Examples with Subject com.sun.identity.saml2.assertion.Subject used on opensource projects

Example 26 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class FMSubjectMapperTest method testMapToNativeSubject.

@Test(groups = { "xacml" })
public void testMapToNativeSubject() throws XACMLException, URISyntaxException {
    FMSubjectMapper subjectMapper = new FMSubjectMapper();
    Subject subject1 = ContextFactory.getInstance().createSubject();
    //supported category for id
    //urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
    subject1.setSubjectCategory(new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    attribute.setIssuer("sampleIssuer1");
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:subject:subject-id
    attribute.setAttributeId(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI("urn:sun:names:xacml:2.0:data-type:opensso-session-id"));
    List<String> valueList = new ArrayList<String>();
    AuthContext lc = null;
    String[] callbacks = { "amadmin", "admin123" };
    SSOToken ssot = null;
    try {
        lc = new AuthContext("/");
        AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
        String indexName = "DataStore";
        log(Level.INFO, "testMapToNativeSubject():\n", " LDAPLogin: Obtained login context");
        lc.login(indexType, indexName, callbacks);
        if (lc.getStatus() == AuthContext.Status.SUCCESS) {
            log(Level.INFO, "testMapToNativeSubject():\n", " Login success!!");
        }
        ssot = lc.getSSOToken();
    } catch (Exception le) {
        le.printStackTrace();
        log(Level.INFO, "testMapToNativeSubject():\n", " Login failed!!");
    }
    String sid = ssot.getTokenID().toString();
    log(Level.INFO, "testMapToNativeSubject():\n", " sid = " + sid);
    valueList.add(sid);
    attribute.setAttributeStringValues(valueList);
    List<Attribute> attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject1.setAttributes(attributeList);
    Subject[] subjects = { subject1 };
    List<Subject> subjectsList = new ArrayList<Subject>();
    subjectsList.add(subject1);
    SSOToken retSSOToken = (SSOToken) subjectMapper.mapToNativeSubject(subjectsList);
    String retSid = retSSOToken.getTokenID().toString();
    log(Level.INFO, "testMapToNativeSubject():\n", " return sid = " + retSid);
}

Example 27 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AssertionGen method getSubject.

/**
 *Add subject to the SAML assertion
 *
 */
private Subject getSubject(String SPEntityID, String SPBaseUrl, String IDPEntutyID) {
    Subject subject = AssertionFactory.getInstance().createSubject();
    try {
        NameID nameID = AssertionFactory.getInstance().createNameID();
        SubjectConfirmation sc = AssertionFactory.getInstance().createSubjectConfirmation();
        List SubjectConformationList = new ArrayList();
        nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
        nameID.setNameQualifier(IDPEntutyID);
        nameID.setSPNameQualifier(SPEntityID);
        nameID.setValue("nameidvalue");
        subject.setNameID(nameID);
        sc.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
        int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME;
        Date date = new Date();
        date.setTime(date.getTime() + effectiveTime * 1000);
        SubjectConfirmationData scd = AssertionFactory.getInstance().createSubjectConfirmationData();
        scd.setRecipient(SPBaseUrl);
        scd.setNotOnOrAfter(date);
        sc.setSubjectConfirmationData(scd);
        SubjectConformationList.add(sc);
        subject.setSubjectConfirmation(SubjectConformationList);
        return subject;
    } catch (SAML2Exception ex) {
        Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
    }
    return subject;
}

Example 28 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AssertionImpl method toXMLString.

/**
    * Returns a String representation
    * @param includeNSPrefix Determines whether or not the namespace
    *        qualifier is prepended to the Element when converted
    * @param declareNS Determines whether or not the namespace is declared
    *        within the Element.
    * @return A String representation
    * @exception SAML2Exception if something is wrong during conversion
    */
@Override
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    if ((signature != null) && (signedXMLString != null)) {
        return signedXMLString;
    }
    StringBuffer sb = new StringBuffer(2000);
    String NS = "";
    String appendNS = "";
    if (declareNS) {
        NS = SAML2Constants.ASSERTION_DECLARE_STR;
    }
    if (includeNSPrefix) {
        appendNS = SAML2Constants.ASSERTION_PREFIX;
    }
    sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
    if ((version == null) || (version.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): version missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
    }
    sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").append(version).append("\"");
    if ((id == null) || (id.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): assertion id missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
    }
    sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").append(id).append("\"");
    if (issueInstant == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issue instant missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
    }
    String instantStr = DateUtils.toUTCDateFormat(issueInstant);
    sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").append(instantStr).append("\"").append(">\n");
    if (issuer == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issuer missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
    }
    sb.append(issuer.toXMLString(includeNSPrefix, false));
    if (signature != null) {
        sb.append(signature);
    }
    if (subject != null) {
        sb.append(subject.toXMLString(includeNSPrefix, false));
    }
    if (conditions != null) {
        sb.append(conditions.toXMLString(includeNSPrefix, false));
    }
    if (advice != null) {
        sb.append(advice.toXMLString(includeNSPrefix, false));
    }
    int length = 0;
    if (statements != null) {
        length = statements.size();
        for (int i = 0; i < length; i++) {
            String str = (String) statements.get(i);
            sb.append(str);
        }
    }
    if (authnStatements != null) {
        length = authnStatements.size();
        for (int i = 0; i < length; i++) {
            AuthnStatement st = (AuthnStatement) authnStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    if (authzDecisionStatements != null) {
        length = authzDecisionStatements.size();
        for (int i = 0; i < length; i++) {
            AuthzDecisionStatement st = (AuthzDecisionStatement) authzDecisionStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    if (attributeStatements != null) {
        length = attributeStatements.size();
        for (int i = 0; i < length; i++) {
            AttributeStatement st = (AttributeStatement) attributeStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).append(">\n");
    //return SAML2Utils.removeNewLineChars(sb.toString());
    return sb.toString();
}

Example 29 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.

public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
    }
    String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
    if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
    }
    String x509SubjectDN = nameID.getValue();
    Map attrMap = new HashMap();
    Set values = new HashSet();
    values.add(x509SubjectDN);
    attrMap.put(mappingAttrName, values);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
    }
    try {
        return dsProvider.getUserID(realm, attrMap);
    } catch (DataStoreProviderException dse) {
        SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
        throw new SAML2Exception(dse.getMessage());
    }
}

Example 30 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentity.

public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    String nameIDFormat = nameID.getFormat();
    // NameIDFormat is "transient"
    if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
        return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
    } else // NameIDFormat is "unspecified"
    if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
        Map userIDsSearchMap = new HashMap();
        Set userIDValuesSet = new HashSet();
        userIDValuesSet.add(nameID.getValue());
        String userId = "uid";
        IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
        Map attrs = SAML2MetaUtils.getAttributes(config);
        List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
        for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
            String attrName = (String) i.next();
            if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
                int eqPos = attrName.indexOf('=');
                if (eqPos != -1 && eqPos < attrName.length() - 2) {
                    userId = attrName.substring(eqPos + 1);
                    SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
                    break;
                }
            }
        }
        userIDsSearchMap.put(userId, userIDValuesSet);
        try {
            return dsProvider.getUserID(realm, userIDsSearchMap);
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    } else {
        String requestedEntityID = attrQuery.getIssuer().getValue();
        try {
            return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    }
}