Examples with SAMLCallback org.apache.wss4j.common.saml.SAMLCallback used on opensource projects

Search in sources :

Example 41 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAML1CallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setIssuer("www.example.com");
            callback.setSamlVersion(Version.SAML_11);
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            createAndSetStatement(subjectBean, callback);
            try {
                Crypto crypto = CryptoFactory.getInstance("outsecurity.properties");
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName("myalias");
                callback.setIssuerKeyPassword("myAliasPassword");
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException)

Example 42 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLTokenProvider method createSamlToken.

private SamlAssertionWrapper createSamlToken(TokenProviderParameters tokenParameters, byte[] secret, Document doc) throws Exception {
    String realm = tokenParameters.getRealm();
    RealmProperties samlRealm = null;
    if (realm != null && realmMap.containsKey(realm)) {
        samlRealm = realmMap.get(realm);
    }
    SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    if (samlCustomHandler != null) {
        samlCustomHandler.handle(assertion, tokenParameters);
    }
    if (signToken) {
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
        signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements());
    }
    return assertion;
}
Also used : STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties)

Example 43 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLUtils method createAssertion.

public static SamlAssertionWrapper createAssertion(CallbackHandler handler, SelfSignInfo info) throws Fault {
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    try {
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        assertion.signAssertion(info.getUser(), info.getPassword(), info.getCrypto(), false);
        return assertion;
    } catch (Exception ex) {
        StringWriter sw = new StringWriter();
        ex.printStackTrace(new PrintWriter(sw));
        LOG.warning(sw.toString());
        throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
    }
}
Also used : StringWriter(java.io.StringWriter) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Fault(org.apache.cxf.interceptor.Fault) PrintWriter(java.io.PrintWriter)

Example 44 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLUtils method createAssertion.

public static SamlAssertionWrapper createAssertion(Message message, CallbackHandler handler) throws Fault {
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    try {
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        if (samlCallback.isSignAssertion()) {
            // --- This code will be moved to a common utility class
            Crypto crypto = new CryptoLoader().getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES);
            String user = RSSecurityUtils.getUserName(message, crypto, SecurityConstants.SIGNATURE_USERNAME);
            if (StringUtils.isEmpty(user)) {
                return assertion;
            }
            String password = RSSecurityUtils.getSignaturePassword(message, user, SAMLUtils.class);
            assertion.signAssertion(user, password, crypto, false, samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm(), samlCallback.getSignatureDigestAlgorithm());
        }
        return assertion;
    } catch (Exception ex) {
        StringWriter sw = new StringWriter();
        ex.printStackTrace(new PrintWriter(sw));
        LOG.warning(sw.toString());
        throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
    }
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) StringWriter(java.io.StringWriter) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Fault(org.apache.cxf.interceptor.Fault) PrintWriter(java.io.PrintWriter)

Example 45 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLSSOResponseValidatorTest method testSignedResponseInvalidDestination.

@org.junit.Test
public void testSignedResponseInvalidDestination() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    ConditionsBean conditions = new ConditionsBean();
    conditions.setNotBefore(new DateTime());
    conditions.setNotAfter(new DateTime().plusMinutes(5));
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList("http://service.apache.org"));
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(conditions);
    SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
    subjectConfirmationData.setAddress("http://apache.org");
    subjectConfirmationData.setInResponseTo("12345");
    subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
    subjectConfirmationData.setRecipient("http://recipient.apache.org");
    callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    response.getAssertions().add(assertion.getSaml2());
    response.setDestination("xyz");
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    signResponse(response, "alice", "password", issuerCrypto, true);
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLSSOResponseValidator validator = new SAMLSSOResponseValidator();
    validator.setIssuerIDP("http://cxf.apache.org/issuer");
    validator.setAssertionConsumerURL("http://recipient.apache.org");
    validator.setClientAddress("http://apache.org");
    validator.setRequestId("12345");
    validator.setSpIdentifier("http://service.apache.org");
    try {
        validator.validateSamlResponse(marshalledResponse, false);
        fail("Expected failure on bad response");
    } catch (WSSecurityException ex) {
    // expected
    }
}
Also used : Status(org.opensaml.saml.saml2.core.Status) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) DateTime(org.joda.time.DateTime) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SubjectConfirmationDataBean(org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Aggregations

SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)60 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)40 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25 Document (org.w3c.dom.Document)25 Crypto (org.apache.wss4j.common.crypto.Crypto)23 Element (org.w3c.dom.Element)23 Status (org.opensaml.saml.saml2.core.Status)20 Response (org.opensaml.saml.saml2.core.Response)19 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)18 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 IOException (java.io.IOException)13 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)13 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)11 DateTime (org.joda.time.DateTime)11 AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)9 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)9 InputStream (java.io.InputStream)8 KeyStore (java.security.KeyStore)8 Merlin (org.apache.wss4j.common.crypto.Merlin)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial