rajesh
@@ -8,11 +8,9 @@ import java.security.PrivateKey;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.time.Instant;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.bouncycastle.util.io.pem.PemReader;
|
||||
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
|
||||
import org.opensaml.saml.common.SAMLVersion;
|
||||
import org.opensaml.saml.common.xml.SAMLConstants;
|
||||
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
|
||||
@@ -21,11 +19,6 @@ import org.opensaml.saml.saml2.core.AuthnRequest;
|
||||
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
|
||||
import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
|
||||
import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
|
||||
import org.opensaml.security.x509.BasicX509Credential;
|
||||
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
|
||||
import org.opensaml.xmlsec.signature.Signature;
|
||||
import org.opensaml.xmlsec.signature.support.SignatureConstants;
|
||||
import org.opensaml.xmlsec.signature.support.Signer;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -43,6 +36,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
@@ -250,12 +244,11 @@ public class SecurityConfig {
|
||||
RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("loginumbria")
|
||||
.entityId(entityId)
|
||||
.signingX509Credentials(credentials -> {
|
||||
try {
|
||||
AuthnRequest signedAuthnRequest = createSignedAuthnRequest(readPrivateKey(), readCertificate());
|
||||
logger.info("Signed SAML AuthnRequest: " + SamlRequestLogger.convertSAMLObjectToString(signedAuthnRequest));
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
try {
|
||||
credentials.add(Saml2X509Credential.signing(readPrivateKey(), readCertificate()));
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
})
|
||||
.assertionConsumerServiceLocation(acsUrl)
|
||||
.assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata")
|
||||
@@ -266,37 +259,6 @@ public class SecurityConfig {
|
||||
return new InMemoryRelyingPartyRegistrationRepository(registration);
|
||||
}
|
||||
|
||||
public AuthnRequest createSignedAuthnRequest(PrivateKey privateKey, X509Certificate certificate) throws Exception {
|
||||
AuthnRequest authnRequest = (AuthnRequest) XMLObjectProviderRegistrySupport.getBuilderFactory()
|
||||
.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME)
|
||||
.buildObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
|
||||
|
||||
authnRequest.setID("_" + UUID.randomUUID().toString());
|
||||
authnRequest.setVersion(SAMLVersion.VERSION_20);
|
||||
// authnRequest.setIssueInstant(new DateTime());
|
||||
authnRequest.setIssueInstant(Instant.now());
|
||||
|
||||
|
||||
// Sign the AuthnRequest
|
||||
// BasicCredential signingCredential = new BasicCredential(certificate, privateKey);
|
||||
BasicX509Credential signingCredential = new BasicX509Credential(certificate, privateKey);
|
||||
|
||||
Signature signature = (Signature) XMLObjectProviderRegistrySupport.getBuilderFactory()
|
||||
.getBuilder(Signature.DEFAULT_ELEMENT_NAME)
|
||||
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
|
||||
|
||||
signature.setSigningCredential(signingCredential);
|
||||
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); // Set RSA-SHA1
|
||||
|
||||
authnRequest.setSignature(signature);
|
||||
DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
|
||||
|
||||
// Marshall and sign the object
|
||||
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
|
||||
Signer.signObject(signature);
|
||||
|
||||
return authnRequest;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Saml2AuthenticationRequestResolver authenticationRequestResolver(RelyingPartyRegistrationRepository registrations) {
|
||||
|
||||
Reference in New Issue
Block a user