Search in sources :

Example 16 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class DefaultLibrarySPAccountMapper method getAutoFedUser.

/**
     * Returns user for the auto federate attribute.
     *
     * @param realm Realm name.
     * @param entityID Hosted <code>EntityID</code>.
     * @param assertion <code>Assertion</code> from the identity provider.
     * @return Auto federation mapped user from the assertion auto federation <code>AttributeStatement</code>. if the
     * statement does not have the auto federation attribute then the NameID value will be used if use NameID as SP user
     * ID is enabled, otherwise null.
     */
protected String getAutoFedUser(String realm, String entityID, Assertion assertion, String decryptedNameID, Set<PrivateKey> decryptionKeys) throws SAML2Exception {
    if (!isAutoFedEnabled(realm, entityID)) {
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation is disabled.");
        }
        return null;
    }
    String autoFedAttribute = getAttribute(realm, entityID, SAML2Constants.AUTO_FED_ATTRIBUTE);
    if (autoFedAttribute == null || autoFedAttribute.isEmpty()) {
        debug.error("DefaultLibrarySPAccountMapper.getAutoFedUser: " + "Auto federation is enabled but the auto federation attribute is not configured.");
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation attribute is set to: " + autoFedAttribute);
    }
    Set<String> autoFedAttributeValue = null;
    List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: " + "Assertion does not have any attribute statements.");
        }
    } else {
        for (AttributeStatement statement : attributeStatements) {
            autoFedAttributeValue = getAttribute(statement, autoFedAttribute, decryptionKeys);
            if (autoFedAttributeValue != null && !autoFedAttributeValue.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: " + "Found auto federation attribute value in Assertion: " + autoFedAttributeValue);
                }
                break;
            }
        }
    }
    if (autoFedAttributeValue == null || autoFedAttributeValue.isEmpty()) {
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation attribute is not specified" + " as an attribute.");
        }
        if (!useNameIDAsSPUserID(realm, entityID)) {
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: NameID as SP UserID was not enabled " + " and auto federation attribute " + autoFedAttribute + " was not found in the Assertion");
            }
            return null;
        } else {
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Trying now to autofederate with nameID" + ", nameID =" + decryptedNameID);
            }
            autoFedAttributeValue = CollectionUtils.asSet(decryptedNameID);
        }
    }
    String autoFedMapAttribute = null;
    DefaultSPAttributeMapper attributeMapper = new DefaultSPAttributeMapper();
    Map<String, String> attributeMap = attributeMapper.getConfigAttributeMap(realm, entityID, SP);
    if (attributeMap == null || attributeMap.isEmpty()) {
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: attribute map is not configured.");
        }
    } else {
        autoFedMapAttribute = attributeMap.get(autoFedAttribute);
    }
    if (autoFedMapAttribute == null) {
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: " + "Auto federation attribute map is not specified in config.");
        }
        // assume it is the same as the auto fed attribute name 
        autoFedMapAttribute = autoFedAttribute;
    }
    try {
        Map<String, Set<String>> map = new HashMap<>(1);
        map.put(autoFedMapAttribute, autoFedAttributeValue);
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Search map: " + map);
        }
        String userId = dsProvider.getUserID(realm, map);
        if (userId != null && !userId.isEmpty()) {
            return userId;
        } else {
            // return auto-federation attribute value as uid 
            if (isDynamicalOrIgnoredProfile(realm)) {
                if (debug.messageEnabled()) {
                    debug.message("DefaultLibrarySPAccountMapper: dynamical user creation or ignore profile " + "enabled : uid=" + autoFedAttributeValue);
                }
                // return the first value as uid
                return autoFedAttributeValue.iterator().next();
            }
        }
    } catch (DataStoreProviderException dse) {
        if (debug.warningEnabled()) {
            debug.warning("DefaultLibrarySPAccountMapper.getAutoFedUser: Datastore provider exception", dse);
        }
    }
    return null;
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)

Example 17 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class AssertionIDRequestUtil method sendAssertionIDRequestURI.

/**
     * Sends the Assertion ID to specifiied Assertion ID Request Service and
     * returns <code>Assertion</code> coming from the Assertion ID Request
     * Service.
     *
     * @param assertionID the asssertionID</code> object
     * @param samlAuthorityEntityID entity ID of SAML authority
     * @param role SAML authority role, for example,
     * <code>SAML2Constants.ATTR_AUTH_ROLE</code>, 
     * <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
     * <code>SAML2Constants.IDP_ROLE</code>
     * @param realm the realm of hosted entity
     *
     * @return the <code>Assertion</code> object
     * @exception SAML2Exception if the operation is not successful
     *
     * @supported.api
     */
public static Assertion sendAssertionIDRequestURI(String assertionID, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
    StringBuffer locationSB = new StringBuffer();
    getRoleDescriptorAndLocation(samlAuthorityEntityID, role, realm, SAML2Constants.URI, locationSB);
    if (locationSB.indexOf("?") == -1) {
        locationSB.append("?");
    } else {
        locationSB.append("&");
    }
    locationSB.append("ID=").append(assertionID);
    String location = fillInBasicAuthInfo(locationSB.toString(), realm, samlAuthorityEntityID, role);
    URL url = null;
    try {
        url = new URL(location);
    } catch (MalformedURLException me) {
        throw new SAML2Exception(me.getMessage());
    }
    try {
        HttpURLConnection conn = HttpURLConnectionManager.getConnection(url);
        conn.setInstanceFollowRedirects(false);
        conn.setUseCaches(false);
        conn.setDoOutput(false);
        conn.connect();
        int respCode = conn.getResponseCode();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: " + "Response code = " + respCode + ", Response message = " + conn.getResponseMessage());
        }
        if (respCode != HttpURLConnection.HTTP_OK) {
            return null;
        }
        String contentType = conn.getContentType();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: " + "Content type = " + contentType);
        }
        if ((contentType == null) || (contentType.indexOf(MIME_TYPE_ASSERTION) == -1)) {
            return null;
        }
        int contentLength = conn.getContentLength();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: " + "Content length = " + contentLength);
        }
        BufferedInputStream bin = new BufferedInputStream(conn.getInputStream());
        StringBuffer contentSB = new StringBuffer();
        byte[] content = new byte[2048];
        if (contentLength != -1) {
            int read = 0, totalRead = 0;
            int left;
            while (totalRead < contentLength) {
                left = contentLength - totalRead;
                read = bin.read(content, 0, left < content.length ? left : content.length);
                if (read == -1) {
                    // We need to close connection !!
                    break;
                } else {
                    if (read > 0) {
                        totalRead += read;
                        contentSB.append(new String(content, 0, read));
                    }
                }
            }
        } else {
            int numbytes;
            int totalRead = 0;
            while (true) {
                numbytes = bin.read(content);
                if (numbytes == -1) {
                    break;
                }
                totalRead += numbytes;
                contentSB.append(new String(content, 0, numbytes));
            }
        }
        return AssertionFactory.getInstance().createAssertion(contentSB.toString());
    } catch (IOException ioex) {
        SAML2Utils.debug.error("AssertionIDRequest.sendAssertionIDRequestURI:", ioex);
        throw new SAML2Exception(ioex.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) MalformedURLException(java.net.MalformedURLException) HttpURLConnection(java.net.HttpURLConnection) BufferedInputStream(java.io.BufferedInputStream) IOException(java.io.IOException) URL(java.net.URL)

Example 18 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class ResponseImpl method parseElement.

private void parseElement(Element element) throws SAML2Exception {
    // make sure that the input xml block is not null
    if (element == null) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("ResponseImpl.parseElement: " + "element input is null.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    // Make sure this is an Response.
    String tag = null;
    tag = element.getLocalName();
    if ((tag == null) || (!tag.equals("Response"))) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("ResponseImpl.parseElement: " + "not Response.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
    }
    // handle the attributes of <Response> element
    NamedNodeMap atts = ((Node) element).getAttributes();
    if (atts != null) {
        int length = atts.getLength();
        for (int i = 0; i < length; i++) {
            Attr attr = (Attr) atts.item(i);
            String attrName = attr.getName();
            String attrValue = attr.getValue().trim();
            if (attrName.equals("ID")) {
                responseId = attrValue;
            } else if (attrName.equals("InResponseTo")) {
                inResponseTo = attrValue;
            } else if (attrName.equals("Version")) {
                version = attrValue;
            } else if (attrName.equals("IssueInstant")) {
                try {
                    issueInstant = DateUtils.stringToDate(attrValue);
                } catch (ParseException pe) {
                    throw new SAML2Exception(pe.getMessage());
                }
            } else if (attrName.equals("Destination")) {
                destination = attrValue;
            } else if (attrName.equals("Consent")) {
                consent = attrValue;
            }
        }
    }
    // handle child elements
    NodeList nl = element.getChildNodes();
    Node child;
    String childName;
    int length = nl.getLength();
    for (int i = 0; i < length; i++) {
        child = nl.item(i);
        if ((childName = child.getLocalName()) != null) {
            if (childName.equals("Issuer")) {
                if (issuer != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element: included more than one Issuer.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
                }
                if (signatureString != null || extensions != null || status != null || assertions != null || encAssertions != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
                }
                issuer = AssertionFactory.getInstance().createIssuer((Element) child);
            } else if (childName.equals("Signature")) {
                if (signatureString != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:included more than one Signature.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
                }
                if (extensions != null || status != null || assertions != null || encAssertions != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
                }
                signatureString = XMLUtils.print((Element) child, "UTF-8");
                isSigned = true;
            } else if (childName.equals("Extensions")) {
                if (extensions != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:included more than one Extensions.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
                }
                if (status != null || assertions != null || encAssertions != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
                }
                extensions = ProtocolFactory.getInstance().createExtensions((Element) child);
            } else if (childName.equals("Status")) {
                if (status != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element: included more than one Status.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
                }
                if (assertions != null || encAssertions != null) {
                    if (SAML2SDKUtils.debug.messageEnabled()) {
                        SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
                    }
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
                }
                status = ProtocolFactory.getInstance().createStatus((Element) child);
            } else if (childName.equals("Assertion")) {
                if (assertions == null) {
                    assertions = new ArrayList();
                }
                Element canoEle = SAMLUtils.getCanonicalElement(child);
                if (canoEle == null) {
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorCanonical"));
                }
                assertions.add(AssertionFactory.getInstance().createAssertion(canoEle));
            } else if (childName.equals("EncryptedAssertion")) {
                if (encAssertions == null) {
                    encAssertions = new ArrayList();
                }
                encAssertions.add(AssertionFactory.getInstance().createEncryptedAssertion((Element) child));
            } else {
                if (SAML2SDKUtils.debug.messageEnabled()) {
                    SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element: Invalid element:" + childName);
                }
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalidElement"));
            }
        }
    }
    super.validateData();
    if (assertions != null) {
        Iterator iter = assertions.iterator();
        while (iter.hasNext()) {
            ((Assertion) iter.next()).makeImmutable();
        }
        assertions = Collections.unmodifiableList(assertions);
    }
    if (encAssertions != null) {
        encAssertions = Collections.unmodifiableList(encAssertions);
    }
    isMutable = false;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NamedNodeMap(org.w3c.dom.NamedNodeMap) Node(org.w3c.dom.Node) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) ParseException(java.text.ParseException) Attr(org.w3c.dom.Attr)

Example 19 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SAML2Proxy method getUrl.

private static String getUrl(HttpServletRequest request, HttpServletResponse response) throws IOException {
    if (request == null || response == null) {
        DEBUG.error("SAML2Proxy: Null request or response");
        return getUrlWithError(request, BAD_REQUEST);
    }
    try {
        SAMLUtils.checkHTTPContentLength(request);
    } catch (ServletException se) {
        DEBUG.error("SAML2Proxy: content length too large");
        return getUrlWithError(request, BAD_REQUEST);
    }
    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
        return getUrlWithError(request, MISSING_COOKIE);
    }
    // get entity id and orgName
    String requestURL = request.getRequestURL().toString();
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
    String hostEntityId;
    if (metaManager == null) {
        DEBUG.error("SAML2Proxy: Unable to obtain metaManager");
        return getUrlWithError(request, MISSING_META_MANAGER);
    }
    try {
        hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
        if (hostEntityId == null) {
            throw new SAML2MetaException("Caught Instantly");
        }
    } catch (SAML2MetaException sme) {
        DEBUG.warning("SAML2Proxy: unable to find hosted entity with metaAlias: {} Exception: {}", metaAlias, sme.toString());
        return getUrlWithError(request, META_DATA_ERROR);
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    if (StringUtils.isEmpty(realm)) {
        realm = "/";
    }
    ResponseInfo respInfo;
    try {
        respInfo = SPACSUtils.getResponse(request, response, realm, hostEntityId, metaManager);
    } catch (SAML2Exception se) {
        DEBUG.error("SAML2Proxy: Unable to obtain SAML response", se);
        return getUrlWithError(request, SAML_GET_RESPONSE_ERROR, se.getL10NMessage(request.getLocale()));
    }
    Map smap;
    try {
        // check Response/Assertion and get back a Map of relevant data
        smap = SAML2Utils.verifyResponse(request, response, respInfo.getResponse(), realm, hostEntityId, respInfo.getProfileBinding());
    } catch (SAML2Exception se) {
        DEBUG.error("SAML2Proxy: An error occurred while verifying the SAML response", se);
        return getUrlWithError(request, SAML_VERIFY_RESPONSE_ERROR, se.getL10NMessage(request.getLocale()));
    }
    String key = generateKey();
    //survival time is one hour
    SAML2ResponseData data = new SAML2ResponseData((String) smap.get(SAML2Constants.SESSION_INDEX), (Subject) smap.get(SAML2Constants.SUBJECT), (Assertion) smap.get(SAML2Constants.POST_ASSERTION), respInfo);
    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
        try {
            //counted in seconds
            long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
            SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(key, data, sessionExpireTime);
        } catch (SAML2TokenRepositoryException e) {
            DEBUG.error("An error occurred while persisting the SAML token", e);
            return getUrlWithError(request, SAML_FAILOVER_DISABLED_ERROR);
        }
    } else {
        SAML2Store.saveTokenWithKey(key, data);
    }
    return getUrlWithKey(request, key);
}
Also used : ServletException(javax.servlet.ServletException) ResponseInfo(com.sun.identity.saml2.profile.ResponseInfo) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) Map(java.util.Map)

Example 20 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SAML2 method linkAttributeValues.

/**
     * Performs the functions of linking attribute values that have been received from the assertion
     * by building them into appropriate strings and asking the auth service to migrate them into session
     * properties once authentication is completed.
     */
private void linkAttributeValues(Assertion assertion, String userName) throws AuthLoginException, SAML2Exception {
    final String spName = metaManager.getEntityByMetaAlias(metaAlias);
    final SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spName);
    final String assertionEncryptedAttr = SAML2Utils.getAttributeValueFromSPSSOConfig(spssoconfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
    final boolean needAttributeEncrypted = SPACSUtils.getNeedAttributeEncrypted(assertionEncryptedAttr, spssoconfig);
    final Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig);
    final List<Attribute> attrs = SPACSUtils.getAttrs(assertion, needAttributeEncrypted, decryptionKeys);
    final SPAttributeMapper attrMapper = SAML2Utils.getSPAttributeMapper(realm, spName);
    final Map<String, Set<String>> attrMap;
    try {
        attrMap = attrMapper.getAttributes(attrs, userName, spName, entityName, realm);
    } catch (SAML2Exception se) {
        //no attributes
        return;
    }
    setUserAttributes(attrMap);
    if (assertion.getAdvice() != null) {
        List<String> creds = assertion.getAdvice().getAdditionalInfo();
        attrMap.put(SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS, new HashSet<>(creds));
    }
    for (String name : attrMap.keySet()) {
        Set<String> value = attrMap.get(name);
        StringBuilder toStore = new StringBuilder();
        // | is defined as the property value delimiter, cf FMSessionProvider#setProperty
        for (String toAdd : value) {
            toStore.append(com.sun.identity.shared.StringUtils.getEscapedValue(toAdd)).append(PROPERTY_VALUES_SEPARATOR);
        }
        toStore.deleteCharAt(toStore.length() - 1);
        setUserSessionProperty(name, toStore.toString());
    }
}
Also used : PrivateKey(java.security.PrivateKey) Set(java.util.Set) HashSet(java.util.HashSet) Attribute(com.sun.identity.saml2.assertion.Attribute) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SPAttributeMapper(com.sun.identity.saml2.plugins.SPAttributeMapper)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)53 ArrayList (java.util.ArrayList)42 List (java.util.List)42 Assertion (com.sun.identity.saml2.assertion.Assertion)30 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)24 Date (java.util.Date)24 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)20 Issuer (com.sun.identity.saml2.assertion.Issuer)16 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)16 Response (com.sun.identity.saml2.protocol.Response)16 Iterator (java.util.Iterator)15 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 SessionException (com.sun.identity.plugin.session.SessionException)12 IOException (java.io.IOException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 NameID (com.sun.identity.saml2.assertion.NameID)10 PrivateKey (java.security.PrivateKey)10 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)8 Subject (com.sun.identity.saml2.assertion.Subject)8 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)8