Examples with Subject com.sun.identity.saml.assertion.Subject used on opensource projects

Example 1 with Subject

use of com.sun.identity.saml.assertion.Subject in project OpenAM by OpenRock.

the class SAMLUtils method examAssertions.

/**
     * Determines if there is a valid SSO Assertion
     * inside of SAML Response.
     *
     * @param assertions a List of <code>Assertion</code> objects
     * @return a Subject object
     * @exception IOException IOException
     */
public static com.sun.identity.saml.assertion.Subject examAssertions(List assertions) throws IOException {
    if (assertions == null) {
        return null;
    }
    boolean validation = false;
    com.sun.identity.saml.assertion.Subject subject = null;
    Iterator iter = assertions.iterator();
    while (iter.hasNext()) {
        Assertion assertion = (Assertion) iter.next();
        if (!checkCondition(assertion)) {
            return null;
        }
        debug.message("Passed checking Conditions!");
        // exam the Statement inside the Assertion
        Set statements = new HashSet();
        statements = assertion.getStatement();
        if (statements == null || statements.isEmpty()) {
            debug.error(bundle.getString("noStatement"));
            return null;
        }
        Iterator iterator = statements.iterator();
        while (iterator.hasNext()) {
            Statement statement = (Statement) iterator.next();
            subject = ((SubjectStatement) statement).getSubject();
            SubjectConfirmation sc = subject.getSubjectConfirmation();
            Set cm = new HashSet();
            cm = sc.getConfirmationMethod();
            if (cm == null || cm.isEmpty()) {
                debug.error("Subject confirmation method is null");
                return null;
            }
            String conMethod = (String) cm.iterator().next();
            // on Assertion version number
            if ((conMethod != null) && (assertion.getMajorVersion() == SAMLConstants.ASSERTION_MAJOR_VERSION) && (((assertion.getMinorVersion() == SAMLConstants.ASSERTION_MINOR_VERSION_ONE) && conMethod.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) || ((assertion.getMinorVersion() == SAMLConstants.ASSERTION_MINOR_VERSION_ZERO) && (conMethod.equals(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT))))) {
                if (debug.messageEnabled()) {
                    debug.message("Correct Confirmation method");
                }
            } else {
                debug.error("Wrong Confirmation Method.");
                return null;
            }
            if (statement instanceof AuthenticationStatement) {
                //found an SSO Assertion
                validation = true;
            }
        }
    // end of  while (iterator.hasNext()) for Statements
    }
    if (!validation) {
        debug.error(bundle.getString("noSSOAssertion"));
        return null;
    }
    return subject;
}

Example 2 with Subject

use of com.sun.identity.saml.assertion.Subject in project OpenAM by OpenRock.

the class SAMLUtils method processResponse.

/**
     * Processes SAML Response
     * @param samlResponse SAML Response object
     * @param target Target URL 
     * @return Attribute Map
     * @exception SAMLException if failed to get Attribute Map.
     */
public static Map processResponse(Response samlResponse, String target) throws SAMLException {
    List assertions = null;
    SAMLServiceManager.SOAPEntry partnerdest = null;
    Subject assertionSubject = null;
    if (samlResponse.isSigned()) {
        // verify the signature
        boolean isSignedandValid = verifySignature(samlResponse);
        if (!isSignedandValid) {
            throw new SAMLException(bundle.getString("invalidResponse"));
        }
    }
    // check Assertion and get back a Map of relevant data including,
    // Subject, SOAPEntry for the partner and the List of Assertions.
    Map ssMap = verifyAssertionAndGetSSMap(samlResponse);
    if (debug.messageEnabled()) {
        debug.message("processResponse: ssMap = " + ssMap);
    }
    if (ssMap == null) {
        throw new SAMLException(bundle.getString("invalidAssertion"));
    }
    assertionSubject = (com.sun.identity.saml.assertion.Subject) ssMap.get(SAMLConstants.SUBJECT);
    if (assertionSubject == null) {
        throw new SAMLException(bundle.getString("nullSubject"));
    }
    partnerdest = (SAMLServiceManager.SOAPEntry) ssMap.get(SAMLConstants.SOURCE_SITE_SOAP_ENTRY);
    if (partnerdest == null) {
        throw new SAMLException(bundle.getString("failedAccountMapping"));
    }
    assertions = (List) ssMap.get(SAMLConstants.POST_ASSERTION);
    Map sessMap = null;
    try {
        sessMap = getAttributeMap(partnerdest, assertions, assertionSubject, target);
    } catch (Exception se) {
        debug.error("SAMLUtils.processResponse :", se);
        throw new SAMLException(bundle.getString("failProcessResponse"));
    }
    return sessMap;
}

Example 3 with Subject

use of com.sun.identity.saml.assertion.Subject in project OpenAM by OpenRock.

the class SAMLUtils method processArtifact.

/** 
     * Processes SAML Artifact
     * @param artifact SAML Artifact
     * @param target Target URL 
     * @return Attribute Map
     * @exception SAMLException if failed to get the Assertions or
     *     Attribute Map.
     */
public static Map processArtifact(String[] artifact, String target) throws SAMLException {
    List assts = null;
    Subject assertionSubject = null;
    AssertionArtifact firstArtifact = null;
    Map sessMap = null;
    // Call SAMLClient to do the Single-sign-on
    try {
        assts = SAMLClient.artifactQueryHandler(artifact, (String) null);
        //exam the SAML response
        if ((assertionSubject = examAssertions(assts)) == null) {
            return null;
        }
        firstArtifact = new AssertionArtifact(artifact[0]);
        String sid = firstArtifact.getSourceID();
        Map partner = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (partner == null) {
            throw new SAMLException(bundle.getString("nullPartnerUrl"));
        }
        SAMLServiceManager.SOAPEntry partnerdest = (SAMLServiceManager.SOAPEntry) partner.get(sid);
        if (partnerdest == null) {
            throw new SAMLException(bundle.getString("failedAccountMapping"));
        }
        sessMap = getAttributeMap(partnerdest, assts, assertionSubject, target);
    } catch (Exception se) {
        debug.error("SAMLUtils.processArtifact :", se);
        throw new SAMLException(bundle.getString("failProcessArtifact"));
    }
    return sessMap;
}

Example 4 with Subject

use of com.sun.identity.saml.assertion.Subject in project OpenAM by OpenRock.

the class DefaultPartnerAccountMapper method getUser.

/**
     * Returns user account in OpenAM to which the
     * subject in the assertion is mapped. This method will be called in POST
     * profile, ARTIFACT profile, AttributeQuery and AuthorizationDecisionQuery.
     *
     * @param assertions a list of authentication assertions returned from
     *                   partner side, this will contains user's identity in
     *                   the partner side. The object in the list will be
     *                   <code>com.sun.identity.saml.assertion.Assertion</code>
     * @param sourceID source ID for the site from which the subject
     *                 originated.
     * @param targetURL value for TARGET query parameter when the user
     *                  accessing the SAML aware servlet or post profile
     *                  servlet
     * @return Map which contains NAME, ORG and ATTRIBUTE keys, value of the
     *             NAME key is the user DN, value of the ORG is the user
     *             organization  DN, value of the ATTRIBUTE is a Map
     *             containing key/value pairs which will be set as properties
     *             on the OpenAM SSO token, the key is the SSO
     *             property name, the value is a String value of the property.
     *             Returns empty map if the mapped user could not be obtained
     *             from the subject.
     */
public Map getUser(List assertions, String sourceID, String targetURL) {
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("DefaultPartnerAccountMapper:getUser(" + "List) targetURL = " + targetURL);
    }
    Map map = new HashMap();
    Subject subject = null;
    Assertion assertion = (Assertion) assertions.get(0);
    Iterator iter = assertion.getStatement().iterator();
    while (iter.hasNext()) {
        Statement statement = (Statement) iter.next();
        if (statement.getStatementType() != Statement.AUTHENTICATION_STATEMENT) {
            continue;
        }
        Subject sub = ((SubjectStatement) statement).getSubject();
        SubjectConfirmation subConf = sub.getSubjectConfirmation();
        if (subConf == null) {
            continue;
        }
        Set cms = subConf.getConfirmationMethod();
        if (cms == null || cms.isEmpty()) {
            continue;
        }
        String cm = (String) cms.iterator().next();
        if (cm != null && (cm.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT) || cm.equals(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT) || cm.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER))) {
            subject = sub;
            break;
        }
    }
    if (subject != null) {
        getUser(subject, sourceID, map);
        Map attrMap = new HashMap();
        SAMLUtils.addEnvParamsFromAssertion(attrMap, assertion, subject);
        if (!attrMap.isEmpty()) {
            map.put(ATTRIBUTE, attrMap);
        }
    }
    return map;
}

Example 5 with Subject

use of com.sun.identity.saml.assertion.Subject in project OpenAM by OpenRock.

the class LibSecurityTokenProvider method createAttributeStatement.

private AttributeStatement createAttributeStatement(NameIdentifier senderIdentity, List attributes, boolean isBearer) {
    AttributeStatement attributeStatement = null;
    try {
        Subject subject = null;
        SubjectConfirmation subConfirmation = null;
        if (isBearer) {
            subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
        } else {
            subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_HOLDEROFKEY);
            subConfirmation.setKeyInfo(createKeyInfo());
        }
        subject = new Subject(senderIdentity, subConfirmation);
        return new AttributeStatement(subject, attributes);
    } catch (Exception e) {
        if (debug.messageEnabled()) {
            debug.message("createAttributeStatement: ", e);
        }
    }
    return null;
}