change to post binding

37fd579d · benjamin.ertl · 0ac9b296 · 37fd579d · 37fd579d · 37fd579d
Commit 37fd579d authored Mar 15, 2016 by benjamin.ertl
--- a/src/main/java/edu/kit/scc/AuthenticationController.java
+++ b/src/main/java/edu/kit/scc/AuthenticationController.java
@@ -271,7 +271,7 @@ public class AuthenticationController {
 	}

 	@RequestMapping("/login")
-	public String login(Model model) throws UnsupportedEncodingException {
+	public String login(HttpServletResponse response, Model model) throws UnsupportedEncodingException {
 		// String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
 		// redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
 		// redirectUrl += oauth2ClientId;
@@ -283,25 +283,44 @@ public class AuthenticationController {
 				"https://192.168.122.1:8443/SAML2/POST", "sp.scc.kit.edu");
 		try {
 			byte[] xmlBytes = request.getBytes(StandardCharsets.UTF_8);
-			ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
-			DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
-			deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
-			deflaterOutputStream.close();
+			log.debug("XML request bytes {}", DatatypeConverter.printHexBinary(xmlBytes));
+//			ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
+//			DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
+//			deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
+//			deflaterOutputStream.close();
+//			log.debug("XML deflated request bytes {}",
+//					DatatypeConverter.printHexBinary(byteOutputStream.toByteArray()));

 			Base64 base64Encoder = new Base64();
-			byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
+//			byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
+			
+			byte[] base64EncodedByteArray = base64Encoder.encode(xmlBytes);
+			log.debug("XML deflated and base64 encoded {}", DatatypeConverter.printHexBinary(base64EncodedByteArray));
 			String base64EncodedMessage = new String(base64EncodedByteArray);
-
+			log.debug("XML deflated and base64 encoded {}", base64EncodedMessage);
 			String urlEncodedMessage = URLEncoder.encode(base64EncodedMessage, StandardCharsets.UTF_8.name());

 			request = urlEncodedMessage;
+
+			SecureRandom secRnd = new SecureRandom();
+			char[] VALID_CHARACTERS = "abcdefghijklmnopqrstuvwxyz".toCharArray();
+			char[] chars = new char[16];
+			for (int i = 0; i < chars.length; i++)
+				chars[i] = VALID_CHARACTERS[secRnd.nextInt(chars.length)];
+
+			model.addAttribute("samlrequest", urlEncodedMessage);
+			model.addAttribute("relaystate", new String(chars));
+
 			log.debug("REQUEST {}", urlEncodedMessage);
 		} catch (Exception e) {
 			log.error("ERROR {}", e.getMessage());
 		}
 		String redirectUrl = "https://192.168.122.99:9443/samlsso?SAMLRequest=";

-		return "redirect:" + redirectUrl + request;
+		model.addAttribute("url", "https://192.168.122.99:9443/samlsso");
+		// response.addHeader("Referer", "https://192.168.122.1:8443/");
+
+		return "form";
 	}

 	@RequestMapping(path = "/oauth2")

--- a/src/main/java/edu/kit/scc/saml/SamlClient.java
+++ b/src/main/java/edu/kit/scc/saml/SamlClient.java
@@ -105,6 +105,7 @@ import org.opensaml.ws.soap.soap11.Body;
 import org.opensaml.ws.soap.soap11.Envelope;
 import org.opensaml.xml.Configuration;
 import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.Namespace;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.encryption.EncryptionConstants;
@@ -481,6 +482,9 @@ public class SamlClient {
 			request.setDestination(forIdP);
 			request.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");

+			Namespace namespace = new Namespace("urn:oasis:names:tc:SAML:2.0:assertion", "saml2");
+			request.addNamespace(namespace);
+
 			Issuer issuer = (Issuer) Configuration.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME)
 					.buildObject(Issuer.DEFAULT_ELEMENT_NAME);
 			issuer.setValue(fromSP);
@@ -490,26 +494,28 @@ public class SamlClient {
 			NameIDPolicy nameIDPolicy = (NameIDPolicy) Configuration.getBuilderFactory()
 					.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
 			nameIDPolicy.setAllowCreate(true);
-			nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
-			nameIDPolicy.setSPNameQualifier("Issuer");
+			nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
+			// nameIDPolicy.setSPNameQualifier("Issuer");
 			request.setNameIDPolicy(nameIDPolicy);

-			RequestedAuthnContext authNContext = (RequestedAuthnContext) Configuration.getBuilderFactory()
-					.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME)
-					.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
-
-			authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
-
-			AuthnContextClassRef authNContextClassRef = (AuthnContextClassRef) Configuration.getBuilderFactory()
-					.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)
-					.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
-
-			authNContextClassRef
-					.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
-
-			authNContext.getAuthnContextClassRefs().add(authNContextClassRef);
-
-			request.setRequestedAuthnContext(authNContext);
+			// RequestedAuthnContext authNContext = (RequestedAuthnContext)
+			// Configuration.getBuilderFactory()
+			// .getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME)
+			// .buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
+			//
+			// authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
+			//
+			// AuthnContextClassRef authNContextClassRef =
+			// (AuthnContextClassRef) Configuration.getBuilderFactory()
+			// .getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)
+			// .buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
+			//
+			// authNContextClassRef
+			// .setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
+			//
+			// authNContext.getAuthnContextClassRefs().add(authNContextClassRef);
+			//
+			// request.setRequestedAuthnContext(authNContext);

 			// Subject subject = (Subject)
 			// Configuration.getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME)

--- a/src/main/resources/templates/form.html
+++ b/src/main/resources/templates/form.html
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<title>SAML2 POST</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+
+<form method="post" action="/" th:attr="action=${url}">
+<input name="SAMLRequest" value="request" th:attr="value=${samlrequest}" />
+<input name="RelayState" value="token" th:attr="value=${relaystate}"/>
+<input type="submit" value="Submit" />
+</form>
+
+</body>
+</html>
\ No newline at end of file