64 Object parsedObject = SAMLParser.getInstance().parse(inputStream);
65 EntityDescriptorType entityType;
67 if (EntitiesDescriptorType.class.isInstance(parsedObject)) {
68 entityType = (EntityDescriptorType) ((EntitiesDescriptorType) parsedObject).getEntityDescriptor().get(0);
70 entityType = (EntityDescriptorType) parsedObject;
73 List<EntityDescriptorType.EDTChoiceType> choiceType = entityType.getChoiceType();
75 if (!choiceType.isEmpty()) {
76 IDPSSODescriptorType idpDescriptor = null;
80 for(EntityDescriptorType.EDTChoiceType edtChoiceType : entityType.getChoiceType()) {
81 List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
83 if(!descriptors.isEmpty() && descriptors.get(0).getIdpDescriptor() != null) {
84 idpDescriptor = descriptors.get(0).getIdpDescriptor();
88 if (idpDescriptor != null) {
89 SAMLIdentityProviderConfig samlIdentityProviderConfig =
new SAMLIdentityProviderConfig();
90 String singleSignOnServiceUrl = null;
91 boolean postBindingResponse =
false;
92 boolean postBindingLogout =
false;
93 for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
94 if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
95 singleSignOnServiceUrl = endpoint.getLocation().toString();
96 postBindingResponse =
true;
98 }
else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
99 singleSignOnServiceUrl = endpoint.getLocation().toString();
102 String singleLogoutServiceUrl = null;
103 for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
104 if (postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
105 singleLogoutServiceUrl = endpoint.getLocation().toString();
106 postBindingLogout =
true;
108 }
else if (!postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
109 singleLogoutServiceUrl = endpoint.getLocation().toString();
114 samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
115 samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
116 samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
117 samlIdentityProviderConfig.setAddExtensionsElementWithKeyInfo(
false);
118 samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
119 samlIdentityProviderConfig.setPostBindingResponse(postBindingResponse);
120 samlIdentityProviderConfig.setPostBindingAuthnRequest(postBindingResponse);
121 samlIdentityProviderConfig.setPostBindingLogout(postBindingLogout);
123 List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
124 String defaultCertificate = null;
126 if (keyDescriptor != null) {
127 for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
128 Element keyInfo = keyDescriptorType.getKeyInfo();
129 Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo,
new QName(
"dsig",
"X509Certificate"));
131 if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
132 samlIdentityProviderConfig.addSigningCertificate(x509KeyInfo.getTextContent());
133 }
else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
134 samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
135 }
else if (keyDescriptorType.getUse() == null) {
136 defaultCertificate = x509KeyInfo.getTextContent();
141 if (defaultCertificate != null) {
142 if (samlIdentityProviderConfig.getSigningCertificates().length == 0) {
143 samlIdentityProviderConfig.addSigningCertificate(defaultCertificate);
146 if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
147 samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
151 return samlIdentityProviderConfig.getConfig();
154 }
catch (ParsingException pe) {
155 throw new RuntimeException(
"Could not parse IdP SAML Metadata", pe);
158 return new HashMap<String, String>();