use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class IssueJWTClaimsUnitTest method createSAMLAssertion.
/*
* Mock up an SAML assertion element
*/
private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, Map<String, RealmProperties> realms) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
samlTokenProvider.setRealmMap(realms);
samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
if (realms != null) {
providerParameters.setRealm("A");
}
// Set the ClaimsManager
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection requestedClaims = new ClaimCollection();
Claim requestClaim = new Claim();
requestClaim.setClaimType(ClaimTypes.LASTNAME);
requestClaim.setOptional(false);
requestedClaims.add(requestClaim);
providerParameters.setRequestedSecondaryClaims(requestedClaims);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element) providerResponse.getToken();
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class SAMLTokenValidatorTest method createSAMLAssertionWithRoles.
private Element createSAMLAssertionWithRoles(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, String role) throws WSSecurityException {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters("alice", tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"));
claim.addValue(role);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element) providerResponse.getToken();
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class SAMLClaimsTest method testSaml2SeparateClaimsMultipleClaimsHandlers.
/**
* Here we have two ClaimsHandlers that can both add claims for the same claim type. We configure the
* SAMLTokenProvider not to combine the claims unlike the test above.
*/
@org.junit.Test
public void testSaml2SeparateClaimsMultipleClaimsHandlers() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
((SAMLTokenProvider) samlTokenProvider).setCombineClaimAttributes(false);
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
ClaimsHandler claimsHandler2 = new CustomClaimsHandler();
((CustomClaimsHandler) claimsHandler2).setRole("CustomRole");
claimsManager.setClaimHandlers(Arrays.asList(claimsHandler, claimsHandler2));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CustomClaimsHandler.ROLE_CLAIM);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
String requiredClaim = CustomClaimsHandler.ROLE_CLAIM.toString();
assertTrue(tokenString.contains(requiredClaim));
assertTrue(tokenString.contains("DUMMY"));
assertTrue(tokenString.contains("CustomRole"));
// Check we have two Role Claims
assertNotEquals(tokenString.indexOf(requiredClaim), tokenString.lastIndexOf(requiredClaim));
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class SAMLClaimsTest method testSaml2StaticClaims.
/**
* Test the creation of a SAML2 Assertion with StaticClaimsHandler
*/
@org.junit.Test
public void testSaml2StaticClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
StaticClaimsHandler claimsHandler = new StaticClaimsHandler();
Map<String, String> staticClaimsMap = new HashMap<>();
staticClaimsMap.put(CLAIM_STATIC_COMPANY, CLAIM_STATIC_COMPANY_VALUE);
claimsHandler.setGlobalClaims(staticClaimsMap);
claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CLAIM_STATIC_COMPANY);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
assertEquals(attributes.size(), 1);
assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY);
XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE);
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class SAMLClaimsTest method testSaml2CombinedClaimsMultipleClaimsHandlers.
/**
* Here we have two ClaimsHandlers that can both add claims for the same claim type. By default we will
* combine the Claims into one Attribute.
*/
@org.junit.Test
public void testSaml2CombinedClaimsMultipleClaimsHandlers() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
ClaimsHandler claimsHandler2 = new CustomClaimsHandler();
((CustomClaimsHandler) claimsHandler2).setRole("CustomRole");
claimsManager.setClaimHandlers(Arrays.asList(claimsHandler, claimsHandler2));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CustomClaimsHandler.ROLE_CLAIM);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
String requiredClaim = CustomClaimsHandler.ROLE_CLAIM.toString();
assertTrue(tokenString.contains(requiredClaim));
assertTrue(tokenString.contains("DUMMY"));
assertTrue(tokenString.contains("CustomRole"));
// Check only one Role Claim
assertEquals(tokenString.indexOf(requiredClaim), tokenString.lastIndexOf(requiredClaim));
}
Aggregations