diff --git a/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java b/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java index 008f270..6e5c722 100644 --- a/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java +++ b/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java @@ -69,7 +69,7 @@ public class ArtifactResolutionServlet extends HttpServlet { @Override protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { - System.out.println("recieved artifactResolve"); + logger.debug("recieved artifactResolve"); HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder(); decoder.setHttpServletRequest(req); @@ -85,8 +85,9 @@ public class ArtifactResolutionServlet extends HttpServlet { } catch (ComponentInitializationException e) { e.printStackTrace(); } - System.out.println(decoder.getMessageContext().getMessage()); + + OpenSAMLUtils.logSAMLObject(decoder.getMessageContext().getMessage()); ArtifactResponse artifactResponse = buildArtifactResponse(); MessageContext context = new MessageContext(); @@ -108,11 +109,6 @@ public class ArtifactResolutionServlet extends HttpServlet { e.printStackTrace(); } - /*ArtifactResponse artifactResponse = buildArtifactResponse(); - artifactResponse.setInResponseTo("Made up ID"); - - printSAMLObject(wrapInSOAPEnvelope(artifactResponse), resp.getWriter()); - */ } diff --git a/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java b/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java index c0668ba..240a216 100644 --- a/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java +++ b/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java @@ -1,6 +1,7 @@ package no.steras.opensamlbook.idp; import no.steras.opensamlbook.OpenSAMLUtils; +import no.steras.opensamlbook.sp.SPConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -16,7 +17,7 @@ import java.io.Writer; */ public class SingleSignOnServlet extends HttpServlet { private static Logger logger = LoggerFactory.getLogger(SingleSignOnServlet.class); - private static final String ASSERTION_CONSUMER_SERVICE = "http://localhost:8080/webprofile-ref-project/sp/consumer"; + @Override @@ -30,7 +31,7 @@ public class SingleSignOnServlet extends HttpServlet { @Override protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { - resp.sendRedirect(ASSERTION_CONSUMER_SERVICE + "?SAMLart=AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D"); + resp.sendRedirect(SPConstants.ASSERTION_CONSUMER_SERVICE + "?SAMLart=AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D"); } diff --git a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java index 5842191..3c1f76a 100644 --- a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java +++ b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java @@ -43,6 +43,8 @@ import org.opensaml.soap.common.SOAPException; import org.opensaml.soap.messaging.context.SOAP11Context; import org.opensaml.soap.soap11.Envelope; import org.opensaml.soap.soap11.decoder.http.impl.EnvelopeBodyHandler; +import org.opensaml.xmlsec.SignatureSigningParameters; +import org.opensaml.xmlsec.context.SecurityParametersContext; import org.opensaml.xmlsec.encryption.support.DecryptionException; import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver; import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver; @@ -76,7 +78,7 @@ public class ConsumerServlet extends HttpServlet { logger.info("Artifact: " + artifact.getArtifact()); ArtifactResolve artifactResolve = buildArtifactResolve(artifact); - signArtifactResolve(artifactResolve); + //signArtifactResolve(artifactResolve); logger.info("Sending ArtifactResolve"); logger.info("ArtifactResolve: "); //OpenSAMLUtils.logSAMLObject(artifactResolve); @@ -132,27 +134,6 @@ public class ConsumerServlet extends HttpServlet { } - private void signArtifactResolve(ArtifactResolve artifactResolve) { - Signature signature = OpenSAMLUtils.buildSAMLObject(Signature.class); - signature.setSigningCredential(SPCredentials.getCredential()); - signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - - artifactResolve.setSignature(signature); - - try { - XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(artifactResolve).marshall(artifactResolve); - } catch (MarshallingException e) { - throw new RuntimeException(e); - } - - try { - Signer.signObject(signature); - } catch (SignatureException e) { - throw new RuntimeException(e); - } - } - private void setAuthenticatedSession(HttpServletRequest req) { req.getSession().setAttribute(SPConstants.AUTHENTICATED_SESSION_ATTRIBUTE, true); } @@ -193,31 +174,21 @@ public class ConsumerServlet extends HttpServlet { private ArtifactResponse sendAndReceiveArtifactResolve(final ArtifactResolve artifactResolve, HttpServletResponse servletResponse) { try { - //HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); MessageContext contextout = new MessageContext(); - SAMLPeerEntityContext peerEntityContext = contextout.getSubcontext(SAMLPeerEntityContext.class, true); - peerEntityContext.setEntityId(IDPConstants.IDP_ENTITY_ID); - - SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); - endpointContext.setEndpoint(getIPDArtifactResolutionEndpoint()); - - //SOAP11Context soapContext = contextout.getSubcontext(SOAP11Context.class, true); - contextout.setMessage(artifactResolve); + SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters(); + signatureSigningParameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signatureSigningParameters.setSigningCredential(SPCredentials.getCredential()); + signatureSigningParameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + + SecurityParametersContext securityParametersContext = contextout.getSubcontext(SecurityParametersContext.class, true); + securityParametersContext.setSignatureSigningParameters(signatureSigningParameters); InOutOperationContext context = new ProfileRequestContext(); context.setOutboundMessageContext(contextout); - /*encoder.setMessageContext(context); - encoder.initialize(); - encoder.prepareContext(); - encoder.encode(); -*/ - - - AbstractPipelineHttpSOAPClient soapClient = new AbstractPipelineHttpSOAPClient() { @@ -231,20 +202,18 @@ public class ConsumerServlet extends HttpServlet { decoder ); - BasicMessageHandlerChain outboundPayloadHandler = new BasicMessageHandlerChain(); outboundPayloadHandler.setHandlers(Lists.>newArrayList( new SAMLOutboundProtocolMessageSigningHandler())); pipeline.setOutboundPayloadHandler(outboundPayloadHandler); - pipeline.setInboundHandler(new SAMLSOAPDecoderBodyHandler()); - return pipeline; }}; HttpClientBuilder clientBuilder = new HttpClientBuilder(); + soapClient.setHttpClient(clientBuilder.buildClient()); soapClient.send(IDPConstants.ARTIFACT_RESOLUTION_SERVICE, context); - System.out.println(context.getInboundMessageContext().getMessage()); + return context.getInboundMessageContext().getMessage(); } catch (SecurityException e) { throw new RuntimeException(e); @@ -285,12 +254,6 @@ public class ConsumerServlet extends HttpServlet { return artifactResolve; } - private Endpoint getIPDArtifactResolutionEndpoint() { - ArtifactResolutionService endpoint = OpenSAMLUtils.buildSAMLObject(ArtifactResolutionService.class); - endpoint.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - endpoint.setLocation(IDPConstants.ARTIFACT_RESOLUTION_SERVICE); - return endpoint; - } }