Commit 37fd579d authored by benjamin.ertl's avatar benjamin.ertl
Browse files

change to post binding

parent 0ac9b296
...@@ -271,7 +271,7 @@ public class AuthenticationController { ...@@ -271,7 +271,7 @@ public class AuthenticationController {
} }
@RequestMapping("/login") @RequestMapping("/login")
public String login(Model model) throws UnsupportedEncodingException { public String login(HttpServletResponse response, Model model) throws UnsupportedEncodingException {
// String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", ""); // String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
// redirectUrl += "?response_type=code&scope=openid%20email&client_id="; // redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
// redirectUrl += oauth2ClientId; // redirectUrl += oauth2ClientId;
...@@ -283,25 +283,44 @@ public class AuthenticationController { ...@@ -283,25 +283,44 @@ public class AuthenticationController {
"https://192.168.122.1:8443/SAML2/POST", "sp.scc.kit.edu"); "https://192.168.122.1:8443/SAML2/POST", "sp.scc.kit.edu");
try { try {
byte[] xmlBytes = request.getBytes(StandardCharsets.UTF_8); byte[] xmlBytes = request.getBytes(StandardCharsets.UTF_8);
ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); log.debug("XML request bytes {}", DatatypeConverter.printHexBinary(xmlBytes));
DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream); // ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length); // DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
deflaterOutputStream.close(); // deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
// deflaterOutputStream.close();
// log.debug("XML deflated request bytes {}",
// DatatypeConverter.printHexBinary(byteOutputStream.toByteArray()));
Base64 base64Encoder = new Base64(); Base64 base64Encoder = new Base64();
byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray()); // byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
byte[] base64EncodedByteArray = base64Encoder.encode(xmlBytes);
log.debug("XML deflated and base64 encoded {}", DatatypeConverter.printHexBinary(base64EncodedByteArray));
String base64EncodedMessage = new String(base64EncodedByteArray); String base64EncodedMessage = new String(base64EncodedByteArray);
log.debug("XML deflated and base64 encoded {}", base64EncodedMessage);
String urlEncodedMessage = URLEncoder.encode(base64EncodedMessage, StandardCharsets.UTF_8.name()); String urlEncodedMessage = URLEncoder.encode(base64EncodedMessage, StandardCharsets.UTF_8.name());
request = urlEncodedMessage; request = urlEncodedMessage;
SecureRandom secRnd = new SecureRandom();
char[] VALID_CHARACTERS = "abcdefghijklmnopqrstuvwxyz".toCharArray();
char[] chars = new char[16];
for (int i = 0; i < chars.length; i++)
chars[i] = VALID_CHARACTERS[secRnd.nextInt(chars.length)];
model.addAttribute("samlrequest", urlEncodedMessage);
model.addAttribute("relaystate", new String(chars));
log.debug("REQUEST {}", urlEncodedMessage); log.debug("REQUEST {}", urlEncodedMessage);
} catch (Exception e) { } catch (Exception e) {
log.error("ERROR {}", e.getMessage()); log.error("ERROR {}", e.getMessage());
} }
String redirectUrl = "https://192.168.122.99:9443/samlsso?SAMLRequest="; String redirectUrl = "https://192.168.122.99:9443/samlsso?SAMLRequest=";
return "redirect:" + redirectUrl + request; model.addAttribute("url", "https://192.168.122.99:9443/samlsso");
// response.addHeader("Referer", "https://192.168.122.1:8443/");
return "form";
} }
@RequestMapping(path = "/oauth2") @RequestMapping(path = "/oauth2")
......
...@@ -105,6 +105,7 @@ import org.opensaml.ws.soap.soap11.Body; ...@@ -105,6 +105,7 @@ import org.opensaml.ws.soap.soap11.Body;
import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.Configuration; import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.Namespace;
import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory; import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.encryption.EncryptionConstants;
...@@ -481,6 +482,9 @@ public class SamlClient { ...@@ -481,6 +482,9 @@ public class SamlClient {
request.setDestination(forIdP); request.setDestination(forIdP);
request.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); request.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
Namespace namespace = new Namespace("urn:oasis:names:tc:SAML:2.0:assertion", "saml2");
request.addNamespace(namespace);
Issuer issuer = (Issuer) Configuration.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME) Issuer issuer = (Issuer) Configuration.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME)
.buildObject(Issuer.DEFAULT_ELEMENT_NAME); .buildObject(Issuer.DEFAULT_ELEMENT_NAME);
issuer.setValue(fromSP); issuer.setValue(fromSP);
...@@ -490,26 +494,28 @@ public class SamlClient { ...@@ -490,26 +494,28 @@ public class SamlClient {
NameIDPolicy nameIDPolicy = (NameIDPolicy) Configuration.getBuilderFactory() NameIDPolicy nameIDPolicy = (NameIDPolicy) Configuration.getBuilderFactory()
.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject(NameIDPolicy.DEFAULT_ELEMENT_NAME); .getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
nameIDPolicy.setAllowCreate(true); nameIDPolicy.setAllowCreate(true);
nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"); nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
nameIDPolicy.setSPNameQualifier("Issuer"); // nameIDPolicy.setSPNameQualifier("Issuer");
request.setNameIDPolicy(nameIDPolicy); request.setNameIDPolicy(nameIDPolicy);
RequestedAuthnContext authNContext = (RequestedAuthnContext) Configuration.getBuilderFactory() // RequestedAuthnContext authNContext = (RequestedAuthnContext)
.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME) // Configuration.getBuilderFactory()
.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME); // .getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME)
// .buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); //
// authNContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
AuthnContextClassRef authNContextClassRef = (AuthnContextClassRef) Configuration.getBuilderFactory() //
.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME) // AuthnContextClassRef authNContextClassRef =
.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); // (AuthnContextClassRef) Configuration.getBuilderFactory()
// .getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)
authNContextClassRef // .buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"); //
// authNContextClassRef
authNContext.getAuthnContextClassRefs().add(authNContextClassRef); // .setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
//
request.setRequestedAuthnContext(authNContext); // authNContext.getAuthnContextClassRefs().add(authNContextClassRef);
//
// request.setRequestedAuthnContext(authNContext);
// Subject subject = (Subject) // Subject subject = (Subject)
// Configuration.getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME) // Configuration.getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME)
......
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>SAML2 POST</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form method="post" action="/" th:attr="action=${url}">
<input name="SAMLRequest" value="request" th:attr="value=${samlrequest}" />
<input name="RelayState" value="token" th:attr="value=${relaystate}"/>
<input type="submit" value="Submit" />
</form>
</body>
</html>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment