├── README.md ├── SSOValidationService ├── Library │ ├── maven-eclipse-codestyle.xml │ ├── pom.xml │ └── src │ │ ├── main │ │ ├── java │ │ │ └── org │ │ │ │ └── rub │ │ │ │ └── nds │ │ │ │ ├── futuretrust │ │ │ │ └── validationservice │ │ │ │ │ └── sso │ │ │ │ │ └── library │ │ │ │ │ ├── AuthenticationException.java │ │ │ │ │ ├── AuthenticationVerifier.java │ │ │ │ │ ├── ConfigDatabase.java │ │ │ │ │ ├── ConfigurationManager.java │ │ │ │ │ ├── Controller.java │ │ │ │ │ ├── SAMLVerificationAdapter.java │ │ │ │ │ └── VerificationException.java │ │ │ │ └── sso │ │ │ │ └── provider │ │ │ │ ├── EidProvider.java │ │ │ │ ├── EidSecurity.java │ │ │ │ ├── NoSuchEidProviderException.java │ │ │ │ ├── OidcEidProvider.java │ │ │ │ └── SamlEidProvider.java │ │ └── resources │ │ │ └── schemas │ │ │ ├── futureTrust_cvs_API.xsd │ │ │ ├── specs │ │ │ ├── oasis-dss-core-schema-v1.0-os.xsd │ │ │ ├── oasis-sstc-saml-schema-protocol-1.1.xsd │ │ │ ├── xml.xsd │ │ │ └── xmldsig-core-schema.xsd │ │ │ └── ssolib_API.xsd │ │ └── test │ │ ├── java │ │ └── org │ │ │ └── rub │ │ │ └── nds │ │ │ └── futuretrust │ │ │ └── validationservice │ │ │ └── sso │ │ │ └── library │ │ │ └── ConfigurationManagerTest.java │ │ └── resources │ │ ├── configDB.xml │ │ └── idpmetadata.xml ├── WebService │ ├── lib │ │ └── unknown │ │ │ └── binary │ │ │ └── javax.ws.rs-api-2.0 │ │ │ └── SNAPSHOT │ │ │ └── javax.ws.rs-api-2.0-SNAPSHOT.jar │ ├── maven-eclipse-codestyle.xml │ ├── nb-configuration.xml │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── rub │ │ │ └── nds │ │ │ └── sso │ │ │ ├── rest │ │ │ └── application │ │ │ │ └── config │ │ │ │ ├── ApplicationConfig.java │ │ │ │ └── ConfigurationManager.java │ │ │ └── webservice │ │ │ ├── JAXBContextResolver.java │ │ │ ├── JacksonConfigurator.java │ │ │ └── ValidationService.java │ │ ├── resources │ │ └── configDB.xml │ │ └── webapp │ │ ├── META-INF │ │ └── context.xml │ │ ├── WEB-INF │ │ ├── jboss-web.xml │ │ └── web.xml │ │ └── index.jsp ├── maven-eclipse-codestyle.xml └── pom.xml ├── docs └── D2.3-Evaluation-of-eID-and-trust-services.pdf └── images ├── arhs.png ├── asit.png ├── brz.png ├── bva.png ├── ecsec.png ├── eema.png ├── futuretrust.jpg ├── gd.png ├── lawtrust.jpg ├── multicert.png ├── mup.png ├── psda.jpg ├── pwc.png ├── rub.png ├── soton.png ├── trust.png └── tubitak.png /README.md: -------------------------------------------------------------------------------- 1 | FutureTrust 2 | 3 | FutureTrust aims at supporting the practical implementation of electronic identification (eID) services in Europe and beyond. It addresses the need for globally interoperable solutions through basic research with respect to the foundations of trust and trustworthiness, supports the standardisation process in relevant areas, and provides Open Source software components which will ease the use of eID in real world applications. More information can be found on our official webiste: https://www.futuretrust.eu. 4 | 5 | The present website provides an overview of our contributions regarding the security of eID services and **invites further stakeholders to contribute to this research.** 6 | 7 | The project is funded within the EU Framework Programme for Research and Innovation (Horizon 2020) under Grant Agreement No. 700542. 8 | 9 | 10 | # Overview of eID Services 11 | 12 | Our first contribution is the documentation of existing governmental and commercial eID services. It investigates the usage of authentication schemes and protocols and their security properties. In particular, it concentrates on three major protocols: SAML, OpenID, and OpenID Connect. It shows how these protocols are used in different countries, which authentication methods are used, and how the issued authentication tokens are transported over secure channels. 13 | 14 | Information about the existing eID services were collected from whitepapers and scientific publications as well as with custom tools. Countries from the European Union, European Economic Area (Norway, Iceland, Liechtenstein), and other countries applying eID protocols were considered in our analysis. 15 | 16 | **See the [FutureTrust Wiki](https://github.com/RUB-NDS/FutureTrust/wiki) for the online documentation.** 17 | 18 | # Evaluation of eID and Trust Services 19 | eID services are based on well-established web technologies. These technologies provide functionalities for secure browsing, login mechanisms, Single Sign-On, or exchanging confidential data over untrusted networks. Unfortunately, these technologies are also common targets of attacks if they are misconfigured or incorrectly implemented. In recent years, it has been shown how to break SAML-based SSO systems and login as an arbitrary user, read arbitrary files from SAML servers, or how to break XML Encryption and decrypt the exchanged SAML assertions. These attacks present serious threats to the eID users and their prevention is, therefore, of high importance. 20 | 21 | The goal of this document is to provide an overview of the attacks relevant to eID scenarios and to summarize security guidelines and best practices for the deployment of secure eID infrastructures based on SAML. 22 | We first give an overview of the technologies used in eID services and present the main security features provided by these technologies. Afterwards, we provide an architecture description of a typical SSO provider, describe generic attacks, and describe the attack scenarios applicable on this architecture. We summarize security evaluations that should be performed when analyzing the security of a deployed SAML-based SSO provider. These attacks range from targeting the underlying TLS protocol and XML parser (XXE attacks), to exploiting incorrect XML Signature validation that can allow an attacker to log in as an arbitrary user. Based on the summarized attacks, we define best security practices to deploy SAML-based eID systems. This provides an overview of the relevant countermeasures and reference security documents written by well-established entities like OWASP (Open Web Application Security Project) or BSI (Bundesamt für Sicherheit in der Informationstechnik). 23 | 24 | In order to support eID developers in their secure development process, we also extended the tool Extension for Processing and Recognition of Single SignOn Protocols (EsPReSSO), which helps to analyze different SSO protocols and their used information flow. We implemented a prototype of the summarized SAML-relevant attacks into EsPReSSO so that eID developers are able to check for known vulnerabilities. The tool will provide recommendations for developers to enhance the security of deployed eID systems. 25 | 26 | [Technical Report](docs/D2.3-Evaluation-of-eID-and-trust-services.pdf) 27 | 28 | # FutureTrust Partners 29 | 30 | FutureTrust 31 | FutureTrust 32 | FutureTrust 33 | FutureTrust 34 | FutureTrust 35 | FutureTrust 36 | FutureTrust 37 | FutureTrust 38 | FutureTrust 39 | FutureTrust 40 | FutureTrust 41 | FutureTrust 42 | FutureTrust 43 | FutureTrust 44 | FutureTrust 45 | -------------------------------------------------------------------------------- /SSOValidationService/Library/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | SSO Validation Library 5 | 6 | org.rub.nds.futuretrust.validationservice.sso 7 | SSOValidationService 8 | 1.0-SNAPSHOT 9 | 10 | Library 11 | jar 12 | 13 | 11 14 | 11 15 | 16 | 17 | 18 | 19 | org.codehaus.mojo 20 | jaxb2-maven-plugin 21 | 2.4 22 | 23 | 24 | 25 | xjc 26 | 27 | 28 | 29 | 30 | 31 | src/main/resources/schemas/ 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | org.rub.nds.elearning.sso 40 | samllib 41 | 1.1-SNAPSHOT 42 | 43 | 44 | junit 45 | junit 46 | 4.12 47 | test 48 | 49 | 50 | org.hamcrest 51 | hamcrest-core 52 | 1.3 53 | test 54 | 55 | 56 | com.nimbusds 57 | nimbus-jose-jwt 58 | 7.1 59 | jar 60 | 61 | 62 | com.nimbusds 63 | oauth2-oidc-sdk 64 | 6.1 65 | jar 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/AuthenticationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | package org.rub.nds.futuretrust.validationservice.sso.library; 7 | 8 | /** 9 | * 10 | * @author vladi 11 | */ 12 | public class AuthenticationException extends Exception { 13 | 14 | /** 15 | * Creates a new instance of AuthenticationException without 16 | * detail message. 17 | */ 18 | public AuthenticationException() { 19 | } 20 | 21 | /** 22 | * Constructs an instance of AuthenticationException with the 23 | * specified detail message. 24 | * 25 | * @param msg 26 | * the detail message. 27 | */ 28 | public AuthenticationException(String msg) { 29 | super(msg); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/AuthenticationVerifier.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.futuretrust.validationservice.sso.library; 2 | 3 | import org.rub.nds.futuretrust.cvs.sso.api.AuthenticationType; 4 | import org.rub.nds.futuretrust.cvs.sso.api.DatabaseType; 5 | import org.rub.nds.futuretrust.cvs.sso.api.EntityType; 6 | import org.rub.nds.futuretrust.cvs.sso.api.VerificationRequestType; 7 | 8 | /** 9 | * 10 | * @author vladi 11 | */ 12 | public class AuthenticationVerifier { 13 | 14 | public static EntityType authenticate(DatabaseType db, VerificationRequestType request) 15 | throws AuthenticationException { 16 | if (request.getAuthentication() == null) { 17 | throw new AuthenticationException("No authentication information found."); 18 | } 19 | if (request.getAuthentication().getMethod() == null) { 20 | return verifyClientIDSecret(db, request); 21 | } else if (request.getAuthentication().getMethod().equalsIgnoreCase("cert")) { 22 | return verifyCert(db, request); 23 | } else if (request.getAuthentication().getMethod().equalsIgnoreCase("pop")) { 24 | throw new AuthenticationException("Not implemented."); 25 | } else { 26 | return verifyClientIDSecret(db, request); 27 | } 28 | } 29 | 30 | private static EntityType verifyClientIDSecret(DatabaseType db, VerificationRequestType request) 31 | throws AuthenticationException { 32 | for (EntityType entity : db.getRegisteredEntity()) { 33 | for (AuthenticationType auth : entity.getAuthentication()) { 34 | if (request.getAuthentication().getClientId().equals(auth.getClientId()) 35 | && request.getAuthentication().getClientSecret().equals(auth.getClientSecret())) { 36 | return entity; 37 | } 38 | } 39 | } 40 | throw new AuthenticationException("Authentication not successful!"); 41 | } 42 | 43 | private static EntityType verifyCert(DatabaseType db, VerificationRequestType request) 44 | throws AuthenticationException { 45 | for (EntityType entity : db.getRegisteredEntity()) { 46 | for (AuthenticationType auth : entity.getAuthentication()) { 47 | if (request.getAuthentication().getClientCert().equals(auth.getClientCert())) { 48 | return entity; 49 | } 50 | } 51 | } 52 | throw new AuthenticationException("Authentication not successful!"); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/ConfigDatabase.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.futuretrust.validationservice.sso.library; 2 | 3 | import org.rub.nds.futuretrust.cvs.sso.api.DatabaseType; 4 | 5 | /** 6 | * 7 | * @author vladi 8 | */ 9 | 10 | public class ConfigDatabase { 11 | private static DatabaseType config; 12 | 13 | private ConfigDatabase() { 14 | } 15 | 16 | public static ConfigDatabase getInstance() { 17 | return ConfigDatabaseHolder.INSTANCE; 18 | } 19 | 20 | private static class ConfigDatabaseHolder { 21 | 22 | private static final ConfigDatabase INSTANCE = new ConfigDatabase(); 23 | } 24 | 25 | public static DatabaseType getConfig() { 26 | return config; 27 | } 28 | 29 | public static void setConfig(DatabaseType config) { 30 | ConfigDatabase.config = config; 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/ConfigurationManager.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.futuretrust.validationservice.sso.library; 2 | 3 | import java.io.File; 4 | import javax.servlet.ServletContextEvent; 5 | import javax.servlet.ServletContextListener; 6 | import javax.xml.bind.JAXBContext; 7 | import javax.xml.bind.JAXBElement; 8 | import javax.xml.bind.JAXBException; 9 | import javax.xml.bind.Unmarshaller; 10 | import javax.xml.transform.Source; 11 | import javax.xml.transform.stream.StreamSource; 12 | import org.rub.nds.futuretrust.cvs.sso.api.DatabaseType; 13 | import org.rub.nds.saml.samllib.verifier.SAMLIDCache; 14 | 15 | /** 16 | * 17 | * @author Vladislav Mladenov 18 | */ 19 | public class ConfigurationManager { 20 | 21 | private static final String configFile = "config.xml"; 22 | 23 | public ConfigurationManager() throws JAXBException { 24 | init("configFile"); 25 | } 26 | 27 | public ConfigurationManager(String filepath) throws JAXBException { 28 | init(filepath); 29 | } 30 | 31 | private void init(String filepath) throws JAXBException { 32 | initDB(filepath); 33 | SAMLIDCache.initialize(); 34 | SAMLIDCache.setCacheDuration(30); 35 | } 36 | 37 | private void initDB(String filepath) throws JAXBException { 38 | File file = new File(filepath); 39 | JAXBContext jaxbContext = JAXBContext.newInstance(DatabaseType.class); 40 | Source source = new StreamSource(file); 41 | 42 | Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); 43 | JAXBElement el = jaxbUnmarshaller.unmarshal(source, DatabaseType.class); 44 | ConfigDatabase.setConfig(el.getValue()); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/Controller.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.futuretrust.validationservice.sso.library; 2 | 3 | import org.rub.nds.sso.provider.EidProvider; 4 | import org.rub.nds.futuretrust.cvs.sso.api.EntityType; 5 | import org.rub.nds.futuretrust.cvs.sso.api.RequestBaseType; 6 | import org.rub.nds.futuretrust.cvs.sso.api.SsoProtocolType; 7 | import org.rub.nds.futuretrust.cvs.sso.api.VerificationRequestType; 8 | import org.rub.nds.sso.provider.SamlEidProvider; 9 | import org.rub.nds.sso.api.VerificationLogType; 10 | import org.rub.nds.sso.provider.OidcEidProvider; 11 | 12 | /** 13 | * 14 | * @author vladi 15 | */ 16 | public class Controller { 17 | 18 | RequestBaseType request; 19 | 20 | public Controller(RequestBaseType request) { 21 | this.request = request; 22 | } 23 | 24 | public org.rub.nds.sso.api.VerificationResponseType verify() { 25 | org.rub.nds.sso.api.VerificationResponseType result = new org.rub.nds.sso.api.VerificationResponseType(); 26 | try { 27 | // JAXBContext context = 28 | // JAXBContext.newInstance(VerificationRequestType.class); 29 | // Unmarshaller um = context.createUnmarshaller(); 30 | // VerificationRequestType rq = (VerificationRequestType) 31 | // um.unmarshal((Node) request.getOptionalInputs() 32 | // .getAny().get(0)); 33 | 34 | VerificationRequestType rq = (VerificationRequestType) request.getOptionalInputs() 35 | .getCvsVerificationRequest(); 36 | EntityType entity = AuthenticationVerifier.authenticate(ConfigDatabase.getConfig(), rq); 37 | 38 | if (rq.getSsoProtocol().equals(SsoProtocolType.SAML)) { 39 | EidProvider provider = new SamlEidProvider(); 40 | result = provider.verify(rq.getSaml()); 41 | } 42 | if (rq.getSsoProtocol().equals(SsoProtocolType.OIDC)) { 43 | EidProvider provider = new OidcEidProvider(); 44 | result = provider.verify(rq.getOidc()); 45 | } 46 | 47 | return result; 48 | } catch (Exception ex) { // TODO: Only exceptions which are throws by 49 | // our lib 50 | VerificationLogType log = new VerificationLogType(); 51 | log.setException(ex.getMessage()); 52 | ex.printStackTrace(); 53 | result.setVerificationLog(log); 54 | return result; 55 | } 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/SAMLVerificationAdapter.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.futuretrust.validationservice.sso.library; 2 | 3 | import org.rub.nds.futuretrust.cvs.sso.api.EntityType; 4 | import org.rub.nds.saml.samllib.exceptions.SAMLVerifyException; 5 | import org.rub.nds.sso.api.SamlTokenVerificationChecksType; 6 | import org.rub.nds.sso.api.SamlType; 7 | import org.rub.nds.sso.api.VerificationProfileType; 8 | 9 | /** 10 | * 11 | * @author vladi 12 | */ 13 | public class SAMLVerificationAdapter { 14 | 15 | public static SamlType getVerificationProfile(EntityType provider, SamlType saml) throws SAMLVerifyException { 16 | // Check if some verification profile is referenced 17 | if (saml.getSamlVerificationProfile() == null || saml.getSamlVerificationProfile().isEmpty()) { 18 | // do nothing and return the same profile 19 | } else { 20 | VerificationProfileType profile = getProfile(provider, saml); 21 | saml.setSamlTokenVerificationChecks(profile.getSamlTokenVerificationChecks()); 22 | saml.setSamlVerificationParameters(profile.getSamlTokenVerificationParameters()); 23 | } 24 | 25 | return saml; 26 | } 27 | 28 | public static VerificationProfileType getProfile(EntityType provider, SamlType saml) throws SAMLVerifyException { 29 | for (VerificationProfileType verification : provider.getVerificationProfile()) { 30 | if (saml.getSamlVerificationProfile().equals(verification.getID())) { 31 | return verification; 32 | } 33 | } 34 | throw new SAMLVerifyException("Profile " + saml.getSamlVerificationProfile() + "not found in the database"); 35 | } 36 | 37 | public static SamlTokenVerificationChecksType mergeSamlVerificationChecks( 38 | SamlTokenVerificationChecksType localProfile, SamlTokenVerificationChecksType incomming) { 39 | if (localProfile == null) { 40 | return incomming; 41 | } else if (incomming == null) { 42 | return localProfile; 43 | } else { 44 | return incomming; 45 | // return mergeChecks(localProfile, incomming); 46 | } 47 | 48 | } 49 | 50 | private static SamlTokenVerificationChecksType mergeChecks(SamlTokenVerificationChecksType localProfile, 51 | SamlTokenVerificationChecksType incomming) { 52 | SamlTokenVerificationChecksType result = new SamlTokenVerificationChecksType(); 53 | 54 | result.setVerifyHolderOfKey(localProfile.isVerifyHolderOfKey() | incomming.isVerifyHolderOfKey()); 55 | result.setVerifySAMLAssertionAuthnMethod(localProfile.isVerifySAMLAssertionAuthnMethod() 56 | | incomming.isVerifySAMLAssertionAuthnMethod()); 57 | result.setVerifySAMLAssertionConditionsAudience(localProfile.isVerifySAMLAssertionConditionsAudience() 58 | | incomming.isVerifySAMLAssertionConditionsAudience()); 59 | result.setVerifySAMLAssertionConditionsTimestamps(localProfile.isVerifySAMLAssertionConditionsTimestamps() 60 | | incomming.isVerifySAMLAssertionConditionsTimestamps()); 61 | result.setVerifySAMLAssertionID(localProfile.isVerifySAMLAssertionID() | incomming.isVerifySAMLAssertionID()); 62 | result.setVerifySAMLAssertionInResponseTo(localProfile.isVerifySAMLAssertionInResponseTo() 63 | | incomming.isVerifySAMLAssertionInResponseTo()); 64 | result.setVerifySAMLAssertionIssueInstant(localProfile.isVerifySAMLAssertionIssueInstant() 65 | | incomming.isVerifySAMLAssertionIssueInstant()); 66 | result.setVerifySAMLAssertionSbjConfirmationDestination(localProfile 67 | .isVerifySAMLAssertionSbjConfirmationDestination() 68 | | incomming.isVerifySAMLAssertionSbjConfirmationDestination()); 69 | result.setVerifySAMLAssertionSbjConfirmationTimestamps(localProfile 70 | .isVerifySAMLAssertionSbjConfirmationTimestamps() 71 | | incomming.isVerifySAMLAssertionSbjConfirmationTimestamps()); 72 | result.setVerifySAMLAssertionSbjInResponseTo(localProfile.isVerifySAMLAssertionSbjInResponseTo() 73 | | incomming.isVerifySAMLAssertionSbjInResponseTo()); 74 | result.setVerifySAMLAssertionSignature(localProfile.isVerifySAMLAssertionSignature() 75 | | incomming.isVerifySAMLAssertionSignature()); 76 | result.setVerifySAMLAssertionSignatureTrusted(localProfile.isVerifySAMLAssertionSignatureTrusted() 77 | | incomming.isVerifySAMLAssertionSignatureTrusted()); 78 | result.setVerifySAMLResponseID(localProfile.isVerifySAMLResponseID() | incomming.isVerifySAMLResponseID()); 79 | result.setVerifySAMLResponseInResponseTo(localProfile.isVerifySAMLResponseInResponseTo() 80 | | incomming.isVerifySAMLResponseInResponseTo()); 81 | result.setVerifySAMLResponseIssueInstant(localProfile.isVerifySAMLResponseIssueInstant() 82 | | incomming.isVerifySAMLResponseIssueInstant()); 83 | result.setVerifySAMLResponseSignature(localProfile.isVerifySAMLResponseSignature() 84 | | incomming.isVerifySAMLResponseSignature()); 85 | result.setVerifySAMLResponseSignatureTrusted(localProfile.isVerifySAMLResponseSignatureTrusted() 86 | | incomming.isVerifySAMLResponseSignatureTrusted()); 87 | result.setVerifySchema(localProfile.isVerifySchema() | incomming.isVerifySchema()); 88 | result.setVerifyXSW(localProfile.isVerifyXSW() | incomming.isVerifyXSW()); 89 | 90 | return result; 91 | } 92 | } 93 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/futuretrust/validationservice/sso/library/VerificationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | package org.rub.nds.futuretrust.validationservice.sso.library; 7 | 8 | /** 9 | * 10 | * @author vladi 11 | */ 12 | public class VerificationException extends Exception { 13 | 14 | /** 15 | * Creates a new instance of VerificationException without 16 | * detail message. 17 | */ 18 | public VerificationException() { 19 | } 20 | 21 | /** 22 | * Constructs an instance of VerificationException with the 23 | * specified detail message. 24 | * 25 | * @param msg 26 | * the detail message. 27 | */ 28 | public VerificationException(String msg) { 29 | super(msg); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/sso/provider/EidProvider.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.sso.provider; 2 | 3 | import org.rub.nds.sso.api.SsoType; 4 | import org.rub.nds.sso.api.VerificationProfileType; 5 | import org.rub.nds.sso.api.VerificationResponseType; 6 | 7 | /** 8 | * 9 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 10 | */ 11 | public abstract class EidProvider { 12 | 13 | private final String name; 14 | 15 | private final String info; 16 | 17 | private final double version; 18 | 19 | private final String type; 20 | 21 | private VerificationProfileType verificationProfileType; 22 | 23 | private Object securityObject; 24 | 25 | public EidProvider(String name, String info, double version, String type) { 26 | this.name = name; 27 | this.info = info; 28 | this.version = version; 29 | this.type = type; 30 | } 31 | 32 | public abstract VerificationResponseType verify(SsoType ssoType); 33 | 34 | public void setSecurityObject(Object type) { 35 | this.securityObject = type; 36 | } 37 | 38 | public Object getSecurityObject() { 39 | return securityObject; 40 | } 41 | 42 | public void setVerificationProfile(VerificationProfileType verificationProfile) { 43 | this.verificationProfileType = verificationProfile; 44 | } 45 | 46 | public VerificationProfileType getVerificationProfile() { 47 | return verificationProfileType; 48 | } 49 | 50 | public String getName() { 51 | return name; 52 | } 53 | 54 | public String getInfo() { 55 | return info; 56 | } 57 | 58 | public double getVersion() { 59 | return version; 60 | } 61 | 62 | public String getType() { 63 | return type; 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/sso/provider/EidSecurity.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | package org.rub.nds.sso.provider; 7 | 8 | import java.util.HashSet; 9 | import java.util.LinkedList; 10 | import java.util.List; 11 | import java.util.Set; 12 | 13 | /** 14 | * 15 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 16 | */ 17 | public class EidSecurity { 18 | 19 | private static List providers; 20 | 21 | static { 22 | initialize(); 23 | } 24 | 25 | private static void initialize() { 26 | providers = new LinkedList<>(); 27 | } 28 | 29 | public static void addEidProvider(EidProvider provider) { 30 | providers.add(provider); 31 | } 32 | 33 | public static Set getEidTypes() { 34 | Set s = new HashSet<>(); 35 | for (EidProvider p : providers) { 36 | s.add(p.getType()); 37 | } 38 | return s; 39 | } 40 | 41 | public static EidProvider getEidProviderInstance(String type) throws NoSuchEidProviderException { 42 | for (EidProvider p : providers) { 43 | if (p.getType().equalsIgnoreCase(type)) { 44 | return p; 45 | } 46 | } 47 | throw new NoSuchEidProviderException(); 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/sso/provider/NoSuchEidProviderException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this license header, choose License Headers in Project Properties. 3 | * To change this template file, choose Tools | Templates 4 | * and open the template in the editor. 5 | */ 6 | package org.rub.nds.sso.provider; 7 | 8 | /** 9 | * TODO move to a different module / package 10 | * 11 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 12 | */ 13 | public class NoSuchEidProviderException extends Exception { 14 | 15 | } 16 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/sso/provider/OidcEidProvider.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.sso.provider; 2 | 3 | import com.nimbusds.jose.JOSEException; 4 | import com.nimbusds.jose.jwk.JWKSet; 5 | import com.nimbusds.jose.proc.BadJOSEException; 6 | import com.nimbusds.jose.proc.SecurityContext; 7 | import com.nimbusds.jose.proc.SimpleSecurityContext; 8 | import com.nimbusds.jose.util.DefaultResourceRetriever; 9 | import com.nimbusds.jwt.SignedJWT; 10 | import com.nimbusds.oauth2.sdk.auth.Secret; 11 | import com.nimbusds.oauth2.sdk.id.ClientID; 12 | import com.nimbusds.oauth2.sdk.id.Issuer; 13 | import com.nimbusds.openid.connect.sdk.Nonce; 14 | import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; 15 | import com.nimbusds.openid.connect.sdk.validators.IDTokenClaimsVerifier; 16 | import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator; 17 | import java.io.BufferedReader; 18 | import java.io.IOException; 19 | import java.io.InputStream; 20 | import java.io.InputStreamReader; 21 | import java.net.MalformedURLException; 22 | import java.net.URI; 23 | import java.net.URISyntaxException; 24 | import java.net.URL; 25 | import java.net.URLConnection; 26 | import java.text.ParseException; 27 | import java.util.logging.Level; 28 | import java.util.logging.Logger; 29 | import org.rub.nds.futuretrust.cvs.sso.api.EntityType; 30 | import org.rub.nds.futuretrust.validationservice.sso.library.ConfigDatabase; 31 | import org.rub.nds.futuretrust.validationservice.sso.library.VerificationException; 32 | import org.rub.nds.sso.api.AuthenticatedUserType; 33 | import org.rub.nds.sso.api.OidcType; 34 | import org.rub.nds.sso.api.OidcVerificationChecksType; 35 | import org.rub.nds.sso.api.OidcVerificationParametersType; 36 | import org.rub.nds.sso.api.SsoType; 37 | import org.rub.nds.sso.api.VerificationLogType; 38 | import org.rub.nds.sso.api.VerificationProfileType; 39 | import org.rub.nds.sso.api.VerificationResponseType; 40 | 41 | /** 42 | * 43 | * @author vladi 44 | */ 45 | public class OidcEidProvider extends EidProvider { 46 | 47 | private static final double VERSION = 1.0; 48 | 49 | private static final String INFO = "OIDC eID provider v" + VERSION; 50 | 51 | private static final String NAME = "OIDC eID"; 52 | 53 | private static final String TYPE = "OIDC"; 54 | 55 | public OidcEidProvider() { 56 | super(NAME, INFO, VERSION, TYPE); 57 | } 58 | 59 | public OidcEidProvider(String name, String info, double version, String type) { 60 | super(name, info, version, type); 61 | } 62 | 63 | @Override 64 | public VerificationResponseType verify(SsoType ssoType) { 65 | VerificationResponseType result = new VerificationResponseType(); 66 | try { 67 | /* 68 | * - fetch verification profile if specified - merge verification 69 | * parameters - use either incomming verification checks or 70 | * specificed in the profile - verify - return result 71 | */ 72 | 73 | OidcType oidcType = (OidcType) ssoType; 74 | 75 | VerificationProfileType profile = getVerificationProfile(oidcType); 76 | mergeVerificationParameters(oidcType, profile); 77 | mergeVerificationChechs(oidcType, profile); 78 | verify(oidcType); 79 | 80 | result.setResult(true); 81 | AuthenticatedUserType user = new AuthenticatedUserType(); 82 | SignedJWT jwt = SignedJWT.parse(oidcType.getOidcResponse()); 83 | user.setUserID(jwt.getJWTClaimsSet().getIssuer() + "#" + jwt.getJWTClaimsSet().getSubject()); 84 | result.setAuthenticatedUser(user); 85 | result.setOidcVerifiedChecks(oidcType.getOidcVerificiationChecks()); 86 | 87 | return result; 88 | } catch (VerificationException | URISyntaxException | ParseException | JOSEException ex) { 89 | VerificationLogType log = new VerificationLogType(); 90 | log.setVerificationLog(ex.getMessage()); 91 | result.setResult(false); 92 | result.setVerificationLog(log); 93 | return result; 94 | } 95 | } 96 | 97 | private void verify(OidcType oidcType) throws ParseException, URISyntaxException, JOSEException, 98 | VerificationException { 99 | try { 100 | /* 101 | * fetch KeyMaterial prepare arguments for verification verify 102 | */ 103 | 104 | OidcVerificationChecksType checks = oidcType.getOidcVerificiationChecks(); 105 | 106 | SignedJWT jwt = SignedJWT.parse(oidcType.getOidcResponse()); 107 | OIDCProviderMetadata providerMetadata; 108 | 109 | providerMetadata = getMetadata(oidcType, jwt); 110 | Issuer issuer = getIssuer(oidcType, jwt, providerMetadata); 111 | ClientID clientid = getClientID(oidcType, jwt, providerMetadata); 112 | Nonce nonce = getNonce(oidcType, jwt, providerMetadata); 113 | IDTokenValidator validator; 114 | 115 | if (oidcType.getOidcVerificiationChecks().isVerifySignature()) { 116 | if (jwt.getHeader().getAlgorithm().toJSONString().contains("HS")) { 117 | Secret secret = new Secret(oidcType.getOidcVerificationParameters().getClientSecret()); 118 | validator = new IDTokenValidator(issuer, clientid, jwt.getHeader().getAlgorithm(), secret); 119 | } else if (providerMetadata != null) { 120 | validator = new IDTokenValidator(issuer, clientid, jwt.getHeader().getAlgorithm(), providerMetadata 121 | .getJWKSetURI().toURL(), new DefaultResourceRetriever()); 122 | } else { 123 | Secret secret = new Secret(oidcType.getOidcVerificationParameters().getClientSecret()); 124 | validator = new IDTokenValidator(issuer, clientid, jwt.getHeader().getAlgorithm(), secret); 125 | } 126 | validator.validate(jwt, nonce); 127 | } else { 128 | IDTokenClaimsVerifier verifier = new IDTokenClaimsVerifier(issuer, clientid, nonce, 30 * 60); 129 | SecurityContext ctx = new SimpleSecurityContext(); 130 | verifier.verify(jwt.getJWTClaimsSet(), ctx); 131 | } 132 | 133 | } catch (BadJOSEException | MalformedURLException | VerificationException ex) { 134 | throw new VerificationException(ex.getMessage()); 135 | } 136 | 137 | } 138 | 139 | private Nonce getNonce(OidcType oidcType, SignedJWT jwt, OIDCProviderMetadata metadata) 140 | throws VerificationException { 141 | try { 142 | if (oidcType.getOidcVerificiationChecks().isVerifyNonce()) { 143 | return new Nonce(oidcType.getOidcVerificationParameters().getSubClaims()); 144 | } else { 145 | return new Nonce(jwt.getJWTClaimsSet().getStringClaim("nonce")); 146 | } 147 | } catch (NullPointerException ex) { 148 | throw new VerificationException("Nonce in the config is empty"); 149 | } catch (ParseException ex) { 150 | throw new VerificationException("Cannot parse Nonce from JWT!"); 151 | } 152 | } 153 | 154 | private ClientID getClientID(OidcType oidcType, SignedJWT jwt, OIDCProviderMetadata metadata) 155 | throws VerificationException { 156 | try { 157 | if (oidcType.getOidcVerificiationChecks().isVerifyAudience()) { 158 | return new ClientID(oidcType.getOidcVerificationParameters().getAudience()); 159 | } else { 160 | return new ClientID(jwt.getJWTClaimsSet().getAudience().get(0)); 161 | } 162 | } catch (NullPointerException ex) { 163 | throw new VerificationException("Audience in the config is empty"); 164 | } catch (ParseException ex) { 165 | throw new VerificationException("Cannot parse ClientID from JWT!"); 166 | } 167 | } 168 | 169 | private Issuer getIssuer(OidcType oidcType, SignedJWT jwt, OIDCProviderMetadata metadata) 170 | throws VerificationException { 171 | try { 172 | if (oidcType.getOidcVerificiationChecks().isVerifyIssuer()) { 173 | return metadata.getIssuer(); 174 | } else { 175 | return new Issuer(jwt.getJWTClaimsSet().getIssuer()); 176 | } 177 | } catch (NullPointerException ex) { 178 | throw new VerificationException("Issuer from Metadata needed but metadata is null!"); 179 | } catch (ParseException ex) { 180 | throw new VerificationException("Cannot parse Issuer from JWT!"); 181 | } 182 | } 183 | 184 | private OIDCProviderMetadata getMetadata(OidcType oidcType, SignedJWT jwt) { 185 | try { 186 | // IF a MetadataURL is specified, it will be resolved and stored 187 | if (oidcType.getOidcVerificationParameters().getOidcMetadataUrl() != null 188 | && !oidcType.getOidcVerificationParameters().getOidcMetadataUrl().isEmpty()) { 189 | return OIDCProviderMetadata.parse(new DefaultResourceRetriever().retrieveResource( 190 | new URL(oidcType.getOidcVerificationParameters().getOidcMetadataUrl())).getContent()); 191 | } // If a metadata is provided, use it 192 | else if (oidcType.getOidcVerificationParameters().getOidcMetadata() != null 193 | && !oidcType.getOidcVerificationParameters().getOidcMetadata().isEmpty()) { 194 | return OIDCProviderMetadata.parse(oidcType.getOidcVerificationParameters().getOidcMetadata()); 195 | } else { 196 | return OIDCProviderMetadata.parse(jwt.getJWTClaimsSet().getIssuer()); 197 | } 198 | } catch (IOException | com.nimbusds.oauth2.sdk.ParseException | ParseException | NullPointerException ex) { 199 | return null; 200 | } 201 | } 202 | 203 | private static JWKSet loadKeys(URI uri) throws JOSEException { 204 | String in = ""; 205 | try { 206 | in = callURI(uri.toURL()); 207 | JWKSet publicKeys = JWKSet.parse(in); 208 | 209 | return publicKeys; 210 | } catch (IOException | ParseException ex) { 211 | throw new JOSEException("Cannot load or convert JWKSet deployed on: " + uri.toASCIIString() 212 | + ". Cannot parse: " + in); 213 | } 214 | } 215 | 216 | private static String callURI(URL url) throws IOException { 217 | InputStream in = null; 218 | try { 219 | URLConnection con = url.openConnection(); 220 | String readStream = inputStream2String(con.getInputStream()); 221 | return readStream; 222 | } catch (IOException e) { 223 | throw new IOException("Cannot read from URL:" + url.toString() + ". Exception:" + e.getMessage()); 224 | } 225 | 226 | } 227 | 228 | private static String inputStream2String(InputStream in) { 229 | if (in == null) { 230 | return ""; 231 | } 232 | StringBuilder sb = new StringBuilder(); 233 | try (BufferedReader reader = new BufferedReader(new InputStreamReader(in));) { 234 | String nextLine = ""; 235 | while ((nextLine = reader.readLine()) != null) { 236 | sb.append(nextLine + "\n"); 237 | } 238 | } catch (IOException e) { 239 | e.printStackTrace(); 240 | } 241 | return sb.toString(); 242 | } 243 | 244 | private void mergeVerificationChechs(OidcType oidcType, VerificationProfileType profile) { 245 | if (oidcType.getOidcVerificiationChecks() == null) { 246 | oidcType.setOidcVerificiationChecks(profile.getOidcVerificationChecks()); 247 | } 248 | } 249 | 250 | private void mergeVerificationParameters(OidcType oidcType, VerificationProfileType profile) { 251 | /* 252 | * - getParameters from specified verification profile - merge these 253 | * with the specified parameters within the verification request - 254 | * return the new parameters 255 | */ 256 | 257 | OidcVerificationParametersType stored_parameters = profile.getOidcVerificationParameters(); 258 | OidcVerificationParametersType incomming_parameters = oidcType.getOidcVerificationParameters(); 259 | 260 | if (incomming_parameters == null) { 261 | oidcType.setOidcVerificationParameters(stored_parameters); 262 | } else if (stored_parameters == null) { 263 | return; 264 | } else { 265 | if (incomming_parameters.getAccessToken() == null) { 266 | incomming_parameters.setAccessToken(stored_parameters.getAccessToken()); 267 | } 268 | if (incomming_parameters.getAudience() == null) { 269 | incomming_parameters.setAudience(stored_parameters.getAudience()); 270 | } 271 | if (incomming_parameters.getClientSecret() == null) { 272 | incomming_parameters.setClientSecret(stored_parameters.getClientSecret()); 273 | } 274 | if (incomming_parameters.getCode() == null) { 275 | incomming_parameters.setCode(stored_parameters.getCode()); 276 | } 277 | if (incomming_parameters.getOidcMetadata() == null) { 278 | incomming_parameters.setOidcMetadata(stored_parameters.getOidcMetadata()); 279 | } 280 | if (incomming_parameters.getOidcMetadataUrl() == null) { 281 | incomming_parameters.setOidcMetadataUrl(stored_parameters.getOidcMetadataUrl()); 282 | } 283 | if (incomming_parameters.getSubClaims() == null) { 284 | incomming_parameters.setSubClaims(stored_parameters.getSubClaims()); 285 | } 286 | if (incomming_parameters.getTimeLimitation() == null) { 287 | incomming_parameters.setTimeLimitation(stored_parameters.getTimeLimitation()); 288 | } 289 | if (incomming_parameters.getCnf() == null) { 290 | incomming_parameters.setCnf(stored_parameters.getCnf()); 291 | } 292 | if (incomming_parameters.getX509Certificate() == null) { 293 | incomming_parameters.setX509Certificate(stored_parameters.getX509Certificate()); 294 | } 295 | } 296 | } 297 | 298 | private VerificationProfileType getVerificationProfile(OidcType oidcType) { 299 | for (EntityType entity : ConfigDatabase.getConfig().getRegisteredEntity()) { 300 | for (VerificationProfileType profile : entity.getVerificationProfile()) { 301 | if (profile.getID().equalsIgnoreCase(oidcType.getOidcVerificationProfile())) { 302 | return profile; 303 | } 304 | } 305 | } 306 | return null; 307 | } 308 | } 309 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/java/org/rub/nds/sso/provider/SamlEidProvider.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.sso.provider; 2 | 3 | import java.io.ByteArrayInputStream; 4 | import java.io.IOException; 5 | import java.io.StringReader; 6 | import java.io.UnsupportedEncodingException; 7 | import javax.xml.parsers.DocumentBuilder; 8 | import javax.xml.parsers.DocumentBuilderFactory; 9 | import javax.xml.parsers.ParserConfigurationException; 10 | import org.apache.commons.lang.StringEscapeUtils; 11 | import org.opensaml.common.SAMLObject; 12 | import org.opensaml.saml2.core.AuthnRequest; 13 | import org.opensaml.saml2.core.Response; 14 | import org.opensaml.saml2.metadata.provider.AbstractMetadataProvider; 15 | import org.opensaml.saml2.metadata.provider.DOMMetadataProvider; 16 | import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; 17 | import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; 18 | import org.opensaml.saml2.metadata.provider.MetadataProviderException; 19 | import org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider; 20 | import org.opensaml.xml.parse.BasicParserPool; 21 | import org.rub.nds.futuretrust.cvs.sso.api.EntityType; 22 | import org.rub.nds.futuretrust.validationservice.sso.library.ConfigDatabase; 23 | import org.rub.nds.futuretrust.validationservice.sso.library.SAMLVerificationAdapter; 24 | import org.rub.nds.saml.samllib.exceptions.SAMLVerifyException; 25 | import org.rub.nds.saml.samllib.utils.SAMLUtils; 26 | import org.rub.nds.saml.samllib.verifier.SAMLVerifierImpl; 27 | import org.rub.nds.sso.api.AuthenticatedUserType; 28 | import org.rub.nds.sso.api.SamlType; 29 | import org.rub.nds.sso.api.SamlVerificationParametersType; 30 | import org.rub.nds.sso.api.SsoType; 31 | import org.rub.nds.sso.api.VerificationLogType; 32 | import org.rub.nds.sso.api.VerificationProfileType; 33 | import org.rub.nds.sso.api.VerificationResponseType; 34 | import org.rub.nds.sso.exceptions.WrongInputException; 35 | import org.rub.nds.sso.provider.EidProvider; 36 | import org.rub.nds.sso.utils.DecoderUtils; 37 | import org.w3c.dom.Document; 38 | import org.xml.sax.InputSource; 39 | import org.xml.sax.SAXException; 40 | 41 | /** 42 | * 43 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 44 | */ 45 | public class SamlEidProvider extends EidProvider { 46 | 47 | private static final double VERSION = 1.0; 48 | 49 | private static final String INFO = "SAML eID provider v" + VERSION; 50 | 51 | private static final String NAME = "SAML eID"; 52 | 53 | private static final String TYPE = "SAML"; 54 | 55 | public SamlEidProvider() { 56 | super(NAME, INFO, VERSION, TYPE); 57 | } 58 | 59 | @Override 60 | public VerificationResponseType verify(SsoType samlType) { 61 | VerificationResponseType result = new VerificationResponseType(); 62 | try { 63 | // SamlType samlType = (SamlType) this.getSecurityObject(); 64 | VerificationProfileType verificationProfile = (VerificationProfileType) this.getVerificationProfile(); 65 | if (samlType != null) { 66 | Response samlResponse; 67 | AuthnRequest authRequest; 68 | 69 | samlResponse = (Response) decodeSAMLObject(((SamlType) samlType).getSamlResponse()); 70 | authRequest = (AuthnRequest) decodeSAMLObject(((SamlType) samlType).getSamlRequest()); 71 | 72 | if (samlResponse == null) { 73 | throw new SAMLVerifyException("Verification without Resonse is useless"); 74 | } 75 | 76 | verificationProfile = new VerificationProfileType(); 77 | for (EntityType entry : ConfigDatabase.getConfig().getRegisteredEntity()) { 78 | for (VerificationProfileType profileType : entry.getVerificationProfile()) { 79 | if (((SamlType) samlType).getSamlVerificationProfile().equalsIgnoreCase(profileType.getID())) { 80 | verificationProfile = profileType; 81 | } 82 | } 83 | } 84 | verificationProfile.setSamlTokenVerificationParameters(setVerificationParams(samlType)); 85 | 86 | verificationProfile.setSamlTokenVerificationChecks(SAMLVerificationAdapter.mergeSamlVerificationChecks( 87 | verificationProfile.getSamlTokenVerificationChecks(), 88 | ((SamlType) samlType).getSamlTokenVerificationChecks())); 89 | 90 | AbstractMetadataProvider provider = getMetadataProvider(verificationProfile); 91 | 92 | SAMLVerifierImpl verifier = new SAMLVerifierImpl(authRequest, provider); 93 | verifier.verify(samlResponse, verificationProfile); 94 | 95 | result.setResult(true); 96 | AuthenticatedUserType user = new AuthenticatedUserType(); 97 | user.setUserID(SAMLUtils.getAuthenticatedUser(samlResponse)); 98 | result.setAuthenticatedUser(user); 99 | 100 | result.setSamlTokenVerifiedChecks(((SamlType) samlType).getSamlTokenVerificationChecks()); 101 | } 102 | return result; 103 | } catch (Exception e) { 104 | VerificationLogType log = new VerificationLogType(); 105 | log.setVerificationLog(e.getMessage()); 106 | result.setResult(false); 107 | result.setVerificationLog(log); 108 | return result; 109 | } 110 | } 111 | 112 | private AbstractMetadataProvider getMetadataProvider(VerificationProfileType verificationProfile) 113 | throws ParserConfigurationException, MetadataProviderException, IOException, SAXException { 114 | AbstractMetadataProvider provider; 115 | if (verificationProfile.getSamlTokenVerificationParameters().getSamlMetadata() != null) { 116 | DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 117 | dbf.setNamespaceAware(true); 118 | DocumentBuilder db = dbf.newDocumentBuilder(); 119 | 120 | Document doc = db.parse(new InputSource(new StringReader(verificationProfile 121 | .getSamlTokenVerificationParameters().getSamlMetadata()))); 122 | provider = new DOMMetadataProvider(doc.getDocumentElement()); 123 | provider.setRequireValidMetadata(true); // Enable validation 124 | BasicParserPool ppMgr = new BasicParserPool(); 125 | ppMgr.setNamespaceAware(true); 126 | provider.setParserPool(ppMgr); 127 | provider.initialize(); 128 | } else if (verificationProfile.getSamlTokenVerificationParameters().getSamlMetadataUrl() != null) { 129 | provider = new HTTPMetadataProvider(verificationProfile.getSamlTokenVerificationParameters() 130 | .getSamlMetadataUrl(), 10000); 131 | provider.setRequireValidMetadata(true); // Enable validation 132 | provider.setParserPool(new BasicParserPool()); 133 | provider.initialize(); 134 | } else { 135 | provider = null; 136 | } 137 | return provider; 138 | } 139 | 140 | private SamlVerificationParametersType setVerificationParams(SsoType ssoType) { 141 | SamlType samlType = (SamlType) ssoType; 142 | String profile = samlType.getSamlVerificationProfile(); 143 | 144 | // Check if locally stored profile is referenced, if not - no merging 145 | // required 146 | if (profile == null || profile.isEmpty()) { 147 | return samlType.getSamlVerificationParameters(); 148 | } else { 149 | SamlVerificationParametersType incomming_request = samlType.getSamlVerificationParameters(); 150 | for (EntityType entry : ConfigDatabase.getConfig().getRegisteredEntity()) { 151 | for (VerificationProfileType profileType : entry.getVerificationProfile()) { 152 | if (profile.equalsIgnoreCase(profileType.getID())) { 153 | return mergeProfiles(incomming_request, profileType); 154 | } 155 | } 156 | } 157 | } 158 | return samlType.getSamlVerificationParameters(); 159 | } 160 | 161 | private SamlVerificationParametersType mergeProfiles(SamlVerificationParametersType incomming_request, 162 | VerificationProfileType profileType) { 163 | 164 | if (incomming_request == null) { 165 | return profileType.getSamlTokenVerificationParameters(); 166 | } 167 | 168 | if (incomming_request.getDestination() == null) { 169 | incomming_request.setDestination(profileType.getSamlTokenVerificationParameters().getDestination()); 170 | } 171 | 172 | if (incomming_request.getHokX509Certificate() == null) { 173 | incomming_request.setHokX509Certificate(profileType.getSamlTokenVerificationParameters() 174 | .getHokX509Certificate()); 175 | } 176 | 177 | if (incomming_request.getSamlMetadata() == null) { 178 | incomming_request.setSamlMetadata(profileType.getSamlTokenVerificationParameters().getSamlMetadata()); 179 | } 180 | 181 | if (incomming_request.getSamlMetadataUrl() == null) { 182 | incomming_request.setSamlMetadataUrl(profileType.getSamlTokenVerificationParameters().getSamlMetadataUrl()); 183 | } 184 | 185 | if (incomming_request.getTimeLimitation() == null) { 186 | incomming_request.setTimeLimitation(profileType.getSamlTokenVerificationParameters().getTimeLimitation()); 187 | } 188 | 189 | return incomming_request; 190 | } 191 | 192 | private SAMLObject decodeSAMLObject(String samlObj) throws WrongInputException, UnsupportedEncodingException { 193 | try { 194 | return SAMLUtils.buildObjectfromString(DecoderUtils.decodeBase64Mime(samlObj)); 195 | } catch (WrongInputException | NullPointerException ex) { 196 | throw new WrongInputException("Cannot parse SAML Response"); 197 | } 198 | } 199 | } 200 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/resources/schemas/futureTrust_cvs_API.xsd: -------------------------------------------------------------------------------- 1 | 2 | 8 | 10 | 12 | 14 | 16 | 18 | 19 | This document describes the Single Sign-On Interface 20 | of the Comprehensive Validation Service. 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 126 | 128 | 129 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 159 | 160 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 178 | 179 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 190 | 191 | 193 | 194 | 196 | 197 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 213 | 214 | 215 | 216 | 217 | 218 | 220 | 221 | 223 | 224 | 225 | 226 | 227 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/resources/schemas/specs/oasis-dss-core-schema-v1.0-os.xsd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | This Schema defines the Digital Signature Service Core Protocols, Elements, and Bindings Committee Specification version 1.0 release 1 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | 284 | 285 | 286 | 287 | 288 | 289 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | 351 | 352 | 353 | 354 | 355 | 356 | 357 | 358 | 359 | 360 | 361 | 362 | 363 | 364 | 365 | 366 | 367 | 368 | 369 | 370 | 371 | 372 | 373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | 381 | 382 | 383 | 384 | 385 | 386 | 387 | 388 | 389 | 390 | 391 | 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 402 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | 411 | 412 | 413 | 414 | 415 | 416 | 417 | 418 | 419 | 420 | 421 | 422 | 423 | 424 | 425 | 426 | 427 | 428 | 429 | 430 | 431 | 432 | 433 | 434 | 435 | 436 | 437 | 438 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/resources/schemas/specs/oasis-sstc-saml-schema-protocol-1.1.xsd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Document identifier: oasis-sstc-saml-schema-assertion-1.1 7 | Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security 8 | Revision history: 9 | V1.0 (November, 2002): 10 | Initial standard schema. 11 | V1.1 (September, 2003): 12 | * Note that V1.1 of this schema has the same XML namespace as V1.0. 13 | Rebased ID content directly on XML Schema types 14 | Added DoNotCacheCondition element and DoNotCacheConditionType 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/resources/schemas/specs/xml.xsd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 8 | 9 | 10 |
11 |

About the XML namespace

12 | 13 |
14 |

15 | This schema document describes the XML namespace, in a form 16 | suitable for import by other schema documents. 17 |

18 |

19 | See 20 | http://www.w3.org/XML/1998/namespace.html and 21 | 22 | http://www.w3.org/TR/REC-xml for information 23 | about this namespace. 24 |

25 |

26 | Note that local names in this namespace are intended to be 27 | defined only by the World Wide Web Consortium or its subgroups. 28 | The names currently defined in this namespace are listed below. 29 | They should not be used with conflicting semantics by any Working 30 | Group, specification, or document instance. 31 |

32 |

33 | See further below in this document for more information about how to refer to this schema document from your own 35 | XSD schema documents and about the 36 | namespace-versioning policy governing this schema document. 37 |

38 |
39 |
40 | 41 | 42 | 43 | 44 | 45 | 46 |
47 | 48 |

lang (as an attribute name)

49 |

50 | denotes an attribute whose value 51 | is a language code for the natural language of the content of 52 | any element; its value is inherited. This name is reserved 53 | by virtue of its definition in the XML specification.

54 | 55 |
56 |
57 |

Notes

58 |

59 | Attempting to install the relevant ISO 2- and 3-letter 60 | codes as the enumerated possible values is probably never 61 | going to be a realistic possibility. 62 |

63 |

64 | See BCP 47 at 65 | http://www.rfc-editor.org/rfc/bcp/bcp47.txt 66 | and the IANA language subtag registry at 67 | 68 | http://www.iana.org/assignments/language-subtag-registry 69 | for further information. 70 |

71 |

72 | The union allows for the 'un-declaration' of xml:lang with 73 | the empty string. 74 |

75 |
76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 |
93 | 94 |

space (as an attribute name)

95 |

96 | denotes an attribute whose 97 | value is a keyword indicating what whitespace processing 98 | discipline is intended for the content of the element; its 99 | value is inherited. This name is reserved by virtue of its 100 | definition in the XML specification.

101 | 102 |
103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 |
116 | 117 |

base (as an attribute name)

118 |

119 | denotes an attribute whose value 120 | provides a URI to be used as the base for interpreting any 121 | relative URIs in the scope of the element on which it 122 | appears; its value is inherited. This name is reserved 123 | by virtue of its definition in the XML Base specification.

124 | 125 |

126 | See http://www.w3.org/TR/xmlbase/ 128 | for information about this attribute. 129 |

130 |
131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 |
139 | 140 |

id (as an attribute name)

141 |

142 | denotes an attribute whose value 143 | should be interpreted as if declared to be of type ID. 144 | This name is reserved by virtue of its definition in the 145 | xml:id specification.

146 | 147 |

148 | See http://www.w3.org/TR/xml-id/ 150 | for information about this attribute. 151 |

152 |
153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 |
167 | 168 |

Father (in any context at all)

169 | 170 |
171 |

172 | denotes Jon Bosak, the chair of 173 | the original XML Working Group. This name is reserved by 174 | the following decision of the W3C XML Plenary and 175 | XML Coordination groups: 176 |

177 |
178 |

179 | In appreciation for his vision, leadership and 180 | dedication the W3C XML Plenary on this 10th day of 181 | February, 2000, reserves for Jon Bosak in perpetuity 182 | the XML name "xml:Father". 183 |

184 |
185 |
186 |
187 | 188 | 189 | 190 | 191 | 192 |
193 |

About this schema document

194 | 195 |
196 |

197 | This schema defines attributes and an attribute group suitable 198 | for use by schemas wishing to allow xml:base, 199 | xml:lang, xml:space or 200 | xml:id attributes on elements they define. 201 |

202 |

203 | To enable this, such a schema must import this schema for 204 | the XML namespace, e.g. as follows: 205 |

206 | 
207 |           <schema . . .>
208 |            . . .
209 |            <import namespace="http://www.w3.org/XML/1998/namespace"
210 |                       schemaLocation="http://www.w3.org/2001/xml.xsd"/>
211 |
212 |

213 | or 214 |

215 | 
216 |            <import namespace="http://www.w3.org/XML/1998/namespace"
217 |                       schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>
218 |
219 |

220 | Subsequently, qualified reference to any of the attributes or the 221 | group defined below will have the desired effect, e.g. 222 |

223 | 
224 |           <type . . .>
225 |            . . .
226 |            <attributeGroup ref="xml:specialAttrs"/>
227 |
228 |

229 | will define a type which will schema-validate an instance element 230 | with any of those attributes. 231 |

232 |
233 |
234 | 235 | 236 | 237 | 238 | 239 |
240 |

Versioning policy for this schema document

241 |
242 |

243 | In keeping with the XML Schema WG's standard versioning 244 | policy, this schema document will persist at 245 | 246 | http://www.w3.org/2009/01/xml.xsd. 247 |

248 |

249 | At the date of issue it can also be found at 250 | 251 | http://www.w3.org/2001/xml.xsd. 252 |

253 |

254 | The schema document at that URI may however change in the future, 255 | in order to remain compatible with the latest version of XML 256 | Schema itself, or with the XML namespace itself. In other words, 257 | if the XML Schema or XML namespaces change, the version of this 258 | document at 259 | http://www.w3.org/2001/xml.xsd 260 | 261 | will change accordingly; the version at 262 | 263 | http://www.w3.org/2009/01/xml.xsd 264 | 265 | will not change. 266 |

267 |

268 | Previous dated (and unchanging) versions of this schema 269 | document are at: 270 |

271 | 281 |
282 |
283 | 284 | 285 | 286 | 287 | 288 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/resources/schemas/specs/xmldsig-core-schema.xsd: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | 10 | ]> 11 | 12 | 27 | 28 | 29 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 216 | 217 | 218 | 219 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | 284 | 285 | 286 | 287 | 288 | 289 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/main/resources/schemas/ssolib_API.xsd: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | This document describes the Single Sign-On Interface 7 | of the Single Sign-On library. 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 18 | 20 | 21 | 23 | 24 | 26 | 27 | 29 | 30 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 42 | 44 | 45 | 46 | Multiple or one XML Schema each as a String 47 | 48 | 49 | 50 | 52 | 53 | 54 | Multiple or one URL pointing to XML Schema each as a String 55 | 56 | 57 | 58 | 60 | 61 | 62 | Specified Audience for the received tokens, e.g. 63 | Salesforce 64 | 65 | 66 | 67 | 69 | 70 | 71 | The exact URL of the endpoint, where the Token 72 | was sent by the IdP. 73 | 74 | 75 | 76 | 78 | 79 | 80 | Defines a maximum validity period of an 81 | authentication token. This is independent of the 82 | NotOnOrAfter 83 | value. 84 | 85 | 86 | 87 | 89 | 90 | 91 | Holder-of-key Certificate used during the 92 | verification. 93 | 94 | 95 | 96 | 98 | 99 | 100 | Metadata storing key material and URLs. The 101 | metadata file is sent as string. 102 | 103 | 104 | 105 | 107 | 108 | 109 | 110 | 111 | 112 | 114 | 115 | 116 | Enables the XML Schema verification 117 | 118 | 119 | 120 | 122 | 123 | 125 | 126 | 128 | 129 | 131 | 132 | 134 | 135 | 137 | 138 | 140 | 141 | 143 | 144 | 146 | 147 | 149 | 150 | 152 | 153 | 155 | 156 | 158 | 159 | 161 | 162 | 164 | 166 | 167 | 169 | 170 | 172 | 173 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 185 | 186 | 188 | 189 | 191 | 192 | 194 | 195 | 197 | 198 | 200 | 201 | 202 | 203 | 204 | 205 | 207 | 208 | 210 | 211 | 212 | 213 | 214 | 215 | 217 | 218 | 219 | 220 | 221 | 222 | 224 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 243 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 253 | 255 | 256 | 258 | 259 | 261 | 262 | 264 | 265 | 267 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 281 | 282 | 284 | 285 | 287 | 288 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 300 | 301 | 303 | 304 | 306 | 307 | 309 | 310 | 312 | 313 | 315 | 316 | 318 | 319 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 332 | 333 | 335 | 336 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | 351 | 352 | 353 | 354 | 355 | 356 | 357 | 358 | 359 | 360 | 361 | 362 | 363 | 364 | 365 | 366 | 367 | 368 | 369 | 370 | 371 | 372 | 373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | 381 | 382 | 383 | 384 | 385 | 386 | 387 | 388 | 389 | 390 | 391 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 401 | 402 | 404 | 405 | 407 | 408 | 409 | 410 | 411 | 412 | 414 | 416 | 417 | 419 | 420 | 422 | 423 | 425 | 426 | 428 | 429 | 431 | 432 | 433 | 434 | 435 | 436 | 437 | 439 | 441 | 443 | 445 | 446 | 447 | 448 | 449 | 450 | 452 | 453 | 454 | 455 | 456 | 457 | 459 | 460 | 462 | 463 | 465 | 466 | 468 | 469 | 470 | 471 | 472 | 473 | 475 | 476 | 478 | 479 | 481 | 482 | 484 | 485 | 487 | 488 | 490 | 491 | 493 | 494 | 496 | 497 | 499 | 500 | 501 | 502 | 503 | 504 | 506 | 508 | 509 | 511 | 512 | 514 | 515 | 517 | 518 | 520 | 521 | 522 | 523 | 524 | 525 | 526 | 527 | 528 | 529 | 530 | 531 | 533 | 534 | 536 | 537 | 539 | 540 | 542 | 543 | 545 | 546 | 549 | 550 | 552 | 553 | 554 | 555 | 556 | 557 | 558 | 559 | 561 | 562 | 563 | 564 | 565 | 566 | 568 | 569 | 570 | 571 | 572 | 573 | 575 | 576 | 577 | 578 | 579 | 580 | 581 | 582 | 583 | 584 | 585 | 586 | 587 | 589 | 590 | 591 | 594 | 595 | 598 | 599 | 601 | 602 | 603 | 605 | 606 | 607 | 608 | 609 | 610 | 611 | 612 | 613 | 614 | 615 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/test/java/org/rub/nds/futuretrust/validationservice/sso/library/ConfigurationManagerTest.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.futuretrust.validationservice.sso.library; 2 | 3 | import java.io.File; 4 | import java.util.UUID; 5 | import javax.xml.bind.JAXBContext; 6 | import javax.xml.bind.JAXBElement; 7 | import javax.xml.bind.JAXBException; 8 | import javax.xml.bind.Marshaller; 9 | import javax.xml.bind.PropertyException; 10 | import javax.xml.namespace.QName; 11 | import org.junit.After; 12 | import org.junit.AfterClass; 13 | import org.junit.Before; 14 | import org.junit.BeforeClass; 15 | import org.junit.Test; 16 | import org.rub.nds.futuretrust.cvs.sso.api.AuthenticationType; 17 | import org.rub.nds.futuretrust.cvs.sso.api.DatabaseType; 18 | import org.rub.nds.futuretrust.cvs.sso.api.EntityType; 19 | import org.rub.nds.sso.api.OidcVerificationChecksType; 20 | import org.rub.nds.sso.api.OidcVerificationParametersType; 21 | import org.rub.nds.sso.api.SamlTokenVerificationChecksType; 22 | import org.rub.nds.sso.api.SamlVerificationParametersType; 23 | import org.rub.nds.sso.api.VerificationProfileType; 24 | 25 | /** 26 | * 27 | * @author vladi 28 | */ 29 | public class ConfigurationManagerTest { 30 | 31 | public ConfigurationManagerTest() { 32 | } 33 | 34 | @BeforeClass 35 | public static void setUpClass() { 36 | } 37 | 38 | @AfterClass 39 | public static void tearDownClass() { 40 | } 41 | 42 | @Before 43 | public void setUp() { 44 | } 45 | 46 | @After 47 | public void tearDown() { 48 | } 49 | 50 | @Test 51 | public void testSomeMethod() throws PropertyException, JAXBException { 52 | DatabaseType db = new DatabaseType(); 53 | EntityType entity = new EntityType(); 54 | entity.getVerificationProfile().add(generateSAMLProfile()); 55 | entity.getAuthentication().add(generateIDSecret()); 56 | db.getRegisteredEntity().add(entity); 57 | 58 | entity = new EntityType(); 59 | entity.getVerificationProfile().add(generateOIDCProfile()); 60 | entity.getAuthentication().add(generateIDSecret()); 61 | db.getRegisteredEntity().add(entity); 62 | 63 | storeDB(db); 64 | } 65 | 66 | private VerificationProfileType generateOIDCProfile() { 67 | VerificationProfileType profile2 = new VerificationProfileType(); 68 | profile2.setID("oidc"); 69 | OidcVerificationChecksType oidcChecks = generateOidcChecks(); 70 | OidcVerificationParametersType oidcParams = gnerateOidcParams(); 71 | profile2.setOidcVerificationParameters(oidcParams); 72 | profile2.setOidcVerificationChecks(oidcChecks); 73 | return profile2; 74 | } 75 | 76 | private OidcVerificationParametersType gnerateOidcParams() { 77 | OidcVerificationParametersType oidcParams = new OidcVerificationParametersType(); 78 | oidcParams.setAudience("http://test2.com"); 79 | oidcParams.setClientSecret("test123456"); 80 | oidcParams 81 | .setOidcMetadata("{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"rsa-test\",\"alg\":\"RS256\",\"n\":\"mTkVHAyJoWD0SN9HYji3z44oQwnhHzHnKd-rrUtm0uJJALrs0Hxp0UehU40vanKKB-Zu54RUcnbZ4wJxyS8AAPACV4BIETO0crCKDfyXXH4r4VSrqfGxxmEohBnFCM2RQE6OU3vdGzr46fCUmmhH9b-GloQpMjPJPPKWinNkWchpDwbvJFFAjardXdi_WLiCGcX6zgXBD8U76gEj-NDEObNy8Q5ilWTO_kH-NVuexpVFqU5ibh3geBe32jZ4kNClKpQZIrqv3nnWQQ3-NpPb_hGzPU2ZkxiKgVPNH8V7gVVMlufGAR7vXOqCpI0oWXVOseUH3D0p4thVMHv_vQtUiQ\"}]}"); 82 | return oidcParams; 83 | } 84 | 85 | private OidcVerificationChecksType generateOidcChecks() { 86 | OidcVerificationChecksType oidcChecks = new OidcVerificationChecksType(); 87 | oidcChecks.setVerifyAudience(true); 88 | oidcChecks.setVerifyExpired(true); 89 | oidcChecks.setVerifyIssuedAt(true); 90 | oidcChecks.setVerifyNonce(true); 91 | oidcChecks.setVerifyIssuer(true); 92 | return oidcChecks; 93 | } 94 | 95 | private VerificationProfileType generateSAMLProfile() { 96 | VerificationProfileType profile1 = new VerificationProfileType(); 97 | profile1.setID("saml"); 98 | SamlTokenVerificationChecksType samlChecks = samlChecks(); 99 | SamlVerificationParametersType verifyParams = samlParams(); 100 | profile1.setSamlTokenVerificationChecks(samlChecks); 101 | profile1.setSamlTokenVerificationParameters(verifyParams); 102 | return profile1; 103 | } 104 | 105 | private void storeDB(DatabaseType db) throws PropertyException, JAXBException { 106 | File file = new File( 107 | "/home/vladi/NetBeansProjects/FutureTrust/SSOValidationService/Library/src/test/resources/configDB.xml"); 108 | JAXBContext jaxbContext = JAXBContext.newInstance(DatabaseType.class); 109 | Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); 110 | jaxbMarshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); 111 | QName qName = new QName("org.rub.nds.futuretrust.cvs.sso.api", "DataBaseType"); 112 | JAXBElement root = new JAXBElement<>(qName, DatabaseType.class, db); 113 | jaxbMarshaller.marshal(root, file); 114 | } 115 | 116 | private SamlTokenVerificationChecksType samlChecks() { 117 | SamlTokenVerificationChecksType samlChecks = new SamlTokenVerificationChecksType(); 118 | samlChecks.setVerifySAMLAssertionSignatureTrusted(true); 119 | samlChecks.setVerifySAMLAssertionID(true); 120 | samlChecks.setVerifySAMLAssertionInResponseTo(true); 121 | samlChecks.setVerifyXSW(true); 122 | samlChecks.setVerifySchema(true); 123 | samlChecks.setVerifySAMLAssertionSbjConfirmationDestination(true); 124 | samlChecks.setVerifySAMLAssertionSbjConfirmationTimestamps(true); 125 | samlChecks.setVerifySAMLAssertionSbjInResponseTo(true); 126 | samlChecks.setVerifySAMLAssertionConditionsAudience(true); 127 | return samlChecks; 128 | } 129 | 130 | private SamlVerificationParametersType samlParams() { 131 | SamlVerificationParametersType verifyParams = new SamlVerificationParametersType(); 132 | verifyParams.setDestination("https://test.com"); 133 | verifyParams 134 | .setSamlMetadata("\n" 135 | + "\n" 136 | + " \n" 137 | + " \n" 138 | + " \n" 139 | + " \n" 140 | + " \n" 141 | + " MIIDiTCCAnGgAwIBAgIELzcgDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjETMBEGA1UECxMKc2tpZGVudGl0eTEbMBkGA1UEAxMSd3d3LnNraWRlbnRpdHkuY29tMB4XDTEzMDYxMDE1MTcyMloXDTE2MDYwOTE1MTcyMlowdTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEzARBgNVBAsTCnNraWRlbnRpdHkxGzAZBgNVBAMTEnd3dy5za2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpvJa68Ib9nERP9+jL17w3bwyGXJ4ZoW10zJPtUA9N2QLTD8yI2kG3P4fv69Koid93ouFg/bTbfOTs7BBtdQWJ1xCtE80aHGAWto3Eo/9iryI0yZwhwkNEWr4dK3PTpb7JfyNLBWNCZFgtxQDEAX6PWKu4qsf7PLVp4tfl5JhKvoJCKqDDB3qQkhIGIV9YvDd/zidlCWghdr5D1F1XZqDpkDBEDf+MctC4M4Q6PSNsbU+4z42LDHWJ4d9OKRe86t8mzl/qrBvyKA1LLaZWFvw3J1NX/WHivI3Wn2/aGGsTr0IToiYW7SWKbp/f0kcPVUoVxMOfFuxZXmj2A0dHInZcCAwEAAaMhMB8wHQYDVR0OBBYEFKJzJ2C1jiSyrvSX1wp4qFsNqfUnMA0GCSqGSIb3DQEBCwUAA4IBAQAj47UXFntw/V4WRZSUoeIHLBfD2r2MyDYX1C3ocigh6gihTlzz/cTFn3FXjokpYIXDUUVo9Mjl+2X9Iwnn4uVhhF49OD0fd11YU4sN/Cn7UoG6J10OYqiei3KCu6jYSxGtv0vzpH+2u5iUKH3AzQFUlAAvmNS7uL5wRv7iPBgtHdYpxzRneBG8GmaGNzk8DuU6sjHcPxf+RtYsR55LV2pOMm5xInqFL8GDWk03XUmSsnlU3B5Ja0grWyokilw99bn6s1p5QpWkrngs3P819abeTOfxJG7Ttvl8bGHG0BN+1eZkK5VMn+xNQ8bIomtttwyel0GjMqOFczdwRpUyjqDC\n" 142 | + " \n" 143 | + " \n" 144 | + " \n" 145 | + " \n" 146 | + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient\n" 147 | + " \n" + " \n" 148 | + " "); 149 | 150 | return verifyParams; 151 | } 152 | 153 | private AuthenticationType generateIDSecret() { 154 | AuthenticationType authType = new AuthenticationType(); 155 | authType.setClientId(UUID.randomUUID().toString()); 156 | authType.setClientSecret(UUID.randomUUID().toString()); 157 | return authType; 158 | } 159 | 160 | } 161 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/test/resources/configDB.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 01a01373-2dd4-4a6c-83c0-ff3f0bb607ea 6 | c789aa0a-16fa-43fa-95cd-b8d4639bae82 7 | 8 | 9 | saml 10 | 11 | true 12 | true 13 | true 14 | true 15 | true 16 | true 17 | true 18 | true 19 | true 20 | 21 | 22 | https://test.com 23 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 24 | <md:EntitiesDescriptor Name="Group1" validUntil="2030-06-09T09:00:00" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 25 | <md:EntityDescriptor entityID="eLearning SAML SSO IdP"> 26 | <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> 27 | <md:KeyDescriptor use="signing"> 28 | <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 29 | <ds:X509Data> 30 | <ds:X509Certificate>MIIDiTCCAnGgAwIBAgIELzcgDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjETMBEGA1UECxMKc2tpZGVudGl0eTEbMBkGA1UEAxMSd3d3LnNraWRlbnRpdHkuY29tMB4XDTEzMDYxMDE1MTcyMloXDTE2MDYwOTE1MTcyMlowdTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEzARBgNVBAsTCnNraWRlbnRpdHkxGzAZBgNVBAMTEnd3dy5za2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpvJa68Ib9nERP9+jL17w3bwyGXJ4ZoW10zJPtUA9N2QLTD8yI2kG3P4fv69Koid93ouFg/bTbfOTs7BBtdQWJ1xCtE80aHGAWto3Eo/9iryI0yZwhwkNEWr4dK3PTpb7JfyNLBWNCZFgtxQDEAX6PWKu4qsf7PLVp4tfl5JhKvoJCKqDDB3qQkhIGIV9YvDd/zidlCWghdr5D1F1XZqDpkDBEDf+MctC4M4Q6PSNsbU+4z42LDHWJ4d9OKRe86t8mzl/qrBvyKA1LLaZWFvw3J1NX/WHivI3Wn2/aGGsTr0IToiYW7SWKbp/f0kcPVUoVxMOfFuxZXmj2A0dHInZcCAwEAAaMhMB8wHQYDVR0OBBYEFKJzJ2C1jiSyrvSX1wp4qFsNqfUnMA0GCSqGSIb3DQEBCwUAA4IBAQAj47UXFntw/V4WRZSUoeIHLBfD2r2MyDYX1C3ocigh6gihTlzz/cTFn3FXjokpYIXDUUVo9Mjl+2X9Iwnn4uVhhF49OD0fd11YU4sN/Cn7UoG6J10OYqiei3KCu6jYSxGtv0vzpH+2u5iUKH3AzQFUlAAvmNS7uL5wRv7iPBgtHdYpxzRneBG8GmaGNzk8DuU6sjHcPxf+RtYsR55LV2pOMm5xInqFL8GDWk03XUmSsnlU3B5Ja0grWyokilw99bn6s1p5QpWkrngs3P819abeTOfxJG7Ttvl8bGHG0BN+1eZkK5VMn+xNQ8bIomtttwyel0GjMqOFczdwRpUyjqDC</ds:X509Certificate> 31 | </ds:X509Data> 32 | </ds:KeyInfo> 33 | </md:KeyDescriptor> 34 | <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://carbon.cloud.nds.rub.de:8080/idp/saml"/> 35 | <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> 36 | </md:IDPSSODescriptor> 37 | </md:EntityDescriptor> 38 | </md:EntitiesDescriptor> 39 | 40 | 41 | 42 | 43 | 44 | 453f6612-f449-4656-bc5c-e07d77722953 45 | 0f4d24fb-43e0-487a-974e-d98e8c1f929a 46 | 47 | 48 | oidc 49 | 50 | true 51 | true 52 | true 53 | true 54 | true 55 | false 56 | false 57 | false 58 | 59 | 60 | http://test2.com 61 | {"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"rsa-test","alg":"RS256","n":"mTkVHAyJoWD0SN9HYji3z44oQwnhHzHnKd-rrUtm0uJJALrs0Hxp0UehU40vanKKB-Zu54RUcnbZ4wJxyS8AAPACV4BIETO0crCKDfyXXH4r4VSrqfGxxmEohBnFCM2RQE6OU3vdGzr46fCUmmhH9b-GloQpMjPJPPKWinNkWchpDwbvJFFAjardXdi_WLiCGcX6zgXBD8U76gEj-NDEObNy8Q5ilWTO_kH-NVuexpVFqU5ibh3geBe32jZ4kNClKpQZIrqv3nnWQQ3-NpPb_hGzPU2ZkxiKgVPNH8V7gVVMlufGAR7vXOqCpI0oWXVOseUH3D0p4thVMHv_vQtUiQ"}]} 62 | test123456 63 | 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /SSOValidationService/Library/src/test/resources/idpmetadata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | MIIDiTCCAnGgAwIBAgIELzcgDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjETMBEGA1UECxMKc2tpZGVudGl0eTEbMBkGA1UEAxMSd3d3LnNraWRlbnRpdHkuY29tMB4XDTEzMDYxMDE1MTcyMloXDTE2MDYwOTE1MTcyMlowdTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEzARBgNVBAsTCnNraWRlbnRpdHkxGzAZBgNVBAMTEnd3dy5za2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpvJa68Ib9nERP9+jL17w3bwyGXJ4ZoW10zJPtUA9N2QLTD8yI2kG3P4fv69Koid93ouFg/bTbfOTs7BBtdQWJ1xCtE80aHGAWto3Eo/9iryI0yZwhwkNEWr4dK3PTpb7JfyNLBWNCZFgtxQDEAX6PWKu4qsf7PLVp4tfl5JhKvoJCKqDDB3qQkhIGIV9YvDd/zidlCWghdr5D1F1XZqDpkDBEDf+MctC4M4Q6PSNsbU+4z42LDHWJ4d9OKRe86t8mzl/qrBvyKA1LLaZWFvw3J1NX/WHivI3Wn2/aGGsTr0IToiYW7SWKbp/f0kcPVUoVxMOfFuxZXmj2A0dHInZcCAwEAAaMhMB8wHQYDVR0OBBYEFKJzJ2C1jiSyrvSX1wp4qFsNqfUnMA0GCSqGSIb3DQEBCwUAA4IBAQAj47UXFntw/V4WRZSUoeIHLBfD2r2MyDYX1C3ocigh6gihTlzz/cTFn3FXjokpYIXDUUVo9Mjl+2X9Iwnn4uVhhF49OD0fd11YU4sN/Cn7UoG6J10OYqiei3KCu6jYSxGtv0vzpH+2u5iUKH3AzQFUlAAvmNS7uL5wRv7iPBgtHdYpxzRneBG8GmaGNzk8DuU6sjHcPxf+RtYsR55LV2pOMm5xInqFL8GDWk03XUmSsnlU3B5Ja0grWyokilw99bn6s1p5QpWkrngs3P819abeTOfxJG7Ttvl8bGHG0BN+1eZkK5VMn+xNQ8bIomtttwyel0GjMqOFczdwRpUyjqDC 9 | 10 | 11 | 12 | 13 | urn:oasis:names:tc:SAML:2.0:nameid-format:transient 14 | 15 | 16 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/lib/unknown/binary/javax.ws.rs-api-2.0/SNAPSHOT/javax.ws.rs-api-2.0-SNAPSHOT.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/SSOValidationService/WebService/lib/unknown/binary/javax.ws.rs-api-2.0/SNAPSHOT/javax.ws.rs-api-2.0-SNAPSHOT.jar -------------------------------------------------------------------------------- /SSOValidationService/WebService/nb-configuration.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 9 | 10 | 16 | ide 17 | WildFly 18 | 1.7-web 19 | /less:/css 20 | false 21 | false 22 | 23 | 24 | /scss:/css 25 | true 26 | js/libs 27 | 28 | 29 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | org.rub.nds.futuretrust.validationservice.sso 6 | SSOValidationService 7 | 1.0-SNAPSHOT 8 | 9 | 10 | org.rub.nds.futuretrust 11 | WebService 12 | 1.0-SNAPSHOT 13 | war 14 | FutureTrust REST Webservice 15 | 16 | 17 | 21 | ${project.build.directory}/endorsed 22 | 1.7 23 | 1.7 25 | 3.2 26 | 2.6 27 | 2.25 28 | 3.0.1 29 | 30 | 31 | 32 | 33 | javax.servlet 34 | javax.servlet-api 35 | 4.0.0 36 | provided 37 | 38 | 39 | org.glassfish.jersey.containers 40 | jersey-container-servlet 41 | 2.26 42 | 43 | 44 | org.glassfish.jersey.media 45 | jersey-media-moxy 46 | 2.26 47 | 48 | 49 | 50 | org.glassfish.jersey.media 51 | jersey-media-json-processing 52 | 2.26 53 | 54 | 55 | org.glassfish.jersey.media 56 | jersey-media-multipart 57 | 2.26 58 | 59 | 60 | org.glassfish.jersey.media 61 | jersey-media-sse 62 | 2.26 63 | 64 | 65 | org.rub.nds.futuretrust.validationservice.sso 66 | Library 67 | 1.0-SNAPSHOT 68 | 69 | 70 | org.eclipse.persistence 71 | org.eclipse.persistence.moxy 72 | 2.6.0 73 | jar 74 | 75 | 76 | com.fasterxml.jackson.core 77 | jackson-databind 78 | 2.9.10.8 79 | jar 80 | 81 | 82 | org.glassfish.jersey.media 83 | jersey-media-json-jackson 84 | 2.25 85 | jar 86 | 87 | 88 | 89 | 90 | 91 | 92 | org.apache.maven.plugins 93 | maven-compiler-plugin 94 | 3.8.0 95 | 96 | 1.7 97 | 1.7 98 | 99 | ${endorsed.dir} 100 | 101 | 102 | 103 | 104 | org.apache.maven.plugins 105 | maven-war-plugin 106 | 3.2.2 107 | 108 | false 109 | sso-vals 110 | 111 | 112 | 113 | 114 | 115 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/java/org/rub/nds/sso/rest/application/config/ApplicationConfig.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.sso.rest.application.config; 2 | 3 | import java.util.Set; 4 | import javax.ws.rs.core.Application; 5 | 6 | /** 7 | * 8 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 9 | */ 10 | @javax.ws.rs.ApplicationPath("webresources") 11 | public class ApplicationConfig extends Application { 12 | 13 | @Override 14 | public Set> getClasses() { 15 | Set> resources = new java.util.HashSet<>(); 16 | 17 | addRestResourceClasses(resources); 18 | return resources; 19 | } 20 | 21 | /** 22 | * Do not modify addRestResourceClasses() method. It is automatically 23 | * populated with all resources defined in the project. If required, comment 24 | * out calling this method in getClasses(). 25 | */ 26 | private void addRestResourceClasses(Set> resources) { 27 | resources.add(org.rub.nds.sso.webservice.JAXBContextResolver.class); 28 | // resources.add(org.rub.nds.sso.webservice.JAXBContextResolver.class); 29 | resources.add(org.rub.nds.sso.webservice.JacksonConfigurator.class); 30 | // resources.add(org.rub.nds.sso.webservice.JacksonConfigurator.class); 31 | resources.add(org.rub.nds.sso.webservice.ValidationService.class); 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/java/org/rub/nds/sso/rest/application/config/ConfigurationManager.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2017 vmladenov. 3 | * 4 | * This library is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 17 | * MA 02110-1301 USA 18 | */ 19 | package org.rub.nds.sso.rest.application.config; 20 | 21 | import java.io.File; 22 | import java.util.logging.Level; 23 | import java.util.logging.Logger; 24 | import javax.servlet.ServletContext; 25 | import javax.servlet.ServletContextEvent; 26 | import javax.servlet.ServletContextListener; 27 | import javax.xml.bind.JAXBContext; 28 | import javax.xml.bind.JAXBElement; 29 | import javax.xml.bind.JAXBException; 30 | import javax.xml.bind.Unmarshaller; 31 | import javax.xml.transform.Source; 32 | import javax.xml.transform.stream.StreamSource; 33 | import org.opensaml.DefaultBootstrap; 34 | import org.rub.nds.futuretrust.cvs.sso.api.DatabaseType; 35 | import org.rub.nds.futuretrust.validationservice.sso.library.ConfigDatabase; 36 | import org.rub.nds.saml.samllib.verifier.SAMLIDCache; 37 | import org.rub.nds.sso.exceptions.ConfigurationException; 38 | 39 | /** 40 | * 41 | * @author vmladenov 42 | */ 43 | public class ConfigurationManager implements ServletContextListener { 44 | 45 | private static final String configFile = "configDB.xml"; 46 | private static String classPath; 47 | private static ConfigurationManager cfgManager; 48 | 49 | @Override 50 | public void contextInitialized(ServletContextEvent sce) { 51 | try { 52 | cfgManager = this; 53 | ServletContext ctx = sce.getServletContext(); 54 | classPath = ctx.getRealPath("/WEB-INF/classes") + "/"; 55 | intialize(); 56 | } catch (ConfigurationException ex) { 57 | Logger.getLogger(ConfigurationManager.class.getName()).log(Level.SEVERE, null, ex); 58 | } 59 | } 60 | 61 | @Override 62 | public void contextDestroyed(ServletContextEvent sce) { 63 | cfgManager = null; 64 | } 65 | 66 | public static ConfigurationManager getInstance() { 67 | return cfgManager; 68 | } 69 | 70 | private void intialize() throws ConfigurationException { 71 | try { 72 | DefaultBootstrap.bootstrap(); 73 | initDB(classPath + configFile); 74 | SAMLIDCache.initialize(); 75 | SAMLIDCache.setCacheDuration(30); 76 | } catch (org.opensaml.xml.ConfigurationException | JAXBException ex) { 77 | throw new ConfigurationException("Cannot initialize Application. Configuration is error prone!"); 78 | } 79 | } 80 | 81 | private void initDB(String filepath) throws JAXBException { 82 | 83 | File file = new File(filepath); 84 | JAXBContext jaxbContext = JAXBContext.newInstance(DatabaseType.class); 85 | Source source = new StreamSource(file); 86 | 87 | Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); 88 | JAXBElement el = jaxbUnmarshaller.unmarshal(source, DatabaseType.class); 89 | ConfigDatabase.setConfig(el.getValue()); 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/java/org/rub/nds/sso/webservice/JAXBContextResolver.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2017 vmladenov. 3 | * 4 | * This library is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 17 | * MA 02110-1301 USA 18 | */ 19 | package org.rub.nds.sso.webservice; 20 | 21 | /** 22 | * 23 | * @author vmladenov 24 | */ 25 | import java.util.HashMap; 26 | import java.util.Map; 27 | import javax.ws.rs.ext.ContextResolver; 28 | import javax.ws.rs.ext.Provider; 29 | import javax.xml.bind.JAXBContext; 30 | import org.eclipse.persistence.jaxb.JAXBContextFactory; 31 | import org.eclipse.persistence.jaxb.MarshallerProperties; 32 | import org.rub.nds.futuretrust.cvs.sso.api.RequestBaseType; 33 | import org.rub.nds.sso.api.VerificationResponseType; 34 | 35 | @Provider 36 | public class JAXBContextResolver implements ContextResolver { 37 | 38 | private JAXBContext context; 39 | 40 | public JAXBContextResolver() throws Exception { 41 | // final Map namespacePrefixMapper = new HashMap(); 43 | // namespacePrefixMapper.put("http://www.w3.org/2001/XMLSchema-instance", 44 | // "xsi"); 45 | // namespacePrefixMapper.put("http://www.api.sso.cvs.futuretrust.nds.rub.org", 46 | // "ft"); 47 | // namespacePrefixMapper.put("http://www.api.sso.nds.rub.org", "sso"); 48 | // namespacePrefixMapper.put("urn:oasis:names:tc:dss:1.0:core:schema", 49 | // "dss"); 50 | // 51 | // Map jaxbProperties = new HashMap(); 52 | // jaxbProperties.put(JAXBContextProperties.MEDIA_TYPE, 53 | // "application/json"); 54 | // jaxbProperties.put(JAXBContextProperties.JSON_INCLUDE_ROOT, false); 55 | // jaxbProperties.put(JAXBContextProperties.JSON_NAMESPACE_SEPARATOR, 56 | // ':'); 57 | // jaxbProperties.put(JAXBContextProperties.NAMESPACE_PREFIX_MAPPER, 58 | // namespacePrefixMapper); 59 | System.setProperty(JAXBContext.class.getName(), "org.eclipse.persistence.jaxb.JAXBContextFactory"); 60 | Map props = new HashMap(); 61 | props.put("eclipselink.media-type", "application/json"); 62 | props.put("eclipselink.json.include-root", false); 63 | props.put(MarshallerProperties.JSON_VALUE_WRAPPER, "arguments"); 64 | this.context = JAXBContextFactory.createContext(new Class[] { RequestBaseType.class, 65 | VerificationResponseType.class }, props 66 | 67 | ); 68 | 69 | } 70 | 71 | public JAXBContext getContext(Class aClass) { 72 | return context; 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/java/org/rub/nds/sso/webservice/JacksonConfigurator.java: -------------------------------------------------------------------------------- 1 | package org.rub.nds.sso.webservice; 2 | 3 | import com.fasterxml.jackson.core.JsonFactory; 4 | import javax.ws.rs.ext.ContextResolver; 5 | import javax.ws.rs.ext.Provider; 6 | 7 | import com.fasterxml.jackson.databind.DeserializationFeature; 8 | import com.fasterxml.jackson.databind.ObjectMapper; 9 | 10 | /** 11 | * Provides custom configuration for jackson. 12 | */ 13 | @Provider 14 | public class JacksonConfigurator implements ContextResolver { 15 | 16 | private final ObjectMapper mapper; 17 | 18 | public JacksonConfigurator() { 19 | mapper = new ObjectMapper(); 20 | mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); 21 | 22 | } 23 | 24 | @Override 25 | public ObjectMapper getContext(Class type) { 26 | return mapper; 27 | } 28 | 29 | } -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/java/org/rub/nds/sso/webservice/ValidationService.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Juraj Somorovsky - juraj.somorovsky@rub.de. 3 | * 4 | * This library is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 17 | * MA 02110-1301 USA 18 | */ 19 | package org.rub.nds.sso.webservice; 20 | 21 | import javax.ws.rs.core.Context; 22 | import javax.ws.rs.core.UriInfo; 23 | import javax.ws.rs.Consumes; 24 | import javax.ws.rs.Produces; 25 | import javax.ws.rs.GET; 26 | import javax.ws.rs.POST; 27 | import javax.ws.rs.Path; 28 | import javax.ws.rs.core.MediaType; 29 | import javax.xml.bind.JAXBException; 30 | import oasis.names.tc.dss._1_0.core.schema.VerifyRequest; 31 | import org.rub.nds.futuretrust.cvs.sso.api.AuthenticationType; 32 | import org.rub.nds.futuretrust.cvs.sso.api.RequestBaseType; 33 | import org.rub.nds.futuretrust.cvs.sso.api.RequestBaseType.OptionalInputs; 34 | import org.rub.nds.futuretrust.cvs.sso.api.SsoProtocolType; 35 | import org.rub.nds.futuretrust.cvs.sso.api.VerificationRequestType; 36 | import org.rub.nds.futuretrust.validationservice.sso.library.Controller; 37 | import org.rub.nds.sso.api.VerificationResponseType; 38 | import org.rub.nds.saml.samllib.exceptions.SAMLBuildException; 39 | import org.rub.nds.sso.api.SamlType; 40 | 41 | /** 42 | * REST Web Service 43 | * 44 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 45 | */ 46 | @Path("validation") 47 | public class ValidationService { 48 | 49 | @Context 50 | private UriInfo context; 51 | 52 | /** 53 | * Creates a new instance of ValidationService 54 | */ 55 | public ValidationService() { 56 | } 57 | 58 | /** 59 | * Retrieves representation of an instance of 60 | * org.rub.nds.sso.rest.application.config.ValidationService 61 | * 62 | * @return an instance of org.rub.nds.sso.api.VerificationResponseType 63 | */ 64 | @GET 65 | @Produces("application/json") 66 | @Path("/list") 67 | public String getJson() { 68 | return "{methods : verifyrequest}"; 69 | } 70 | 71 | /** 72 | * POST method for updating or creating an instance of ValidationService 73 | * 74 | * @param content 75 | * representation for the resource 76 | * @return 77 | */ 78 | @POST 79 | @Consumes({ MediaType.APPLICATION_JSON }) 80 | @Produces("application/json") 81 | @Path("verifyrequest") 82 | public VerificationResponseType postJson(RequestBaseType content) throws JAXBException, SAMLBuildException { 83 | return new Controller(content).verify(); 84 | } 85 | 86 | @GET 87 | @Produces("application/json") 88 | @Path("genrequest") 89 | public RequestBaseType genExampleRequest() throws JAXBException, SAMLBuildException { 90 | RequestBaseType request = new RequestBaseType(); 91 | VerificationRequestType rq = new VerificationRequestType(); 92 | 93 | AuthenticationType auth = new AuthenticationType(); 94 | auth.setClientId("test"); 95 | auth.setClientSecret("secret"); 96 | rq.setAuthentication(auth); 97 | 98 | SamlType saml = new SamlType(); 99 | saml.setSamlRequest("samlRequest"); 100 | saml.setSamlResponse("samlResponse"); 101 | saml.setSamlVerificationProfile("profile1"); 102 | 103 | rq.setSsoProtocol(SsoProtocolType.SAML); 104 | rq.setSaml(saml); 105 | 106 | OptionalInputs input = new OptionalInputs(); 107 | input.setCvsVerificationRequest(rq); 108 | request.setOptionalInputs(input); 109 | return request; 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/resources/configDB.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | f2ca07f0-0d06-4e33-9089-e3bf023281cc 6 | 6e3e73c9-f99e-4b04-9a4b-d0197cbe5ab1 7 | 8 | 9 | saml 10 | 11 | true 12 | true 13 | 14 | 15 | true 16 | 17 | 18 | true 19 | 20 | 21 | 22 | 23 | https://honest-sp.com:443/sp/saml/index.html 24 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 25 | <md:EntitiesDescriptor Name="Group1" validUntil="2030-06-09T09:00:00" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 26 | <md:EntityDescriptor entityID="eLearning SAML SSO IdP"> 27 | <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> 28 | <md:KeyDescriptor use="signing"> 29 | <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 30 | <ds:X509Data> 31 | <ds:X509Certificate>MIIDiTCCAnGgAwIBAgIELzcgDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjETMBEGA1UECxMKc2tpZGVudGl0eTEbMBkGA1UEAxMSd3d3LnNraWRlbnRpdHkuY29tMB4XDTEzMDYxMDE1MTcyMloXDTE2MDYwOTE1MTcyMlowdTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEzARBgNVBAsTCnNraWRlbnRpdHkxGzAZBgNVBAMTEnd3dy5za2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpvJa68Ib9nERP9+jL17w3bwyGXJ4ZoW10zJPtUA9N2QLTD8yI2kG3P4fv69Koid93ouFg/bTbfOTs7BBtdQWJ1xCtE80aHGAWto3Eo/9iryI0yZwhwkNEWr4dK3PTpb7JfyNLBWNCZFgtxQDEAX6PWKu4qsf7PLVp4tfl5JhKvoJCKqDDB3qQkhIGIV9YvDd/zidlCWghdr5D1F1XZqDpkDBEDf+MctC4M4Q6PSNsbU+4z42LDHWJ4d9OKRe86t8mzl/qrBvyKA1LLaZWFvw3J1NX/WHivI3Wn2/aGGsTr0IToiYW7SWKbp/f0kcPVUoVxMOfFuxZXmj2A0dHInZcCAwEAAaMhMB8wHQYDVR0OBBYEFKJzJ2C1jiSyrvSX1wp4qFsNqfUnMA0GCSqGSIb3DQEBCwUAA4IBAQAj47UXFntw/V4WRZSUoeIHLBfD2r2MyDYX1C3ocigh6gihTlzz/cTFn3FXjokpYIXDUUVo9Mjl+2X9Iwnn4uVhhF49OD0fd11YU4sN/Cn7UoG6J10OYqiei3KCu6jYSxGtv0vzpH+2u5iUKH3AzQFUlAAvmNS7uL5wRv7iPBgtHdYpxzRneBG8GmaGNzk8DuU6sjHcPxf+RtYsR55LV2pOMm5xInqFL8GDWk03XUmSsnlU3B5Ja0grWyokilw99bn6s1p5QpWkrngs3P819abeTOfxJG7Ttvl8bGHG0BN+1eZkK5VMn+xNQ8bIomtttwyel0GjMqOFczdwRpUyjqDC</ds:X509Certificate> 32 | </ds:X509Data> 33 | </ds:KeyInfo> 34 | </md:KeyDescriptor> 35 | <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://carbon.cloud.nds.rub.de:8080/idp/saml"/> 36 | <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> 37 | </md:IDPSSODescriptor> 38 | </md:EntityDescriptor> 39 | </md:EntitiesDescriptor> 40 | 41 | 42 | 43 | insecure_xsw 44 | 45 | true 46 | false 47 | 48 | 49 | true 50 | 51 | 52 | true 53 | 54 | 55 | 56 | 57 | https://honest-sp.com:443/sp/saml/index.html 58 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 59 | <md:EntitiesDescriptor Name="Group1" validUntil="2030-06-09T09:00:00" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 60 | <md:EntityDescriptor entityID="eLearning SAML SSO IdP"> 61 | <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> 62 | <md:KeyDescriptor use="signing"> 63 | <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 64 | <ds:X509Data> 65 | <ds:X509Certificate>MIIDiTCCAnGgAwIBAgIELzcgDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjETMBEGA1UECxMKc2tpZGVudGl0eTEbMBkGA1UEAxMSd3d3LnNraWRlbnRpdHkuY29tMB4XDTEzMDYxMDE1MTcyMloXDTE2MDYwOTE1MTcyMlowdTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEzARBgNVBAsTCnNraWRlbnRpdHkxGzAZBgNVBAMTEnd3dy5za2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIpvJa68Ib9nERP9+jL17w3bwyGXJ4ZoW10zJPtUA9N2QLTD8yI2kG3P4fv69Koid93ouFg/bTbfOTs7BBtdQWJ1xCtE80aHGAWto3Eo/9iryI0yZwhwkNEWr4dK3PTpb7JfyNLBWNCZFgtxQDEAX6PWKu4qsf7PLVp4tfl5JhKvoJCKqDDB3qQkhIGIV9YvDd/zidlCWghdr5D1F1XZqDpkDBEDf+MctC4M4Q6PSNsbU+4z42LDHWJ4d9OKRe86t8mzl/qrBvyKA1LLaZWFvw3J1NX/WHivI3Wn2/aGGsTr0IToiYW7SWKbp/f0kcPVUoVxMOfFuxZXmj2A0dHInZcCAwEAAaMhMB8wHQYDVR0OBBYEFKJzJ2C1jiSyrvSX1wp4qFsNqfUnMA0GCSqGSIb3DQEBCwUAA4IBAQAj47UXFntw/V4WRZSUoeIHLBfD2r2MyDYX1C3ocigh6gihTlzz/cTFn3FXjokpYIXDUUVo9Mjl+2X9Iwnn4uVhhF49OD0fd11YU4sN/Cn7UoG6J10OYqiei3KCu6jYSxGtv0vzpH+2u5iUKH3AzQFUlAAvmNS7uL5wRv7iPBgtHdYpxzRneBG8GmaGNzk8DuU6sjHcPxf+RtYsR55LV2pOMm5xInqFL8GDWk03XUmSsnlU3B5Ja0grWyokilw99bn6s1p5QpWkrngs3P819abeTOfxJG7Ttvl8bGHG0BN+1eZkK5VMn+xNQ8bIomtttwyel0GjMqOFczdwRpUyjqDC</ds:X509Certificate> 66 | </ds:X509Data> 67 | </ds:KeyInfo> 68 | </md:KeyDescriptor> 69 | <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://carbon.cloud.nds.rub.de:8080/idp/saml"/> 70 | <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> 71 | </md:IDPSSODescriptor> 72 | </md:EntityDescriptor> 73 | </md:EntitiesDescriptor> 74 | 75 | 76 | 77 | 78 | 79 | e96a71e5-5cf0-4382-879a-72b94591c920 80 | 46409f11-2afb-4170-b5a7-5bfd73e338f7 81 | 82 | 83 | oidc 84 | 85 | true 86 | true 87 | false 88 | true 89 | true 90 | false 91 | false 92 | true 93 | 94 | 95 | http://test2.com 96 | {"request_parameter_supported":true, 97 | "registration_endpoint":"http://honest-sp.com:443/oidc_idp/register", 98 | "userinfo_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512"], 99 | "token_endpoint":"http://honest-sp.com:443/oidc_idp/token", 100 | "request_uri_parameter_supported":false, 101 | "token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt","none"], 102 | "claims_parameter_supported":false, 103 | "jwks_uri":"http://honest-sp.com:443/oidc_idp/jwk", 104 | "id_token_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","none"], 105 | "authorization_endpoint":"http://honest-sp.com:443/oidc_idp/faces/authorize/index.xhtml", 106 | "require_request_uri_registration":false, 107 | "introspection_endpoint":"http://honest-sp.com:443/oidc_idp/introspect", 108 | "response_types_supported":["code","token"], 109 | "token_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512"], 110 | "revocation_endpoint":"http://honest-sp.com:443/oidc_idp/revoke", 111 | "request_object_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512"], 112 | "claim_types_supported":["normal"], 113 | "grant_types_supported":["authorization_code","implicit"], 114 | "scopes_supported":["openid","email","address"], 115 | "userinfo_endpoint":"http://honest-sp.com:443/oidc_idp/userinfo", 116 | "issuer":"http://honest-sp.com:443/oidc_idp", 117 | "claims_supported":["sub","name","preferred_username","given_name","family_name","middle_name","nickname","profile","picture","website","gender","zone_info","locale","updated_time","birthdate","email","email_verified","phone_number","phone_number_verified","address"],"subject_types_supported":["public","pairwise"]} 118 | test123456789012345678901234567890123456789 119 | 120 | 121 | 122 | 123 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/webapp/META-INF/context.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/webapp/WEB-INF/jboss-web.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | /sso-vals 4 | 5 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | org.rub.nds.sso.rest.application.config.ConfigurationManager 9 | 10 | 11 | 30 12 | 13 | SESSIONID 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /SSOValidationService/WebService/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="UTF-8"%> 2 | 4 | 5 | 6 | 7 | 8 | JSP Page 9 | 10 | 11 |

Hello World!

12 | 13 | 14 | -------------------------------------------------------------------------------- /SSOValidationService/maven-eclipse-codestyle.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | 284 | 285 | 286 | 287 | 288 | 289 | 290 | 291 | 292 | 293 | -------------------------------------------------------------------------------- /SSOValidationService/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | org.rub.nds.futuretrust.validationservice.sso 5 | SSOValidationService 6 | 1.0-SNAPSHOT 7 | pom 8 | 9 | Library 10 | WebService 11 | 12 | 13 | 14 | 15 | 16 | 17 | maven-compiler-plugin 18 | 3.6.0 19 | 20 | 1.7 21 | 1.7 22 | true 23 | 24 | 25 | 26 | net.revelc.code 27 | formatter-maven-plugin 28 | 0.5.2 29 | 30 | 31 | 32 | 33 | 34 | net.revelc.code 35 | formatter-maven-plugin 36 | 37 | ${main.basedir}/maven-eclipse-codestyle.xml 38 | LF 39 | 40 | 41 | 42 | process-sources 43 | 44 | format 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | org.codehaus.mojo 55 | findbugs-maven-plugin 56 | 2.5.3 57 | 58 | Max 59 | Low 60 | true 61 | 62 | 63 | 64 | org.apache.maven.plugins 65 | maven-pmd-plugin 66 | 2.7.1 67 | 68 | true 69 | utf-8 70 | 100 71 | 1.7 72 | 73 | 74 | 75 | 76 | 77 | UTF-8 78 | 1.7 79 | 1.7 80 | ${project.basedir} 81 | 82 | -------------------------------------------------------------------------------- /docs/D2.3-Evaluation-of-eID-and-trust-services.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/docs/D2.3-Evaluation-of-eID-and-trust-services.pdf -------------------------------------------------------------------------------- /images/arhs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/arhs.png -------------------------------------------------------------------------------- /images/asit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/asit.png -------------------------------------------------------------------------------- /images/brz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/brz.png -------------------------------------------------------------------------------- /images/bva.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/bva.png -------------------------------------------------------------------------------- /images/ecsec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/ecsec.png -------------------------------------------------------------------------------- /images/eema.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/eema.png -------------------------------------------------------------------------------- /images/futuretrust.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/futuretrust.jpg -------------------------------------------------------------------------------- /images/gd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/gd.png -------------------------------------------------------------------------------- /images/lawtrust.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/lawtrust.jpg -------------------------------------------------------------------------------- /images/multicert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/multicert.png -------------------------------------------------------------------------------- /images/mup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/mup.png -------------------------------------------------------------------------------- /images/psda.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/psda.jpg -------------------------------------------------------------------------------- /images/pwc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/pwc.png -------------------------------------------------------------------------------- /images/rub.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/rub.png -------------------------------------------------------------------------------- /images/soton.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/soton.png -------------------------------------------------------------------------------- /images/trust.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/trust.png -------------------------------------------------------------------------------- /images/tubitak.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RUB-NDS/FutureTrust/5e063e64c545e5b372cf63bbfd6c9ae6aa127d9d/images/tubitak.png --------------------------------------------------------------------------------