Example 1 with AttributeBean
use of org.apache.wss4j.common.saml.bean.AttributeBean in project cxf by apache.
the class SAMLClaimsTest method testSAML2Claims.
@org.junit.Test
public void testSAML2Claims() throws Exception {
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
attributeBean.addAttributeValue("employee");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
// Create the SAML Assertion via the CallbackHandler
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
Document doc = DOMUtils.newDocument();
samlAssertion.toDOM(doc);
ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
assertEquals(1, claims.size());
// Check Claim values
Claim claim = claims.get(0);
assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT));
assertEquals(1, claim.getValues().size());
assertTrue(claim.getValues().contains("employee"));
// Check SAMLClaim values
assertTrue(claim instanceof SAMLClaim);
assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim) claim).getName());
assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim) claim).getNameFormat());
// Check roles
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
assertEquals(1, roles.size());
Principal p = roles.iterator().next();
assertEquals("employee", p.getName());
}
Also used :
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
Document(org.w3c.dom.Document)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Claim(org.apache.cxf.rt.security.claims.Claim)
Principal(java.security.Principal)
Example 2 with AttributeBean
use of org.apache.wss4j.common.saml.bean.AttributeBean in project cxf by apache.
the class SAMLClaimsTest method testSAML1Claims.
@org.junit.Test
public void testSAML1Claims() throws Exception {
AttributeBean attributeBean = new AttributeBean();
attributeBean.setSimpleName("role");
attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
attributeBean.addAttributeValue("employee");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
// Create the SAML Assertion via the CallbackHandler
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
Document doc = DOMUtils.newDocument();
samlAssertion.toDOM(doc);
ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
assertEquals(1, claims.size());
// Check Claim values
Claim claim = claims.get(0);
assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT));
assertEquals(1, claim.getValues().size());
assertTrue(claim.getValues().contains("employee"));
// Check SAMLClaim values
assertTrue(claim instanceof SAMLClaim);
assertEquals("role", ((SAMLClaim) claim).getName());
// Check roles
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null);
assertEquals(1, roles.size());
Principal p = roles.iterator().next();
assertEquals("employee", p.getName());
}
Also used :
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
Document(org.w3c.dom.Document)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Claim(org.apache.cxf.rt.security.claims.Claim)
Principal(java.security.Principal)
Example 3 with AttributeBean
use of org.apache.wss4j.common.saml.bean.AttributeBean in project cxf by apache.
the class ActAsAttributeStatementProvider method handleAdditionalParameters.
/**
* Handle an ActAs element.
*/
private AttributeBean handleAdditionalParameters(Object parameter, String tokenType) throws WSSecurityException {
AttributeBean parameterBean = new AttributeBean();
String claimType = "ActAs";
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
parameterBean.setSimpleName(claimType);
parameterBean.setQualifiedName("http://cxf.apache.org/sts");
} else {
parameterBean.setQualifiedName(claimType);
parameterBean.setNameFormat("http://cxf.apache.org/sts");
}
if (parameter instanceof UsernameTokenType) {
parameterBean.addAttributeValue(((UsernameTokenType) parameter).getUsername().getValue());
} else if (parameter instanceof Element) {
SamlAssertionWrapper wrapper = new SamlAssertionWrapper((Element) parameter);
SAMLTokenPrincipal principal = new SAMLTokenPrincipalImpl(wrapper);
parameterBean.addAttributeValue(principal.getName());
// Check for other ActAs attributes here + add them in
if (wrapper.getSaml2() != null) {
for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement : wrapper.getSaml2().getAttributeStatements()) {
for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
if ("ActAs".equals(attribute.getName())) {
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
parameterBean.addAttributeValue(text);
}
}
}
}
} else if (wrapper.getSaml1() != null) {
for (org.opensaml.saml.saml1.core.AttributeStatement attributeStatement : wrapper.getSaml1().getAttributeStatements()) {
for (org.opensaml.saml.saml1.core.Attribute attribute : attributeStatement.getAttributes()) {
if ("ActAs".equals(attribute.getAttributeName())) {
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
parameterBean.addAttributeValue(text);
}
}
}
}
}
}
return parameterBean;
}
Also used :
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
XMLObject(org.opensaml.core.xml.XMLObject)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
SAMLTokenPrincipalImpl(org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl)
Example 4 with AttributeBean
use of org.apache.wss4j.common.saml.bean.AttributeBean in project cxf by apache.
the class DefaultAttributeStatementProvider method createDefaultAttribute.
/**
* Create a default attribute
*/
private AttributeBean createDefaultAttribute(String tokenType) {
AttributeBean attributeBean = new AttributeBean();
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
attributeBean.setSimpleName("token-requestor");
attributeBean.setQualifiedName("http://cxf.apache.org/sts");
} else {
attributeBean.setQualifiedName("token-requestor");
attributeBean.setNameFormat("http://cxf.apache.org/sts");
}
attributeBean.addAttributeValue("authenticated");
return attributeBean;
}
Also used :
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
Example 5 with AttributeBean
use of org.apache.wss4j.common.saml.bean.AttributeBean in project cxf by apache.
the class DefaultAttributeStatementProvider method getStatement.
/**
* Get an AttributeStatementBean using the given parameters.
*/
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
AttributeStatementBean attrBean = new AttributeStatementBean();
List<AttributeBean> attributeList = new ArrayList<>();
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
String tokenType = tokenRequirements.getTokenType();
AttributeBean attributeBean = createDefaultAttribute(tokenType);
attributeList.add(attributeBean);
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
ArrayList(java.util.ArrayList)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
Aggregations
AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)24
AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)15
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)12
ArrayList (java.util.ArrayList)8
SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)8
IOException (java.io.IOException)7
Crypto (org.apache.wss4j.common.crypto.Crypto)7
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)6
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)5
KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)5
Principal (java.security.Principal)4
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)4
ActionBean (org.apache.wss4j.common.saml.bean.ActionBean)4
AuthDecisionStatementBean (org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)4
AuthenticationStatementBean (org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)4
Document (org.w3c.dom.Document)4
Claim (org.apache.cxf.rt.security.claims.Claim)3
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)3
URI (java.net.URI)2
