Example 1 with SubjectConfirmationData
use of com.sun.identity.saml2.assertion.SubjectConfirmationData in project OpenAM by OpenRock.
the class DiscoveryBootstrap method convertSC.
private static com.sun.identity.saml.assertion.SubjectConfirmation convertSC(List subjectConfirmations) throws SAMLException {
if ((subjectConfirmations == null) || subjectConfirmations.isEmpty()) {
return null;
}
SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmations.get(0);
com.sun.identity.saml.assertion.SubjectConfirmation samlSC = new com.sun.identity.saml.assertion.SubjectConfirmation(subjectConfirmation.getMethod());
SubjectConfirmationData scData = subjectConfirmation.getSubjectConfirmationData();
if (scData != null) {
List content = scData.getContent();
if ((content != null) && (!content.isEmpty())) {
samlSC.setSubjectConfirmationData((String) content.get(0));
}
}
return samlSC;
}
Also used :
SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation)
ArrayList(java.util.ArrayList)
List(java.util.List)
SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData)
Example 2 with SubjectConfirmationData
use of com.sun.identity.saml2.assertion.SubjectConfirmationData in project OpenAM by OpenRock.
the class IDPSSOUtil method getSubjectConfirmation.
/**
* Returns a <code>SAML SubjectConfirmation</code> object
*
* @param inResponseTo the request id of the <code>AuthnRequest</code>
* @param acsURL the <code>ACS</code> service <code>url</code>
* @param effectiveTime the effective time of the assertion
* @return the <code>SAML SubjectConfirmation</code> object
* @throws SAML2Exception if the operation is not successful
*/
private static SubjectConfirmation getSubjectConfirmation(String inResponseTo, String acsURL, int effectiveTime) throws SAML2Exception {
SubjectConfirmation sc = AssertionFactory.getInstance().createSubjectConfirmation();
sc.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
SubjectConfirmationData scd = AssertionFactory.getInstance().createSubjectConfirmationData();
scd.setRecipient(XMLUtils.escapeSpecialCharacters(acsURL));
if (inResponseTo != null) {
scd.setInResponseTo(inResponseTo);
}
Date date = new Date();
date.setTime(date.getTime() + effectiveTime * 1000);
scd.setNotOnOrAfter(date);
sc.setSubjectConfirmationData(scd);
return sc;
}
Also used :
SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation)
SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData)
Date(java.util.Date)
Example 3 with SubjectConfirmationData
use of com.sun.identity.saml2.assertion.SubjectConfirmationData in project OpenAM by OpenRock.
the class SubjectConfirmationDataImpl method parseElement.
private void parseElement(Element element) throws SAML2Exception {
// make sure that the input xml block is not null
if (element == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("parseElement: " + "Input is null.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an SubjectConfirmationData.
String tag = element.getLocalName();
if ((tag == null) || (!tag.equals(elementName))) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("parseElement: " + "not SubjectConfirmationData.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// handle the attributes of <SubjectConfirmationData> element
NamedNodeMap attrs = ((Node) element).getAttributes();
parseAttributes(attrs);
parseContent(element);
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
Node(org.w3c.dom.Node)
Example 4 with SubjectConfirmationData
use of com.sun.identity.saml2.assertion.SubjectConfirmationData in project OpenAM by OpenRock.
the class SubjectConfirmationImpl method processElement.
private void processElement(Element element) throws SAML2Exception {
if (element == null) {
SAML2SDKUtils.debug.error("SubjectConfirmationImpl." + "processElement(): invalid root element");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_element"));
}
String elemName = element.getLocalName();
if (elemName == null) {
SAML2SDKUtils.debug.error("SubjectConfirmationImpl.processElement(): local name missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_local_name"));
}
if (!elemName.equals(SUBJECT_CONFIRMATION_ELEMENT)) {
SAML2SDKUtils.debug.error("SubjectConfirmationImpl.processElement(): invalid local name " + elemName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_local_name"));
}
// starts processing attributes
String attrValue = element.getAttribute(METHOD_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("SubjectConfirmationImpl.processElement(): method missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_confirmation_method"));
}
method = attrValue;
// starts processing subelements
NodeList nodes = element.getChildNodes();
int numOfNodes = nodes.getLength();
if (numOfNodes < 1) {
return;
}
int nextElem = 0;
Node child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
String childName = child.getLocalName();
if (childName != null) {
if (childName.equals(SUBJECT_CONFIRMATION_DATA_ELEMENT)) {
subjectConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData((Element) child);
} else if (childName.equals(BASE_ID_ELEMENT)) {
baseId = AssertionFactory.getInstance().createBaseID((Element) child);
} else if (childName.equals(NAME_ID_ELEMENT)) {
nameId = AssertionFactory.getInstance().createNameID((Element) child);
} else if (childName.equals(ENCRYPTED_ID_ELEMENT)) {
encryptedId = AssertionFactory.getInstance().createEncryptedID((Element) child);
} else {
SAML2SDKUtils.debug.error("SubjectConfirmationImpl.processElement(): " + "unexpected subelement " + childName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
}
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 5 with SubjectConfirmationData
use of com.sun.identity.saml2.assertion.SubjectConfirmationData in project OpenAM by OpenRock.
the class DefaultSubjectProvider method get.
public Subject get(String subjectId, String spAcsUrl, SAML2Config saml2Config, SAML2SubjectConfirmation subjectConfirmation, Date assertionIssueInstant, ProofTokenState proofTokenState) throws TokenCreationException {
try {
Subject subject = AssertionFactory.getInstance().createSubject();
setNameIdentifier(subject, subjectId, saml2Config.getNameIdFormat());
SubjectConfirmation subConfirmation = AssertionFactory.getInstance().createSubjectConfirmation();
switch(subjectConfirmation) {
case BEARER:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
/*
see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf -
Recipient attribute of SubjectConfirmation element must be set to the Service Provider
ACS url.
*/
SubjectConfirmationData bearerConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
bearerConfirmationData.setRecipient(spAcsUrl);
/*
see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf - NotBefore cannot
be set, but NotOnOrAfter must be set.
*/
bearerConfirmationData.setNotOnOrAfter(new Date(assertionIssueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
subConfirmation.setSubjectConfirmationData(bearerConfirmationData);
break;
case SENDER_VOUCHES:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES);
break;
case HOLDER_OF_KEY:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY);
subConfirmation.setSubjectConfirmationData(getHoKSubjectConfirmationData(proofTokenState.getX509Certificate()));
break;
default:
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Unexpected SubjectConfirmation value in DefaultSubjectProvider: " + subjectConfirmation);
}
List<SubjectConfirmation> subjectConfirmationList = new ArrayList<>();
subjectConfirmationList.add(subConfirmation);
subject.setSubjectConfirmation(subjectConfirmationList);
return subject;
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting subject confirmation state in DefaultSubjectProvider: " + e, e);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2SubjectConfirmation(org.forgerock.openam.sts.token.SAML2SubjectConfirmation)
SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation)
ArrayList(java.util.ArrayList)
SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Subject(com.sun.identity.saml2.assertion.Subject)
Date(java.util.Date)
Aggregations
SubjectConfirmationData (com.sun.identity.saml2.assertion.SubjectConfirmationData)8
SubjectConfirmation (com.sun.identity.saml2.assertion.SubjectConfirmation)7
Date (java.util.Date)7
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)5
Subject (com.sun.identity.saml2.assertion.Subject)4
ArrayList (java.util.ArrayList)4
SAML2SubjectConfirmation (org.forgerock.openam.sts.token.SAML2SubjectConfirmation)3
List (java.util.List)2
TokenCreationException (org.forgerock.openam.sts.TokenCreationException)2
KeyInfoFactory (org.forgerock.openam.sts.tokengeneration.saml2.xmlsig.KeyInfoFactory)2
Test (org.testng.annotations.Test)2
Element (org.w3c.dom.Element)2
Node (org.w3c.dom.Node)2
AudienceRestriction (com.sun.identity.saml2.assertion.AudienceRestriction)1
Conditions (com.sun.identity.saml2.assertion.Conditions)1
Issuer (com.sun.identity.saml2.assertion.Issuer)1
AssertionConsumerServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement)1
HashMap (java.util.HashMap)1
Iterator (java.util.Iterator)1
Map (java.util.Map)1
