Updated config
This commit is contained in:
rajesh
@@ -8,11 +8,14 @@ import java.security.PrivateKey;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.bouncycastle.util.io.pem.PemReader;
|
||||
import org.opensaml.saml.common.SAMLVersion;
|
||||
import org.opensaml.saml.common.xml.SAMLConstants;
|
||||
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
|
||||
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
|
||||
import org.opensaml.saml.saml2.core.AuthnRequest;
|
||||
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
|
||||
import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
|
||||
import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
|
||||
@@ -256,41 +259,45 @@ public class SecurityConfig {
|
||||
return new InMemoryRelyingPartyRegistrationRepository(registration);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Saml2AuthenticationRequestResolver authenticationRequestResolver(RelyingPartyRegistrationRepository registrations) {
|
||||
RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(registrations);
|
||||
OpenSaml4AuthenticationRequestResolver authenticationRequestResolver = new OpenSaml4AuthenticationRequestResolver(registrationResolver);
|
||||
|
||||
// Customize and log the AuthnRequest after setting the context
|
||||
authenticationRequestResolver.setAuthnRequestCustomizer((context) -> {
|
||||
context.getAuthnRequest().setRequestedAuthnContext(buildRequestedAuthnContext());
|
||||
|
||||
// Log the SAML AuthnRequest after setting the authentication context
|
||||
String samlRequest = SamlRequestLogger.convertSAMLObjectToString(context.getAuthnRequest());
|
||||
logger.info("SAML AuthnRequest after setting context: " + samlRequest);
|
||||
});
|
||||
@Bean
|
||||
public Saml2AuthenticationRequestResolver authenticationRequestResolver(RelyingPartyRegistrationRepository registrations) {
|
||||
RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(registrations);
|
||||
OpenSaml4AuthenticationRequestResolver authenticationRequestResolver = new OpenSaml4AuthenticationRequestResolver(registrationResolver);
|
||||
|
||||
return authenticationRequestResolver;
|
||||
}
|
||||
authenticationRequestResolver.setAuthnRequestCustomizer((context) -> {
|
||||
// Set the required attributes
|
||||
AuthnRequest authnRequest = context.getAuthnRequest();
|
||||
authnRequest.setID("_" + UUID.randomUUID().toString()); // Add a unique ID
|
||||
authnRequest.setVersion(SAMLVersion.VERSION_20); // Ensure version is 2.0
|
||||
authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI); // HTTP-POST
|
||||
|
||||
// Set Authentication Context
|
||||
authnRequest.setRequestedAuthnContext(buildRequestedAuthnContext());
|
||||
|
||||
private RequestedAuthnContext buildRequestedAuthnContext() {
|
||||
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
|
||||
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(
|
||||
SAMLConstants.SAML20_NS, AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20_PREFIX
|
||||
);
|
||||
|
||||
// Set the SPID Level 2 authentication context
|
||||
authnContextClassRef.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword");
|
||||
// Log the SAML AuthnRequest after setting context
|
||||
String samlRequest = SamlRequestLogger.convertSAMLObjectToString(authnRequest);
|
||||
logger.info("SAML AuthnRequest after setting context: " + samlRequest);
|
||||
});
|
||||
|
||||
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
|
||||
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
|
||||
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
|
||||
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
|
||||
return authenticationRequestResolver;
|
||||
}
|
||||
|
||||
return requestedAuthnContext;
|
||||
}
|
||||
|
||||
private RequestedAuthnContext buildRequestedAuthnContext() {
|
||||
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
|
||||
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(
|
||||
SAMLConstants.SAML20_NS, AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20_PREFIX
|
||||
);
|
||||
// Set the SPID Level 2 authentication context
|
||||
authnContextClassRef.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword");
|
||||
|
||||
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
|
||||
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
|
||||
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
|
||||
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
|
||||
|
||||
return requestedAuthnContext;
|
||||
}
|
||||
|
||||
public PrivateKey readPrivateKey() throws Exception {
|
||||
// Path to your private key PEM file
|
||||
|
||||
Reference in New Issue
Block a user