.122.1:8443/SAML2/POST"
,
"sp.scc.kit.edu"
);
try
{
byte
[]
xmlBytes
=
request
.
getBytes
(
StandardCharsets
.
UTF_8
);
ByteArrayOutputStream
byteOutputStream
=
new
ByteArrayOutputStream
();
DeflaterOutputStream
deflaterOutputStream
=
new
DeflaterOutputStream
(
byteOutputStream
);
deflaterOutputStream
.
write
(
xmlBytes
,
0
,
xmlBytes
.
length
);
deflaterOutputStream
.
close
();
Base64
base64Encoder
=
new
Base64
();
byte
[]
base64EncodedByteArray
=
base64Encoder
.
encode
(
byteOutputStream
.
toByteArray
());
String
base64EncodedMessage
=
new
String
(
base64EncodedByteArray
);
String
urlEncodedMessage
=
URLEncoder
.
encode
(
base64EncodedMessage
,
StandardCharsets
.
UTF_8
.
name
());
request
=
urlEncodedMessage
;
log
.
debug
(
"REQUEST {}"
,
urlEncodedMessage
);
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
}
String
redirectUrl
=
"https://192.168.122.99:9443/samlsso?SAMLRequest="
;
return
"redirect:"
+
redirectUrl
+
request
;
}
@RequestMapping
(
path
=
"/oauth2"
)
...
...
src/main/java/edu/kit/scc/EncryptedAssertion.java
0 → 100644
View file @
0ac9b296
package
edu.kit.scc
;
import
javax.persistence.Entity
;
import
javax.persistence.GeneratedValue
;
import
javax.persistence.GenerationType
;
import
javax.persistence.Id
;
@Entity
public
class
EncryptedAssertion
{
@Id
@GeneratedValue
(
strategy
=
GenerationType
.
AUTO
)
private
long
id
;
private
byte
[]
key
;
private
byte
[]
iv
;
private
String
base64Assertion
;
protected
EncryptedAssertion
()
{
}
public
EncryptedAssertion
(
byte
[]
key
,
byte
[]
iv
,
String
base64Assertion
)
{
this
.
key
=
key
;
this
.
iv
=
iv
;
this
.
base64Assertion
=
base64Assertion
;
}
public
long
getId
()
{
return
id
;
}
public
void
setId
(
long
id
)
{
this
.
id
=
id
;
}
public
byte
[]
getKey
()
{
return
key
;
}
public
void
setKey
(
byte
[]
key
)
{
this
.
key
=
key
;
}
public
byte
[]
getIv
()
{
return
iv
;
}
public
void
setIv
(
byte
[]
iv
)
{
this
.
iv
=
iv
;
}
public
String
getBase64Assertion
()
{
return
base64Assertion
;
}
public
void
setBase64Assertion
(
String
base64Assertion
)
{
this
.
base64Assertion
=
base64Assertion
;
}
@Override
public
String
toString
()
{
return
String
.
format
(
"Assertion[id=%d, assertion='%s']"
,
id
,
base64Assertion
);
}
}
src/main/java/edu/kit/scc/EncryptedAssertionRepository.java
0 → 100644
View file @
0ac9b296
package
edu.kit.scc
;
import
java.util.List
;
import
org.springframework.data.repository.CrudRepository
;
public
interface
EncryptedAssertionRepository
extends
CrudRepository
<
EncryptedAssertion
,
Long
>
{
List
<
EncryptedAssertion
>
findByBase64Assertion
(
String
base64Assertion
);
}
src/main/java/edu/kit/scc/saml/SamlClient.java
View file @
0ac9b296
This diff is collapsed.
Click to expand it.
src/main/resources/templates/saml.html
0 → 100644
View file @
0ac9b296
<!DOCTYPE HTML>
<html
xmlns:th=
"http://www.thymeleaf.org"
>
<head>
<title>
SAML Access
</title>
<meta
http-equiv=
"Content-Type"
content=
"text/html; charset=UTF-8"
/>
</head>
<body>
<div>
<textarea
rows=
"24"
cols=
"24"
th:inline=
"text"
>
[[${samlResponse}]]
</textarea>
<textarea
rows=
"24"
cols=
"72"
th:inline=
"text"
>
[[${decodedAuthnRequestXML}]]
</textarea>
</div>
<div>
<textarea
rows=
"24"
cols=
"96"
th:inline=
"text"
>
[[${Assertion}]]
</textarea>
</div>
<div>
<p
th:text=
"'IssueInstant '+ ${IssueInstant}"
/>
<p
th:text=
"'ProviderName '+ ${ProviderName}"
/>
<p
th:text=
"'AssertionConsumerServiceURL '+ ${AssertionConsumerServiceURL}"
/>
<p
th:text=
"'ID '+ ${ID}"
/>
<p
th:text=
"'IV ' + ${iv}"
/>
<p
th:text=
"'Key ' + ${key}"
/>
<p
th:text=
"'Encrypted ' + ${encassertion}"
/>
<a
href=
"/"
th:href=
"@{'/assertions/'+${file}(key=${key})}"
>
Get assertion
</a>
<p
th:text=
"${delegate}"
/>
</div>
</body>
</html>
\ No newline at end of file
src/test/java/edu/kit/scc/test/saml/SamlClientTest.java
0 → 100644
View file @
0ac9b296
package
edu.kit.scc.test.saml
;
import
org.junit.Test
;
import
org.junit.runner.RunWith
;
import
org.opensaml.saml2.core.Assertion
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.boot.test.SpringApplicationConfiguration
;
import
org.springframework.test.context.junit4.SpringJUnit4ClassRunner
;
import
edu.kit.scc.Application
;
import
edu.kit.scc.saml.SamlClient
;
@RunWith
(
SpringJUnit4ClassRunner
.
class
)
@SpringApplicationConfiguration
(
classes
=
Application
.
class
)
public
class
SamlClientTest
{
@Autowired
private
SamlClient
samlClient
;
@Test
public
void
buildAssertionTest
()
{
// Assertion assertion = samlClient.buildAssertion();
// samlClient.validateSignatuer(samlClient.signAssertion(assertion));
// Assertion newAssertion = samlClient.buildAssertion();
// samlClient.canonicalizeSign(newAssertion);
//samlClient.validate(samlClient.signAssertion(assertion));
// samlClient.testAssertionSignature();
samlClient
.
sendAuthNRequest
();
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment