use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultSubjectProvider method get.
public Subject get(String subjectId, String spAcsUrl, SAML2Config saml2Config, SAML2SubjectConfirmation subjectConfirmation, Date assertionIssueInstant, ProofTokenState proofTokenState) throws TokenCreationException {
try {
Subject subject = AssertionFactory.getInstance().createSubject();
setNameIdentifier(subject, subjectId, saml2Config.getNameIdFormat());
SubjectConfirmation subConfirmation = AssertionFactory.getInstance().createSubjectConfirmation();
switch(subjectConfirmation) {
case BEARER:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
/*
see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf -
Recipient attribute of SubjectConfirmation element must be set to the Service Provider
ACS url.
*/
SubjectConfirmationData bearerConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
bearerConfirmationData.setRecipient(spAcsUrl);
/*
see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf - NotBefore cannot
be set, but NotOnOrAfter must be set.
*/
bearerConfirmationData.setNotOnOrAfter(new Date(assertionIssueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
subConfirmation.setSubjectConfirmationData(bearerConfirmationData);
break;
case SENDER_VOUCHES:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES);
break;
case HOLDER_OF_KEY:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY);
subConfirmation.setSubjectConfirmationData(getHoKSubjectConfirmationData(proofTokenState.getX509Certificate()));
break;
default:
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Unexpected SubjectConfirmation value in DefaultSubjectProvider: " + subjectConfirmation);
}
List<SubjectConfirmation> subjectConfirmationList = new ArrayList<>();
subjectConfirmationList.add(subConfirmation);
subject.setSubjectConfirmation(subjectConfirmationList);
return subject;
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting subject confirmation state in DefaultSubjectProvider: " + e, e);
}
}
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultAttributeStatementsProviderTest method setup.
@BeforeTest
public void setup() throws TokenCreationException, SAML2Exception {
attributeMap = new HashMap<>();
attributeMap.put(ATTRIBUTE_NAME, "mail");
mockAttributeMapper = mock(AttributeMapper.class);
mockToken = mock(SSOToken.class);
Attribute attribute = AssertionFactory.getInstance().createAttribute();
attribute.setName(ATTRIBUTE_NAME);
List<String> attributeValueList = new ArrayList<>();
attributeValueList.add(ATTRIBUTE_VALUE);
attribute.setAttributeValue(attributeValueList);
attributeList = new ArrayList<>();
attributeList.add(attribute);
when(mockAttributeMapper.getAttributes(mockToken, attributeMap)).thenReturn(attributeList);
saml2Config = createSAML2Config();
}
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAML2Utils method getConfigAttributeMap.
/**
* Returns the attribute map by parsing the configured map in hosted
* provider configuration
*
* @param realm realm name.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @return a map of local attributes configuration map.
* This map will have a key as the SAML attribute name and the value
* is the local attribute.
* @throws <code>SAML2Exception</code> if any failured.
*/
public static Map getConfigAttributeMap(String realm, String hostEntityID, String role) throws SAML2Exception {
if (realm == null) {
throw new SAML2Exception(bundle.getString("nullRealm"));
}
if (hostEntityID == null) {
throw new SAML2Exception(bundle.getString("nullHostEntityID"));
}
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getConfigAttributeMap: DefaultAttrMapper: relam=" + realm + ", entity id=" + hostEntityID + ", role=" + role);
}
try {
BaseConfigType config = null;
if (role.equals(SAML2Constants.SP_ROLE)) {
config = saml2MetaManager.getSPSSOConfig(realm, hostEntityID);
} else if (role.equals(SAML2Constants.IDP_ROLE)) {
config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityID);
}
if (config == null) {
if (debug.warningEnabled()) {
debug.warning("SAML2Utils.getConfigAttributeMap: configuration is not defined.");
}
return Collections.EMPTY_MAP;
}
Map<String, List<String>> attributeConfig = SAML2MetaUtils.getAttributes(config);
List<String> mappedAttributes = attributeConfig.get(SAML2Constants.ATTRIBUTE_MAP);
if (mappedAttributes == null || mappedAttributes.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getConfigAttributeMap:Attribute map is not defined for entity: " + hostEntityID);
}
return Collections.EMPTY_MAP;
}
return getMappedAttributes(mappedAttributes);
} catch (SAML2MetaException sme) {
debug.error("SAML2Utils.getConfigAttributeMap: ", sme);
throw new SAML2Exception(sme.getMessage());
}
}
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAML2Utils method getAllAttributeValueFromSSOConfig.
/**
* Returns all values of specified attribute from SSOConfig.
*
* @param realm realm of hosted entity.
* @param hostEntityId name of hosted entity.
* @param entityRole role of hosted entity.
* @param attrName attribute name for the value.
* @return value of specified attribute from SSOConfig.
*/
public static List<String> getAllAttributeValueFromSSOConfig(String realm, String hostEntityId, String entityRole, String attrName) {
if (debug.messageEnabled()) {
String method = "getAllAttributeValueFromSSOConfig : ";
debug.message(method + "realm - " + realm);
debug.message(method + "hostEntityId - " + hostEntityId);
debug.message(method + "entityRole - " + entityRole);
debug.message(method + "attrName - " + attrName);
}
try {
BaseConfigType config = null;
if (entityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
config = saml2MetaManager.getSPSSOConfig(realm, hostEntityId);
} else if (entityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId);
} else if (entityRole.equalsIgnoreCase(SAML2Constants.ATTR_AUTH_ROLE)) {
config = saml2MetaManager.getAttributeAuthorityConfig(realm, hostEntityId);
} else if (entityRole.equalsIgnoreCase(SAML2Constants.AUTHN_AUTH_ROLE)) {
config = saml2MetaManager.getAuthnAuthorityConfig(realm, hostEntityId);
} else if (entityRole.equalsIgnoreCase(SAML2Constants.ATTR_QUERY_ROLE)) {
config = saml2MetaManager.getAttributeQueryConfig(realm, hostEntityId);
}
if (config == null) {
return null;
}
Map attrs = SAML2MetaUtils.getAttributes(config);
if (attrs == null) {
return null;
}
return (List) attrs.get(attrName);
} catch (SAML2MetaException e) {
debug.message("get SSOConfig failed:", e);
}
return null;
}
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class AttributeImpl method toXMLString.
/**
* Returns a String representation of the element.
*
* @param includeNS Determines whether or not the namespace qualifier is
* prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A string containing the valid XML for this element
* @throws SAML2Exception if the object does not conform to the schema.
*/
public String toXMLString(boolean includeNS, boolean declareNS) throws SAML2Exception {
if (name == null || name.trim().length() == 0) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("AttributeImpl.toXMLString:" + " missing Attribute Name.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingAttribute"));
}
StringBuffer result = new StringBuffer(1000);
String prefix = "";
String uri = "";
if (includeNS) {
prefix = SAML2Constants.ASSERTION_PREFIX;
}
if (declareNS) {
uri = SAML2Constants.ASSERTION_DECLARE_STR;
}
result.append("<").append(prefix).append("Attribute").append(uri).append(" Name=\"").append(name).append("\"");
if (nameFormat != null && nameFormat.trim().length() != 0) {
result.append(" NameFormat=\"").append(nameFormat).append("\"");
}
if (friendlyName != null && friendlyName.trim().length() != 0) {
result.append(" FriendlyName=\"").append(friendlyName).append("\"");
}
if (anyMap != null) {
Iterator keyIter = anyMap.keySet().iterator();
while (keyIter.hasNext()) {
String key = (String) keyIter.next();
String value = (String) anyMap.get(key);
if (value == null) {
value = "";
}
result.append(" ").append(key).append("=\"").append(value).append("\"");
}
}
result.append(">");
if (attrValues != null) {
Iterator iter = attrValues.iterator();
while (iter.hasNext()) {
result.append((String) iter.next());
}
}
result.append("</").append(prefix).append("Attribute>");
return result.toString();
}
Aggregations