Commit 37fd579d authored by benjamin.ertl's avatar benjamin.ertl
Browse files

change to post binding

parent 0ac9b296
......@@ -271,7 +271,7 @@ public class AuthenticationController {
}
@RequestMapping("/login")
public String login(Model model) throws UnsupportedEncodingException {
public String login(HttpServletResponse response, Model model) throws UnsupportedEncodingException {
// String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
// redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
// redirectUrl += oauth2ClientId;
......@@ -283,25 +283,44 @@ public class AuthenticationController {
"https://192.168.122.1:8443/SAML2/POST", "sp.scc.kit.edu");
try {
byte[] xmlBytes = request.getBytes(StandardCharsets.UTF_8);
ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
deflaterOutputStream.close();
log.debug("XML request bytes {}", DatatypeConverter.printHexBinary(xmlBytes));
// ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
// DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
// deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
// deflaterOutputStream.close();
// log.debug("XML deflated request bytes {}",
// DatatypeConverter.printHexBinary(byteOutputStream.toByteArray()));
Base64 base64Encoder = new Base64();
byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
// byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
byte[] base64EncodedByteArray = base64Encoder.encode(xmlBytes);
log.debug("XML deflated and base64 encoded {}", DatatypeConverter.printHexBinary(base64EncodedByteArray));
String base64EncodedMessage = new String(base64EncodedByteArray);
log.debug("XML deflated and base64 encoded {}", base64EncodedMessage);
String urlEncodedMessage = URLEncoder.encode(base64EncodedMessage, StandardCharsets.UTF_8.name());
request = urlEncodedMessage;
SecureRandom secRnd = new SecureRandom();
char[] VALID_CHARACTERS = "abcdefghijklmnopqrstuvwxyz".toCharArray();
char[] chars = new char[16];
for (int i = 0; i < chars.length; i++)
chars[i] = VALID_CHARACTERS[secRnd.nextInt(chars.length)];
model.addAttribute("samlrequest", urlEncodedMessage);
model.addAttribute("relaystate", new String(chars));
log.debug("REQUEST {}", urlEncodedMessage);
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
}
String redirectUrl = "https://192.168.122.99:9443/samlsso?SAMLRequest=";
return "redirect:" + redirectUrl + request;
model.addAttribute("url", "https://192.168.122.99:9443/samlsso");
// response.addHeader("Referer", "https://192.168.122.1:8443/");
return "form";
}
@RequestMapping(path = "/oauth2")
......
......@@ -105,6 +105,7 @@ import org.opensaml.ws.soap.soap11.Body;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.Namespace;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.encryption.EncryptionConstants;
......@@ -481,6 +482,9 @@ public class SamlClient {
request.setDestination(forIdP);
request.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
Namespace namespace = new Namespace("urn:oasis:names:tc:SAML:2.0:assertion", "saml2");
request.addNamespace(namespace);
Issuer issuer = (Issuer) Configuration.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME)
.buildObject(Issuer.DEFAULT_ELEMENT_NAME);
issuer.setValue(fromSP);
......@@ -490,26 +494,28 @@ public class SamlClient {
NameIDPolicy nameIDPolicy = (NameIDPolicy) Configuration.getBuilderFactory()
.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
nameIDPolicy.setAllowCreate(true);
nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
nameIDPolicy.setSPNameQualifier("Issuer");
nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
// nameIDPolicy.setSPNameQualifier("Issuer");
request.setNameIDPolicy(nameIDPolicy);
RequestedAuthnContext authNContext = (RequestedAuthnContext) Configuration.getBuilderFactory()
.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME)
.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
AuthnContextClassRef authNContextClassRef = (AuthnContextClassRef) Configuration.getBuilderFactory()
.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)
.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
authNContextClassRef
.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
authNContext.getAuthnContextClassRefs().add(authNContextClassRef);
request.setRequestedAuthnContext(authNContext);
// RequestedAuthnContext authNContext = (RequestedAuthnContext)
// Configuration.getBuilderFactory()
// .getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME)
// .buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
//
// authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
//
// AuthnContextClassRef authNContextClassRef =
// (AuthnContextClassRef) Configuration.getBuilderFactory()
// .getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)
// .buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
//
// authNContextClassRef
// .setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
//
// authNContext.getAuthnContextClassRefs().add(authNContextClassRef);
//
// request.setRequestedAuthnContext(authNContext);
// Subject subject = (Subject)
// Configuration.getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME)
......
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>SAML2 POST</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form method="post" action="/" th:attr="action=${url}">
<input name="SAMLRequest" value="request" th:attr="value=${samlrequest}" />
<input name="RelayState" value="token" th:attr="value=${relaystate}"/>
<input type="submit" value="Submit" />
</form>
</body>
</html>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment