Examples with SAMLCallback org.apache.wss4j.common.saml.SAMLCallback used on opensource projects

Search in sources :

Example 36 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project syncope by apache.

the class SAML2CallbackHandler method handle.

@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;
            samlCallback.setSamlVersion(Version.SAML_20);
            samlCallback.setIssuer(issuer);
            if (conditions != null) {
                samlCallback.setConditions(conditions);
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfirmationMethod);
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            samlCallback.setSubject(subjectBean);
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setAuthenticationMethod("Password");
            samlCallback.setAuthenticationStatementData(Collections.singletonList(authBean));
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Callback(javax.security.auth.callback.Callback) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 37 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlElementCallbackHandler method getSAMLAssertion.

/**
 * Mock up a SAML Assertion by using another SAMLCallbackHandler
 * @throws Exception
 */
private Element getSAMLAssertion(Document doc) throws Exception {
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(new SamlCallbackHandler(saml2), samlCallback);
    SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(samlCallback);
    return assertionWrapper.toDOM(doc);
}
Also used : SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 38 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class AbstractBindingBuilder method addSamlToken.

protected SamlAssertionWrapper addSamlToken(SamlToken token) throws WSSecurityException, TokenStoreException {
    assertToken(token);
    if (!isTokenRequired(token.getIncludeTokenType())) {
        return null;
    }
    // 
    // Get the SAML CallbackHandler
    // 
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
    if (o == null) {
        SecurityToken securityToken = getSecurityToken();
        if (securityToken != null) {
            Element tokenElement = securityToken.getToken();
            String namespace = tokenElement.getNamespaceURI();
            String localname = tokenElement.getLocalName();
            SamlTokenType tokenType = token.getSamlTokenType();
            if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) && WSS4JConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) {
                return new SamlAssertionWrapper(tokenElement);
            } else if (tokenType == SamlTokenType.WssSamlV20Token11 && WSS4JConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) {
                return new SamlAssertionWrapper(tokenElement);
            }
        }
    }
    SAMLCallback samlCallback = new SAMLCallback();
    SamlTokenType tokenType = token.getSamlTokenType();
    if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
        samlCallback.setSamlVersion(Version.SAML_11);
    } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
        samlCallback.setSamlVersion(Version.SAML_20);
    }
    try {
        CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            unassertPolicy(token, "No SAML CallbackHandler available");
            return null;
        }
        SAMLUtil.doSAMLCallback(handler, samlCallback);
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        String issuerName = samlCallback.getIssuerKeyName();
        if (issuerName == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            issuerName = (String) SecurityUtils.getSecurityPropertyValue(userNameKey, message);
        }
        String password = samlCallback.getIssuerKeyPassword();
        if (password == null) {
            password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
            if (StringUtils.isEmpty(password)) {
                password = getPassword(issuerName, token, WSPasswordCallback.SIGNATURE);
            }
        }
        Crypto crypto = samlCallback.getIssuerCrypto();
        if (crypto == null) {
            crypto = getSignatureCrypto();
        }
        assertion.signAssertion(issuerName, password, crypto, samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm(), samlCallback.getSignatureDigestAlgorithm());
    }
    return assertion;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType) CallbackHandler(javax.security.auth.callback.CallbackHandler) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) XPathExpressionException(javax.xml.xpath.XPathExpressionException)

Example 39 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class AbstractStaxBindingHandler method addIssuedToken.

protected SecurePart addIssuedToken(AbstractToken token, SecurityToken secToken, boolean signed, boolean endorsing) {
    assertToken(token);
    if (isTokenRequired(token.getIncludeTokenType())) {
        final Element el = secToken.getToken();
        if (el != null && "Assertion".equals(el.getLocalName()) && (WSSConstants.NS_SAML.equals(el.getNamespaceURI()) || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
            WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
            if (endorsing) {
                actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
            }
            properties.addAction(actionToPerform);
            // Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
            final SubjectBean subjectBean;
            if (signed || endorsing) {
                KeyInfoBean keyInfo = new KeyInfoBean();
                keyInfo.setCertificate(secToken.getX509Certificate());
                keyInfo.setEphemeralKey(secToken.getSecret());
                subjectBean = new SubjectBean("", "", "");
                subjectBean.setKeyInfo(keyInfo);
            } else {
                subjectBean = null;
            }
            CallbackHandler callbackHandler = new CallbackHandler() {

                @Override
                public void handle(Callback[] callbacks) {
                    for (Callback callback : callbacks) {
                        if (callback instanceof SAMLCallback) {
                            SAMLCallback samlCallback = (SAMLCallback) callback;
                            samlCallback.setAssertionElement(el);
                            samlCallback.setSubject(subjectBean);
                            if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
                                samlCallback.setSamlVersion(Version.SAML_11);
                            } else {
                                samlCallback.setSamlVersion(Version.SAML_20);
                            }
                        }
                    }
                }
            };
            properties.setSamlCallbackHandler(callbackHandler);
            QName qname = WSSConstants.TAG_SAML2_ASSERTION;
            if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
                qname = WSSConstants.TAG_SAML_ASSERTION;
            }
            return new SecurePart(qname, Modifier.Element);
        } else if (isRequestor()) {
            // An Encrypted Token...just include it as is
            properties.addAction(WSSConstants.CUSTOM_TOKEN);
        }
    }
    return null;
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) CallbackHandler(javax.security.auth.callback.CallbackHandler) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Callback(javax.security.auth.callback.Callback) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 40 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlTokenInterceptor method addSamlToken.

private SamlAssertionWrapper addSamlToken(SamlToken token, SoapMessage message) throws WSSecurityException {
    // 
    // Get the SAML CallbackHandler
    // 
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
    CallbackHandler handler = null;
    if (o instanceof CallbackHandler) {
        handler = (CallbackHandler) o;
    } else if (o instanceof String) {
        try {
            handler = (CallbackHandler) ClassLoaderUtils.loadClass((String) o, this.getClass()).newInstance();
        } catch (Exception e) {
            handler = null;
        }
    }
    if (handler == null) {
        return null;
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    SAMLCallback samlCallback = new SAMLCallback();
    SamlTokenType tokenType = token.getSamlTokenType();
    if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
        samlCallback.setSamlVersion(Version.SAML_11);
        PolicyUtils.assertPolicy(aim, "WssSamlV11Token10");
        PolicyUtils.assertPolicy(aim, "WssSamlV11Token11");
    } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
        samlCallback.setSamlVersion(Version.SAML_20);
        PolicyUtils.assertPolicy(aim, "WssSamlV20Token11");
    }
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        String issuerName = samlCallback.getIssuerKeyName();
        if (issuerName == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            issuerName = (String) SecurityUtils.getSecurityPropertyValue(userNameKey, message);
        }
        String password = samlCallback.getIssuerKeyPassword();
        if (password == null) {
            password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
            if (StringUtils.isEmpty(password)) {
                password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
            }
            if (StringUtils.isEmpty(password)) {
                password = getPassword(issuerName, token, WSPasswordCallback.SIGNATURE, message);
            }
        }
        Crypto crypto = samlCallback.getIssuerCrypto();
        if (crypto == null) {
            crypto = getCrypto(SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES, message);
        }
        assertion.signAssertion(issuerName, password, crypto, samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    }
    return assertion;
}
Also used : SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType) CallbackHandler(javax.security.auth.callback.CallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)60 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)40 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25 Document (org.w3c.dom.Document)25 Crypto (org.apache.wss4j.common.crypto.Crypto)23 Element (org.w3c.dom.Element)23 Status (org.opensaml.saml.saml2.core.Status)20 Response (org.opensaml.saml.saml2.core.Response)19 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)18 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 IOException (java.io.IOException)13 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)13 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)11 DateTime (org.joda.time.DateTime)11 AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)9 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)9 InputStream (java.io.InputStream)8 KeyStore (java.security.KeyStore)8 Merlin (org.apache.wss4j.common.crypto.Merlin)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial