/*
* Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.identity.authenticator.saml2.sso.common.builders;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.signature.XMLSignature;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml2.core.impl.SubjectBuilder;
import org.wso2.carbon.identity.authenticator.saml2.sso.common.SAML2SSOAuthenticatorConstants;
import org.wso2.carbon.identity.authenticator.saml2.sso.common.Util;
import org.wso2.carbon.ui.CarbonUIUtil;
/**
* This class is used to generate Authentication Requests. When there is an unauthenticated user
* trying to access the carbon mgt-console, he will be redirected to identity provider after setting
* an authentication request to the http request.
*/
public class AuthenticationRequestBuilder {
private static Log log = LogFactory.getLog(AuthenticationRequestBuilder.class);
/**
* Build the issuer object
*
* @return Issuer object
*/
private static Issuer buildIssuer() {
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(Util.getServiceProviderId());
return issuer;
}
/**
* Build the NameIDPolicy object
*
* @return NameIDPolicy object
*/
private static NameIDPolicy buildNameIDPolicy(String nameIdPolicyFormat) {
NameIDPolicy nameIDPolicy = new NameIDPolicyBuilder().buildObject();
if (nameIdPolicyFormat == null) {
nameIdPolicyFormat = SAML2SSOAuthenticatorConstants.SAML2_NAME_ID_POLICY_UNSPECIFIED;
}
nameIDPolicy.setFormat(nameIdPolicyFormat);
nameIDPolicy.setAllowCreate(true);
return nameIDPolicy;
}
/**
* Generate an authentication request.
*
* @return AuthnRequest Object
* @throws Exception
*/
public AuthnRequest buildAuthenticationRequest(String subjectName, String nameIdPolicyFormat)
throws Exception {
return buildAuthenticationRequest(subjectName, nameIdPolicyFormat, false);
}
/**
* Generate an authentication request with passive support.
*
* @return AuthnRequest Object
* @throws Exception
*/
public AuthnRequest buildAuthenticationRequest(String subjectName, String nameIdPolicyFormat, boolean isPassive)
throws Exception {
if (log.isDebugEnabled()) {
log.debug("Building Authentication Request");
}
Util.doBootstrap();
AuthnRequest authnRequest = (AuthnRequest) Util
.buildXMLObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
authnRequest.setID(Util.createID());
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setIssuer(buildIssuer());
authnRequest.setNameIDPolicy(buildNameIDPolicy(nameIdPolicyFormat));
authnRequest.setIsPassive(isPassive);
authnRequest.setDestination(Util.getIdentityProviderSSOServiceURL());
String acs = Util.getAssertionConsumerServiceURL();
if (acs != null && acs.trim().length() > 0) {
authnRequest.setAssertionConsumerServiceURL(acs);
} else {
authnRequest.setAssertionConsumerServiceURL(CarbonUIUtil.getAdminConsoleURL("").replace("carbon/", "acs"));
}
if (subjectName != null) {
Subject subject = new SubjectBuilder().buildObject();
NameID nameId = new NameIDBuilder().buildObject();
nameId.setValue(subjectName);
nameId.setFormat(NameIdentifier.EMAIL);
subject.setNameID(nameId);
authnRequest.setSubject(subject);
}
Util.setSignature(authnRequest, XMLSignature.ALGO_ID_SIGNATURE_RSA, new SignKeyDataHolder());
return authnRequest;
}
}