Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
benjamin.ertl
aai-identity-harmonization
Commits
37fd579d
Commit
37fd579d
authored
Mar 15, 2016
by
benjamin.ertl
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
change to post binding
parent
0ac9b296
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
67 additions
and
26 deletions
+67
-26
src/main/java/edu/kit/scc/AuthenticationController.java
src/main/java/edu/kit/scc/AuthenticationController.java
+27
-8
src/main/java/edu/kit/scc/saml/SamlClient.java
src/main/java/edu/kit/scc/saml/SamlClient.java
+24
-18
src/main/resources/templates/form.html
src/main/resources/templates/form.html
+16
-0
No files found.
src/main/java/edu/kit/scc/AuthenticationController.java
View file @
37fd579d
...
...
@@ -271,7 +271,7 @@ public class AuthenticationController {
}
@RequestMapping
(
"/login"
)
public
String
login
(
Model
model
)
throws
UnsupportedEncodingException
{
public
String
login
(
HttpServletResponse
response
,
Model
model
)
throws
UnsupportedEncodingException
{
// String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
// redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
// redirectUrl += oauth2ClientId;
...
...
@@ -283,25 +283,44 @@ public class AuthenticationController {
"https://192.168.122.1:8443/SAML2/POST"
,
"sp.scc.kit.edu"
);
try
{
byte
[]
xmlBytes
=
request
.
getBytes
(
StandardCharsets
.
UTF_8
);
ByteArrayOutputStream
byteOutputStream
=
new
ByteArrayOutputStream
();
DeflaterOutputStream
deflaterOutputStream
=
new
DeflaterOutputStream
(
byteOutputStream
);
deflaterOutputStream
.
write
(
xmlBytes
,
0
,
xmlBytes
.
length
);
deflaterOutputStream
.
close
();
log
.
debug
(
"XML request bytes {}"
,
DatatypeConverter
.
printHexBinary
(
xmlBytes
));
// ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
// DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
// deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
// deflaterOutputStream.close();
// log.debug("XML deflated request bytes {}",
// DatatypeConverter.printHexBinary(byteOutputStream.toByteArray()));
Base64
base64Encoder
=
new
Base64
();
byte
[]
base64EncodedByteArray
=
base64Encoder
.
encode
(
byteOutputStream
.
toByteArray
());
// byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
byte
[]
base64EncodedByteArray
=
base64Encoder
.
encode
(
xmlBytes
);
log
.
debug
(
"XML deflated and base64 encoded {}"
,
DatatypeConverter
.
printHexBinary
(
base64EncodedByteArray
));
String
base64EncodedMessage
=
new
String
(
base64EncodedByteArray
);
log
.
debug
(
"XML deflated and base64 encoded {}"
,
base64EncodedMessage
);
String
urlEncodedMessage
=
URLEncoder
.
encode
(
base64EncodedMessage
,
StandardCharsets
.
UTF_8
.
name
());
request
=
urlEncodedMessage
;
SecureRandom
secRnd
=
new
SecureRandom
();
char
[]
VALID_CHARACTERS
=
"abcdefghijklmnopqrstuvwxyz"
.
toCharArray
();
char
[]
chars
=
new
char
[
16
];
for
(
int
i
=
0
;
i
<
chars
.
length
;
i
++)
chars
[
i
]
=
VALID_CHARACTERS
[
secRnd
.
nextInt
(
chars
.
length
)];
model
.
addAttribute
(
"samlrequest"
,
urlEncodedMessage
);
model
.
addAttribute
(
"relaystate"
,
new
String
(
chars
));
log
.
debug
(
"REQUEST {}"
,
urlEncodedMessage
);
}
catch
(
Exception
e
)
{
log
.
error
(
"ERROR {}"
,
e
.
getMessage
());
}
String
redirectUrl
=
"https://192.168.122.99:9443/samlsso?SAMLRequest="
;
return
"redirect:"
+
redirectUrl
+
request
;
model
.
addAttribute
(
"url"
,
"https://192.168.122.99:9443/samlsso"
);
// response.addHeader("Referer", "https://192.168.122.1:8443/");
return
"form"
;
}
@RequestMapping
(
path
=
"/oauth2"
)
...
...
src/main/java/edu/kit/scc/saml/SamlClient.java
View file @
37fd579d
...
...
@@ -105,6 +105,7 @@ import org.opensaml.ws.soap.soap11.Body;
import
org.opensaml.ws.soap.soap11.Envelope
;
import
org.opensaml.xml.Configuration
;
import
org.opensaml.xml.ConfigurationException
;
import
org.opensaml.xml.Namespace
;
import
org.opensaml.xml.XMLObject
;
import
org.opensaml.xml.XMLObjectBuilderFactory
;
import
org.opensaml.xml.encryption.EncryptionConstants
;
...
...
@@ -481,6 +482,9 @@ public class SamlClient {
request
.
setDestination
(
forIdP
);
request
.
setProtocolBinding
(
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
);
Namespace
namespace
=
new
Namespace
(
"urn:oasis:names:tc:SAML:2.0:assertion"
,
"saml2"
);
request
.
addNamespace
(
namespace
);
Issuer
issuer
=
(
Issuer
)
Configuration
.
getBuilderFactory
().
getBuilder
(
Issuer
.
DEFAULT_ELEMENT_NAME
)
.
buildObject
(
Issuer
.
DEFAULT_ELEMENT_NAME
);
issuer
.
setValue
(
fromSP
);
...
...
@@ -490,26 +494,28 @@ public class SamlClient {
NameIDPolicy
nameIDPolicy
=
(
NameIDPolicy
)
Configuration
.
getBuilderFactory
()
.
getBuilder
(
NameIDPolicy
.
DEFAULT_ELEMENT_NAME
).
buildObject
(
NameIDPolicy
.
DEFAULT_ELEMENT_NAME
);
nameIDPolicy
.
setAllowCreate
(
true
);
nameIDPolicy
.
setFormat
(
"urn:oasis:names:tc:SAML:2.0:nameid-format:
persist
ent"
);
nameIDPolicy
.
setSPNameQualifier
(
"Issuer"
);
nameIDPolicy
.
setFormat
(
"urn:oasis:names:tc:SAML:2.0:nameid-format:
transi
ent"
);
//
nameIDPolicy.setSPNameQualifier("Issuer");
request
.
setNameIDPolicy
(
nameIDPolicy
);
RequestedAuthnContext
authNContext
=
(
RequestedAuthnContext
)
Configuration
.
getBuilderFactory
()
.
getBuilder
(
RequestedAuthnContext
.
DEFAULT_ELEMENT_NAME
)
.
buildObject
(
RequestedAuthnContext
.
DEFAULT_ELEMENT_NAME
);
authNContext
.
setComparison
(
AuthnContextComparisonTypeEnumeration
.
EXACT
);
AuthnContextClassRef
authNContextClassRef
=
(
AuthnContextClassRef
)
Configuration
.
getBuilderFactory
()
.
getBuilder
(
AuthnContextClassRef
.
DEFAULT_ELEMENT_NAME
)
.
buildObject
(
AuthnContextClassRef
.
DEFAULT_ELEMENT_NAME
);
authNContextClassRef
.
setAuthnContextClassRef
(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
authNContext
.
getAuthnContextClassRefs
().
add
(
authNContextClassRef
);
request
.
setRequestedAuthnContext
(
authNContext
);
// RequestedAuthnContext authNContext = (RequestedAuthnContext)
// Configuration.getBuilderFactory()
// .getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME)
// .buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
//
// authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
//
// AuthnContextClassRef authNContextClassRef =
// (AuthnContextClassRef) Configuration.getBuilderFactory()
// .getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)
// .buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
//
// authNContextClassRef
// .setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
//
// authNContext.getAuthnContextClassRefs().add(authNContextClassRef);
//
// request.setRequestedAuthnContext(authNContext);
// Subject subject = (Subject)
// Configuration.getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME)
...
...
src/main/resources/templates/form.html
0 → 100644
View file @
37fd579d
<!DOCTYPE HTML>
<html
xmlns:th=
"http://www.thymeleaf.org"
>
<head>
<title>
SAML2 POST
</title>
<meta
http-equiv=
"Content-Type"
content=
"text/html; charset=UTF-8"
/>
</head>
<body>
<form
method=
"post"
action=
"/"
th:attr=
"action=${url}"
>
<input
name=
"SAMLRequest"
value=
"request"
th:attr=
"value=${samlrequest}"
/>
<input
name=
"RelayState"
value=
"token"
th:attr=
"value=${relaystate}"
/>
<input
type=
"submit"
value=
"Submit"
/>
</form>
</body>
</html>
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment