Examples with SAMLCallback org.apache.wss4j.common.saml.SAMLCallback used on opensource projects

Search in sources :

Example 26 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAML2CallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setIssuer("www.example.com");
            callback.setSamlVersion(Version.SAML_20);
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
            try {
                Crypto crypto = CryptoFactory.getInstance("outsecurity.properties");
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName("myalias");
                callback.setIssuerKeyPassword("myAliasPassword");
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException)

Example 27 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;
            // Set the Subject
            if (subjectBean != null) {
                samlCallback.setSubject(subjectBean);
            }
            // Set the token Type.
            TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
            String tokenType = tokenRequirements.getTokenType();
            boolean saml1 = false;
            if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                samlCallback.setSamlVersion(Version.SAML_11);
                saml1 = true;
                setSubjectOnBeans();
            } else {
                samlCallback.setSamlVersion(Version.SAML_20);
            }
            // Set the issuer
            if (issuer == null) {
                STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
                samlCallback.setIssuer(stsProperties.getIssuer());
            } else {
                samlCallback.setIssuer(issuer);
            }
            // Set the statements
            boolean statementAdded = false;
            if (attributeBeans != null && !attributeBeans.isEmpty()) {
                samlCallback.setAttributeStatementData(attributeBeans);
                statementAdded = true;
            }
            if (authBeans != null && !authBeans.isEmpty()) {
                samlCallback.setAuthenticationStatementData(authBeans);
                statementAdded = true;
            }
            if (authDecisionBeans != null && !authDecisionBeans.isEmpty()) {
                samlCallback.setAuthDecisionStatementData(authDecisionBeans);
                statementAdded = true;
            }
            // If SAML 1.1 we *must* add a Statement
            if (saml1 && !statementAdded) {
                AttributeStatementBean defaultStatement = new DefaultAttributeStatementProvider().getStatement(tokenParameters);
                defaultStatement.setSubject(subjectBean);
                samlCallback.setAttributeStatementData(Collections.singletonList(defaultStatement));
            }
            // Set the conditions
            samlCallback.setConditions(conditionsBean);
        }
    }
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Callback(javax.security.auth.callback.Callback) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 28 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class AuthorizationGrantNegativeTest method testSAMLHolderOfKey.

@org.junit.Test
public void testSAMLHolderOfKey() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    samlCallbackHandler.setAudience(address + "token");
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    String assertion = samlAssertion.assertionToString();
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
    form.param("assertion", Base64UrlUtility.encode(assertion));
    form.param("client_id", "consumer-id");
    try {
        Response response = client.post(form);
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an incorrect subject confirmation method");
    } catch (Exception ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Form(javax.ws.rs.core.Form) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)

Example 29 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class AuthorizationGrantNegativeTest method testSAMLUnauthenticatedSignature.

@org.junit.Test
public void testSAMLUnauthenticatedSignature() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    samlCallbackHandler.setAudience(address + "token");
    samlCallbackHandler.setIssuerKeyName("smallkey");
    samlCallbackHandler.setIssuerKeyPassword("security");
    samlCallbackHandler.setCryptoPropertiesFile("org/apache/cxf/systest/jaxrs/security/smallkey.properties");
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    String assertion = samlAssertion.assertionToString();
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
    form.param("assertion", Base64UrlUtility.encode(assertion));
    form.param("client_id", "consumer-id");
    try {
        Response response = client.post(form);
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an incorrect subject confirmation method");
    } catch (Exception ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Form(javax.ws.rs.core.Form) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)

Example 30 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer(issuer);
            String subject = m != null ? (String) m.getContextualProperty("saml.subject.name") : null;
            if (subject == null) {
                subject = subjectName;
            }
            String subjectQualifier = "www.mock-sts.com";
            SubjectBean subjectBean = new SubjectBean(subject, subjectQualifier, confirmationMethod);
            callback.setSubject(subjectBean);
            ConditionsBean conditions = new ConditionsBean();
            AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
            audienceRestriction.setAudienceURIs(Collections.singletonList(audience));
            conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
            callback.setConditions(conditions);
            AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
            authDecBean.setDecision(Decision.INDETERMINATE);
            authDecBean.setResource("https://sp.example.com/SAML2");
            authDecBean.setSubject(subjectBean);
            ActionBean actionBean = new ActionBean();
            actionBean.setContents("Read");
            authDecBean.setActions(Collections.singletonList(actionBean));
            callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setSubject(subjectBean);
            authBean.setAuthenticationInstant(new DateTime());
            authBean.setSessionIndex("123456");
            authBean.setSubject(subjectBean);
            // AuthnContextClassRef is not set
            authBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
            callback.setAuthenticationStatementData(Collections.singletonList(authBean));
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            List<String> roles = m != null ? CastUtils.<String>cast((List<?>) m.getContextualProperty("saml.roles")) : null;
            if (roles == null) {
                roles = Collections.singletonList("user");
            }
            List<AttributeBean> claims = new ArrayList<>();
            AttributeBean roleClaim = new AttributeBean();
            roleClaim.setSimpleName("subject-role");
            roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
            roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            roleClaim.setAttributeValues(new ArrayList<>(roles));
            claims.add(roleClaim);
            List<String> authMethods = m != null ? CastUtils.<String>cast((List<?>) m.getContextualProperty("saml.auth")) : null;
            if (authMethods == null) {
                authMethods = Collections.singletonList("password");
            }
            AttributeBean authClaim = new AttributeBean();
            authClaim.setSimpleName("http://claims/authentication");
            authClaim.setQualifiedName("http://claims/authentication");
            authClaim.setNameFormat("http://claims/authentication-format");
            authClaim.setAttributeValues(new ArrayList<>(authMethods));
            claims.add(authClaim);
            attrBean.setSamlAttributes(claims);
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            if (signAssertion) {
                try {
                    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                    callback.setIssuerCrypto(crypto);
                    callback.setIssuerKeyName(issuerKeyName);
                    callback.setIssuerKeyPassword(issuerKeyPassword);
                    callback.setSignAssertion(true);
                } catch (WSSecurityException e) {
                    throw new IOException(e);
                }
            }
        }
    }
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Message(org.apache.cxf.message.Message) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ArrayList(java.util.ArrayList) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) ActionBean(org.apache.wss4j.common.saml.bean.ActionBean) DateTime(org.joda.time.DateTime) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) Crypto(org.apache.wss4j.common.crypto.Crypto) AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) ArrayList(java.util.ArrayList) List(java.util.List) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)

Aggregations

SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)60 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)40 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25 Document (org.w3c.dom.Document)25 Crypto (org.apache.wss4j.common.crypto.Crypto)23 Element (org.w3c.dom.Element)23 Status (org.opensaml.saml.saml2.core.Status)20 Response (org.opensaml.saml.saml2.core.Response)19 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)18 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 IOException (java.io.IOException)13 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)13 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)11 DateTime (org.joda.time.DateTime)11 AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)9 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)9 InputStream (java.io.InputStream)8 KeyStore (java.security.KeyStore)8 Merlin (org.apache.wss4j.common.crypto.Merlin)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial