Examples with AudienceRestrictionBean org.apache.wss4j.common.saml.bean.AudienceRestrictionBean used on opensource projects

Search in sources :

Example 21 with AudienceRestrictionBean

use of org.apache.wss4j.common.saml.bean.AudienceRestrictionBean in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("https://idp.example.org/SAML2");
            String subjectName = null;
            if (m != null) {
                subjectName = (String) m.getContextualProperty("saml.subject.name");
            }
            if (subjectName == null) {
                subjectName = "uid=sts-client,o=mock-sts.com";
            }
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    CryptoLoader loader = new CryptoLoader();
                    Crypto crypto = loader.getCrypto(m, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES);
                    X509Certificate cert = RSSecurityUtils.getCertificates(crypto, RSSecurityUtils.getUserName(m, crypto, SecurityConstants.SIGNATURE_USERNAME))[0];
                    KeyInfoBean keyInfo = new KeyInfoBean();
                    keyInfo.setCertificate(cert);
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new RuntimeException(ex);
                }
            }
            callback.setSubject(subjectBean);
            ConditionsBean conditions = new ConditionsBean();
            AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
            audienceRestriction.setAudienceURIs(Collections.singletonList("https://sp.example.com/SAML2"));
            conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
            callback.setConditions(conditions);
            AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
            authDecBean.setDecision(Decision.INDETERMINATE);
            authDecBean.setResource("https://sp.example.com/SAML2");
            ActionBean actionBean = new ActionBean();
            actionBean.setContents("Read");
            authDecBean.setActions(Collections.singletonList(actionBean));
            callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setSubject(subjectBean);
            authBean.setAuthenticationInstant(new DateTime());
            authBean.setSessionIndex("123456");
            // AuthnContextClassRef is not set
            authBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
            callback.setAuthenticationStatementData(Collections.singletonList(authBean));
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            List<String> roles = null;
            if (m != null) {
                roles = CastUtils.cast((List<?>) m.getContextualProperty("saml.roles"));
            }
            if (roles == null) {
                roles = Collections.singletonList("user");
            }
            List<AttributeBean> claims = new ArrayList<>();
            AttributeBean roleClaim = new AttributeBean();
            roleClaim.setSimpleName("subject-role");
            roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
            roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            roleClaim.setAttributeValues(new ArrayList<>(roles));
            claims.add(roleClaim);
            List<String> authMethods = null;
            if (m != null) {
                authMethods = CastUtils.cast((List<?>) m.getContextualProperty("saml.auth"));
            }
            if (authMethods == null) {
                authMethods = Collections.singletonList("password");
            }
            AttributeBean authClaim = new AttributeBean();
            authClaim.setSimpleName("http://claims/authentication");
            authClaim.setQualifiedName("http://claims/authentication");
            authClaim.setNameFormat("http://claims/authentication-format");
            authClaim.setAttributeValues(new ArrayList<>(authMethods));
            claims.add(authClaim);
            attrBean.setSamlAttributes(claims);
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);
            callback.setSignAssertion(signAssertion);
        }
    }
}
Also used : KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Message(org.apache.cxf.message.Message) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ArrayList(java.util.ArrayList) ActionBean(org.apache.wss4j.common.saml.bean.ActionBean) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) DateTime(org.joda.time.DateTime) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) Crypto(org.apache.wss4j.common.crypto.Crypto) AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) ArrayList(java.util.ArrayList) List(java.util.List) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)

Example 22 with AudienceRestrictionBean

use of org.apache.wss4j.common.saml.bean.AudienceRestrictionBean in project cxf by apache.

the class SamlTokenTest method testAudienceRestrictionServiceName.

@org.junit.Test
public void testAudienceRestrictionServiceName() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml2Port, portNumber);
    // Create a SAML Token with an AudienceRestrictionCondition
    ConditionsBean conditions = new ConditionsBean();
    List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<>();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList(service.getServiceName().toString()));
    audienceRestrictions.add(audienceRestriction);
    conditions.setAudienceRestrictions(audienceRestrictions);
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setConditions(conditions);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    saml2Port.doubleIt(25);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) QName(javax.xml.namespace.QName) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ArrayList(java.util.ArrayList) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Example 23 with AudienceRestrictionBean

use of org.apache.wss4j.common.saml.bean.AudienceRestrictionBean in project testcases by coheigea.

the class SAMLClientAuthenticationTest method createToken.

private String createToken(String audRestr, boolean saml2, boolean sign) throws WSSecurityException {
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(saml2);
    samlCallbackHandler.setSignAssertion(sign);
    ConditionsBean conditions = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList(audRestr));
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    samlCallbackHandler.setConditions(conditions);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    }
    return samlAssertion.assertionToString();
}
Also used : AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 24 with AudienceRestrictionBean

use of org.apache.wss4j.common.saml.bean.AudienceRestrictionBean in project testcases by coheigea.

the class SAMLAuthorizationGrantTest method createToken.

private String createToken(String audRestr, boolean saml2, boolean sign) throws WSSecurityException {
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(saml2);
    samlCallbackHandler.setSignAssertion(sign);
    ConditionsBean conditions = new ConditionsBean();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList(audRestr));
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    samlCallbackHandler.setConditions(conditions);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    }
    return samlAssertion.assertionToString();
}
Also used : AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 25 with AudienceRestrictionBean

use of org.apache.wss4j.common.saml.bean.AudienceRestrictionBean in project testcases by coheigea.

the class SamlSso method createResponse.

private Element createResponse(String requestID, String racs, String requestIssuer) throws Exception {
    DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
    Document doc = docBuilder.newDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setIssuer(issuer);
    String user = messageContext.getSecurityContext().getUserPrincipal().getName();
    callbackHandler.setSubjectName(user);
    // Subject Confirmation Data
    SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
    subjectConfirmationData.setAddress(messageContext.getHttpServletRequest().getRemoteAddr());
    subjectConfirmationData.setInResponseTo(requestID);
    subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
    subjectConfirmationData.setRecipient(racs);
    callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
    // Audience Restriction
    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(conditions);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = CryptoFactory.getInstance("stsKeystore.properties");
    assertion.signAssertion("mystskey", "stskpass", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    return policyElement;
}
Also used : Status(org.opensaml.saml.saml2.core.Status) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Element(org.w3c.dom.Element) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) DateTime(org.joda.time.DateTime) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) DocumentBuilder(javax.xml.parsers.DocumentBuilder) SubjectConfirmationDataBean(org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Aggregations

AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)25 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)20 DateTime (org.joda.time.DateTime)14 ArrayList (java.util.ArrayList)12 SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)11 Response (org.opensaml.saml.saml2.core.Response)11 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)9 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)8 URL (java.net.URL)7 QName (javax.xml.namespace.QName)7 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)7 Crypto (org.apache.wss4j.common.crypto.Crypto)6 Status (org.opensaml.saml.saml2.core.Status)5 HashMap (java.util.HashMap)4 Client (org.apache.cxf.endpoint.Client)4 HelloWorldPortType (org.apache.cxf.hello_world_jms.HelloWorldPortType)4 HelloWorldService (org.apache.cxf.hello_world_jms.HelloWorldService)4 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)4 InputStream (java.io.InputStream)3 KeyStore (java.security.KeyStore)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial