Search in sources :

Example 6 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLClaimsTest method testSAML1Claims.

@org.junit.Test
public void testSAML1Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setSimpleName("role");
    attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
    attributeBean.addAttributeValue("employee");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());
    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));
    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals("role", ((SAMLClaim) claim).getName());
    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) Document(org.w3c.dom.Document) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) Principal(java.security.Principal)

Example 7 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLClaimsTest method testSAML2Claims.

@org.junit.Test
public void testSAML2Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    attributeBean.addAttributeValue("employee");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());
    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));
    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim) claim).getName());
    assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim) claim).getNameFormat());
    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) Document(org.w3c.dom.Document) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) Principal(java.security.Principal)

Example 8 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            callback.setSubject(subjectBean);
            if (attributes != null) {
                AttributeStatementBean attrBean = new AttributeStatementBean();
                attrBean.setSubject(subjectBean);
                attrBean.setSamlAttributes(attributes);
                callback.setAttributeStatementData(Collections.singletonList(attrBean));
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 9 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class JAXRSSamlTest method testSAMLTokenHeaderUsingAuthorizationPolicy.

@Test
public void testSAMLTokenHeaderUsingAuthorizationPolicy() throws Exception {
    String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    bean.setAddress(address);
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSSamlTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    // Create SAML Token
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(new SamlCallbackHandler(), samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.createDocument();
    Element token = assertion.toDOM(doc);
    WebClient wc = bean.createWebClient();
    HTTPConduit http = (HTTPConduit) WebClient.getConfig(wc).getConduit();
    AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
    String encodedToken = encodeToken(DOM2Writer.nodeToString(token));
    authorizationPolicy.setAuthorization(encodedToken);
    authorizationPolicy.setAuthorizationType("SAML");
    http.setAuthorization(authorizationPolicy);
    try {
        Book book = wc.get(Book.class);
        assertEquals(123L, book.getId());
    } catch (WebApplicationException ex) {
        fail(ex.getMessage());
    } catch (ProcessingException ex) {
        if (ex.getCause() != null && ex.getCause().getMessage() != null) {
            fail(ex.getCause().getMessage());
        } else {
            fail(ex.getMessage());
        }
    }
}
Also used : Bus(org.apache.cxf.Bus) JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean) WebApplicationException(javax.ws.rs.WebApplicationException) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) Book(org.apache.cxf.systest.jaxrs.security.Book) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) ProcessingException(javax.ws.rs.ProcessingException) Test(org.junit.Test)

Example 10 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlElementCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            Element assertionElement;
            try {
                Document doc = DOMUtils.createDocument();
                assertionElement = getSAMLAssertion(doc);
            } catch (Exception e) {
                throw new IOException(e.getMessage());
            }
            callback.setAssertionElement(assertionElement);
        }
    }
}
Also used : Element(org.w3c.dom.Element) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) IOException(java.io.IOException) Document(org.w3c.dom.Document) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException)

Aggregations

SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)60 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)40 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25 Document (org.w3c.dom.Document)25 Crypto (org.apache.wss4j.common.crypto.Crypto)23 Element (org.w3c.dom.Element)23 Status (org.opensaml.saml.saml2.core.Status)20 Response (org.opensaml.saml.saml2.core.Response)19 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)18 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 IOException (java.io.IOException)13 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)13 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)11 DateTime (org.joda.time.DateTime)11 AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)9 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)9 InputStream (java.io.InputStream)8 KeyStore (java.security.KeyStore)8 Merlin (org.apache.wss4j.common.crypto.Merlin)8