Example 11 with Statement
use of com.sun.identity.saml.assertion.Statement in project OpenAM by OpenRock.
the class SAML11RequestedSecurityToken method verifyToken.
/**
* Verifies the token's validity, checking the signature, validity period
* etc.
* @param realm the realm of the local entity
* @param hostEntityId the local entity ID
* @param timeskew permitted skew between service provider and identity
* provider clocks, in seconds
* @return a Map of relevant data including Subject and the List of
* Assertions.
* @throws com.sun.identity.wsfederation.common.WSFederationException in
* case of any error - invalid token signature, token expired etc.
*/
public Map<String, Object> verifyToken(String realm, String hostEntityId, int timeskew) throws WSFederationException {
String classMethod = "SAML11RequestedSecurityToken.verifyToken";
// check that assertion issuer is trusted by the local entity
String issuer = assertion.getIssuer();
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
String remoteEntityId = metaManager.getEntityByTokenIssuerName(realm, issuer);
if (!metaManager.isTrustedProvider(realm, hostEntityId, remoteEntityId)) {
String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? this.toString() : this.getTokenId(), realm, hostEntityId };
LogUtil.error(Level.INFO, LogUtil.UNTRUSTED_ISSUER, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("untrustedIssuer"));
}
SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, hostEntityId);
if (spConfig == null) {
debug.error(classMethod + "cannot find configuration for SP " + hostEntityId);
throw new WSFederationException("unableToFindSPConfiguration");
}
String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
// By default, we want to sign assertions
boolean wantAssertionSigned = (strWantAssertionSigned != null) ? Boolean.parseBoolean(strWantAssertionSigned) : true;
if (wantAssertionSigned && (!WSFederationUtils.isSignatureValid(assertion, realm, remoteEntityId))) {
// isSignatureValid will log the error
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSignature"));
}
// TODO: check AudienceRestrictionCondition
Subject assertionSubject = null;
Iterator stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
Statement statement = (Statement) stmtIter.next();
if (statement.getStatementType() == Statement.AUTHENTICATION_STATEMENT) {
assertionSubject = ((SubjectStatement) statement).getSubject();
break;
}
}
if (assertionSubject == null) {
String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? this.toString() : this.getTokenId() };
LogUtil.error(Level.INFO, LogUtil.MISSING_SUBJECT, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("missingSubject"));
}
// must be valid (timewise)
if (!WSFederationUtils.isTimeValid(assertion, timeskew)) {
// isTimeValid will log the error
throw new WSFederationException(WSFederationUtils.bundle.getString("timeInvalid"));
}
List assertions = new ArrayList();
assertions.add(assertion);
Map<String, Object> attrMap = new HashMap<String, Object>();
attrMap.put(SAML2Constants.SUBJECT, assertionSubject);
attrMap.put(SAML2Constants.POST_ASSERTION, assertion);
attrMap.put(SAML2Constants.ASSERTIONS, assertions);
// TODO
int authLevel = 0;
if (authLevel >= 0) {
attrMap.put(SAML2Constants.AUTH_LEVEL, new Integer(authLevel));
}
Date sessionNotOnOrAfter = assertion.getConditions().getNotOnorAfter();
if (sessionNotOnOrAfter != null) {
long maxSessionTime = (sessionNotOnOrAfter.getTime() - System.currentTimeMillis()) / 60000;
if (maxSessionTime > 0) {
attrMap.put(SAML2Constants.MAX_SESSION_TIME, new Long(maxSessionTime));
}
}
if (debug.messageEnabled()) {
debug.message(classMethod + " Attribute Map : " + attrMap);
}
return attrMap;
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
HashMap(java.util.HashMap)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
Statement(com.sun.identity.saml.assertion.Statement)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
Subject(com.sun.identity.saml.assertion.Subject)
Date(java.util.Date)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 12 with Statement
use of com.sun.identity.saml.assertion.Statement in project OpenAM by OpenRock.
the class DefaultLibrarySPAccountMapper method getIdentity.
/**
* Returns the user's disntinguished name or the universal ID for the
* corresponding <code>SAML</code> <code>Assertion</code>. This method
* will be invoked by the <code>WS-Federation</code> framework while
* processing the <code>Assertion</code> and retrieves the identity
* information. The implementation of this method checks for
* the user for the corresponding name identifier in the assertion.
*
* @param rstr Request Security Token Response.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @param realm realm or the organization name that may be used to find
* the user information.
* @return user's disntinguished name or the universal ID.
* @exception WSFederationException if any failure.
*/
public String getIdentity(RequestSecurityTokenResponse rstr, String hostEntityID, String realm) throws WSFederationException {
if (rstr == null) {
throw new WSFederationException(bundle.getString("nullRstr"));
}
if (hostEntityID == null) {
throw new WSFederationException(bundle.getString("nullHostEntityID"));
}
if (realm == null) {
throw new WSFederationException(bundle.getString("nullRealm"));
}
SAML11RequestedSecurityToken rst = (SAML11RequestedSecurityToken) rstr.getRequestedSecurityToken();
Subject subject = null;
Assertion assertion = rst.getAssertion();
Iterator iter = assertion.getStatement().iterator();
while (iter.hasNext()) {
Statement statement = (Statement) iter.next();
if (statement.getStatementType() == Statement.AUTHENTICATION_STATEMENT) {
subject = ((SubjectStatement) statement).getSubject();
break;
}
}
NameIdentifier nameID = subject.getNameIdentifier();
String userID = null;
String format = nameID.getFormat();
String remoteEntityID = WSFederationUtils.getMetaManager().getEntityByTokenIssuerName(realm, assertion.getIssuer());
if (debug.messageEnabled()) {
debug.message("DefaultLibrarySPAccountMapper.getIdentity(Assertion):" + " realm = " + realm + " hostEntityID = " + hostEntityID);
}
try {
userID = dsProvider.getUserID(realm, getSearchParameters(nameID, realm, hostEntityID, remoteEntityID));
} catch (DataStoreProviderException dse) {
debug.error("DefaultLibrarySPAccountMapper.getIdentity(Assertion): " + "DataStoreProviderException", dse);
throw new WSFederationException(dse);
}
return userID;
}
Also used :
SAML11RequestedSecurityToken(com.sun.identity.wsfederation.profile.SAML11RequestedSecurityToken)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
Statement(com.sun.identity.saml.assertion.Statement)
Assertion(com.sun.identity.saml.assertion.Assertion)
Iterator(java.util.Iterator)
Subject(com.sun.identity.saml.assertion.Subject)
Example 13 with Statement
use of com.sun.identity.saml.assertion.Statement in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method validateAssertions.
protected Subject validateAssertions(List assertions) {
FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertions: Called");
// loop to check assertions
FSSubject subject = null;
Iterator iter = assertions.iterator();
FSAssertion assertion = null;
String aIDString = null;
String issuer = null;
Iterator stmtIter = null;
Statement statement = null;
int stmtType = Statement.NOT_SUPPORTED;
SubjectConfirmation subConf = null;
Set confMethods = null;
String confMethod = null;
Date date = null;
long time = System.currentTimeMillis() + 180000;
while (iter.hasNext()) {
assertion = (FSAssertion) iter.next();
if (!authnRequest.getRequestID().equals(assertion.getInResponseTo())) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion:" + " assertion does not correspond to any valid request");
return null;
}
if (FSServiceUtils.isSigningOn()) {
if (!verifyAssertionSignature(assertion)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion:" + " assertion signature verification failed");
return null;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: Assertion signature verified");
}
aIDString = assertion.getAssertionID();
// make sure it's not being used
if (idTimeMap.containsKey(aIDString)) {
FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion: " + aIDString + " is used");
return null;
}
// check issuer of the assertions
issuer = assertion.getIssuer();
try {
if (idpEntityId != null) {
if (!idpEntityId.equals(issuer)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "Assertion issuer is not the entity where " + "AuthnRequest was sent originally.");
return null;
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "Assertion issuer is: " + issuer);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
IDPDescriptorType idpDesc = metaManager.getIDPDescriptor(realm, issuer);
if (idpDesc == null) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion:" + " Assertion issuer is not on the trust list");
return null;
}
setProviderDescriptor(idpDesc);
setProviderEntityId(issuer);
}
} catch (Exception ex) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "Assertion issuer is not on the trust list");
return null;
}
// must be valid(timewise)
if (!assertion.isTimeValid()) {
FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion:" + " Assertion's time is not valid.");
return null;
}
// TODO: IssuerInstant of the assertion is within a few minutes
// This is a MAY in spec. Which number to use for the few minutes?
// if present, target of the assertions must == local server IP
Conditions conds = assertion.getConditions();
if (!forThisServer(conds)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "assertion is not issued for this site.");
return null;
}
//for each assertion, loop to check each statement
boolean authnStatementFound = false;
if (assertion.getStatement() != null) {
stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
stmtType = statement.getStatementType();
if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
authnStatementFound = true;
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: " + "validating AuthenticationStatement:" + authStatement.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: Exception. " + "Invalid AuthenticationStatement: ", e);
return null;
}
//check ReauthenticateOnOrAfter
reAuthnOnOrAfterDate = authStatement.getReauthenticateOnOrAfter();
//process SessionIndex
idpSessionIndex = authStatement.getSessionIndex();
authnContextStmt = authStatement.getAuthnContext();
subject = (FSSubject) authStatement.getSubject();
if (subject == null) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: Subject is null");
return null;
} else {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: " + "found Authentication Statement. " + "Subject = " + subject.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + " Exception. Invalid subject: ", e);
continue;
}
}
//bearer
if (((subConf = subject.getSubjectConfirmation()) == null) || ((confMethods = subConf.getConfirmationMethod()) == null) || (confMethods.size() != 1)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "missing or extra ConfirmationMethod.");
return null;
}
if (((confMethod = (String) confMethods.iterator().next()) == null) || !((confMethod.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER)) || (confMethod.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) || (confMethod.equals(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT)))) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: wrong " + "ConfirmationMethod");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: Confirmation method: " + confMethod);
}
} else if (stmtType == Statement.ATTRIBUTE_STATEMENT) {
AttributeStatement attrStatement = (AttributeStatement) statement;
if (!checkForAttributeStatement(attrStatement)) {
attrStatements.add(attrStatement);
}
}
}
}
if (!authnStatementFound) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: " + "No Authentication statement found in the Assertion. " + "User is not authenticated by the IDP");
}
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: Adding " + aIDString + " to idTimeMap.");
}
// add the assertion to idTimeMap
if ((date = conds.getNotOnorAfter()) != null) {
cGoThrough.addElement(aIDString);
idTimeMap.put(aIDString, new Long(date.getTime()));
} else {
cPeriodic.addElement(aIDString);
// it doesn't matter what we store for the value.
idTimeMap.put(aIDString, aIDString);
}
securityAssertions = assertion.getDiscoveryCredential();
}
if (subject == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion:" + " couldn't find Subject.");
return null;
}
return subject;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
FSSubject(com.sun.identity.federation.message.FSSubject)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
Statement(com.sun.identity.saml.assertion.Statement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
Date(java.util.Date)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
Conditions(com.sun.identity.saml.assertion.Conditions)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
Example 14 with Statement
use of com.sun.identity.saml.assertion.Statement in project OpenAM by OpenRock.
the class SAMLUtils method addEnvParamsFromAssertion.
/**
* Returns attributes included in <code>AttributeStatement</code> of the
* assertion.
* @param envParameters return map which includes name value pairs of
* attributes included in <code>AttributeStatement</code> of the assertion
* @param assertion an <code>Assertion</code> object which contains
* <code>AttributeStatement</code>
* @param subject the <code>Subject</code> instance from
* <code>AuthenticationStatement</code>. The <code>Subject</code>
* included in <code>AttributeStatement</code> must match this
* <code>Subject</code> instance.
*/
public static void addEnvParamsFromAssertion(Map envParameters, Assertion assertion, com.sun.identity.saml.assertion.Subject subject) {
Set statements = assertion.getStatement();
Statement statement = null;
Iterator stmtIter = null;
List attrs = null;
Iterator attrIter = null;
Attribute attribute = null;
Element attrValue = null;
List attrValues = null;
String attrName = null;
String attrValueString = null;
if ((statements != null) && (!statements.isEmpty())) {
stmtIter = statements.iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
if (statement.getStatementType() == Statement.ATTRIBUTE_STATEMENT) {
// check for subject
if (!subject.equals(((AttributeStatement) statement).getSubject())) {
continue;
}
attrs = ((AttributeStatement) statement).getAttribute();
attrIter = attrs.iterator();
while (attrIter.hasNext()) {
attribute = (Attribute) attrIter.next();
try {
attrValues = attribute.getAttributeValue();
} catch (Exception e) {
debug.error("SAMLUtils.addEnvParamsFromAssertion:" + " cannot obtain attribute value:", e);
continue;
}
attrName = attribute.getAttributeName();
List attrValueList = null;
for (Iterator avIter = attrValues.iterator(); avIter.hasNext(); ) {
attrValue = (Element) avIter.next();
if (!XMLUtils.hasElementChild(attrValue)) {
attrValueString = XMLUtils.getElementValue(attrValue);
if (attrValueList == null) {
attrValueList = new ArrayList();
}
attrValueList.add(attrValueString);
}
}
if (attrValueList != null) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " attrValue = " + attrValueList);
}
String[] attrValueStrs = (String[]) attrValueList.toArray(new String[attrValueList.size()]);
try {
envParameters.put(attrName, attrValueStrs);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:", ex);
}
}
} else if (debug.messageEnabled()) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " has no value");
}
}
}
}
// if it's an attribute statement
}
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml.assertion.Attribute)
Statement(com.sun.identity.saml.assertion.Statement)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
CharacterIterator(java.text.CharacterIterator)
Iterator(java.util.Iterator)
StringCharacterIterator(java.text.StringCharacterIterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
ServletException(javax.servlet.ServletException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SessionException(com.sun.identity.plugin.session.SessionException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
Example 15 with Statement
use of com.sun.identity.saml.assertion.Statement in project OpenAM by OpenRock.
the class SAMLUtils method verifyAssertionAndGetSSMap.
/**
* Checks response and get back a Map of relevant data including,
* Subject, SOAPEntry for the partner and the List of Assertions.
* @param response <code>Response</code> object
* @return Map of data including Subject, SOAPEntry, and list of assertions.
*/
public static Map verifyAssertionAndGetSSMap(Response response) {
// loop to check assertions
com.sun.identity.saml.assertion.Subject subject = null;
SAMLServiceManager.SOAPEntry srcSite = null;
List assertions = response.getAssertion();
Iterator iter = assertions.iterator();
Assertion assertion = null;
String aIDString = null;
String issuer = null;
Iterator stmtIter = null;
Statement statement = null;
int stmtType = Statement.NOT_SUPPORTED;
com.sun.identity.saml.assertion.Subject sub = null;
SubjectConfirmation subConf = null;
Set confMethods = null;
String confMethod = null;
Date date = null;
while (iter.hasNext()) {
assertion = (Assertion) iter.next();
aIDString = assertion.getAssertionID();
// make sure it's not being used
if (idTimeMap.containsKey(aIDString)) {
debug.error("verifyAssertion " + "AndGetSSMap: Assertion: " + aIDString + " is used.");
return null;
}
// check issuer of the assertions
issuer = assertion.getIssuer();
if ((srcSite = SAMLUtils.getSourceSite(issuer)) == null) {
debug.error("verifyAsserti " + "onAndGetSSMap: issuer is not on the Partner list.");
return null;
}
if (!assertion.isSignatureValid()) {
debug.error("verifyAssertion " + "AndGetSSMap: assertion's signature is not valid.");
return null;
}
// must be valid (timewise)
if (!assertion.isTimeValid()) {
debug.error("verifyAssertion " + "AndGetSSMap: assertion's time is not valid.");
return null;
}
// TODO: IssuerInstant of the assertion is within a few minutes
// This is a MAY in spec. Which number to use for the few minutes?
// TODO: check AudienceRestrictionCondition
//for each assertion, loop to check each statement
stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
stmtType = statement.getStatementType();
if ((stmtType == Statement.AUTHENTICATION_STATEMENT) || (stmtType == Statement.ATTRIBUTE_STATEMENT) || (stmtType == Statement.AUTHORIZATION_DECISION_STATEMENT)) {
sub = ((SubjectStatement) statement).getSubject();
// ConfirmationMethod of each subject must be set to bearer
if (((subConf = sub.getSubjectConfirmation()) == null) || ((confMethods = subConf.getConfirmationMethod()) == null) || (confMethods.size() != 1)) {
debug.error("verify " + "AssertionAndGetSSMap: missing or extra " + "ConfirmationMethod.");
return null;
}
if (((confMethod = (String) confMethods.iterator().next()) == null) || (!confMethod.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER))) {
debug.error("verify " + "AssertionAndGetSSMap:wrong ConfirmationMethod.");
return null;
}
if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
// browser IP. This is a MAY item in the spec.
if (subject == null) {
subject = sub;
}
}
}
}
// add the assertion to idTimeMap
if (debug.messageEnabled()) {
debug.message("Adding " + aIDString + " to idTimeMap.");
}
Conditions conds = assertion.getConditions();
if ((conds != null) && ((date = conds.getNotOnorAfter()) != null)) {
cGoThrough.addElement(aIDString);
idTimeMap.put(aIDString, new Long(date.getTime()));
} else {
cPeriodic.addElement(aIDString);
// it doesn't matter what we store for the value.
idTimeMap.put(aIDString, aIDString);
}
}
// must have at least one SSO assertion
if ((subject == null) || (srcSite == null)) {
debug.error("verifyAssertion AndGetSSMap: couldn't find Subject.");
return null;
}
Map ssMap = new HashMap();
ssMap.put(SAMLConstants.SUBJECT, subject);
ssMap.put(SAMLConstants.SOURCE_SITE_SOAP_ENTRY, srcSite);
ssMap.put(SAMLConstants.POST_ASSERTION, assertions);
return ssMap;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Statement(com.sun.identity.saml.assertion.Statement)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
Assertion(com.sun.identity.saml.assertion.Assertion)
Subject(com.sun.identity.saml.assertion.Subject)
Date(java.util.Date)
Conditions(com.sun.identity.saml.assertion.Conditions)
SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation)
CharacterIterator(java.text.CharacterIterator)
Iterator(java.util.Iterator)
StringCharacterIterator(java.text.StringCharacterIterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
Statement (com.sun.identity.saml.assertion.Statement)15
Iterator (java.util.Iterator)15
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)9
SubjectStatement (com.sun.identity.saml.assertion.SubjectStatement)9
Set (java.util.Set)8
AuthenticationStatement (com.sun.identity.saml.assertion.AuthenticationStatement)7
HashSet (java.util.HashSet)7
Subject (com.sun.identity.saml.assertion.Subject)6
SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)5
Assertion (com.sun.identity.saml.assertion.Assertion)4
CharacterIterator (java.text.CharacterIterator)4
StringCharacterIterator (java.text.StringCharacterIterator)4
HashMap (java.util.HashMap)4
List (java.util.List)4
ArrayList (java.util.ArrayList)3
Date (java.util.Date)3
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)2
FSAssertion (com.sun.identity.federation.message.FSAssertion)2
FSAuthenticationStatement (com.sun.identity.federation.message.FSAuthenticationStatement)2
FSSubject (com.sun.identity.federation.message.FSSubject)2
