Example 11 with SubjectBean
use of org.apache.wss4j.common.saml.bean.SubjectBean in project cxf by apache.
the class SAML2CallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
callback.setIssuer("www.example.com");
callback.setSamlVersion(Version.SAML_20);
SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
createAndSetStatement(null, callback);
try {
Crypto crypto = CryptoFactory.getInstance("outsecurity.properties");
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName("myalias");
callback.setIssuerKeyPassword("myAliasPassword");
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
}
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
Example 12 with SubjectBean
use of org.apache.wss4j.common.saml.bean.SubjectBean in project cxf by apache.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
Message m = PhaseInterceptorChain.getCurrentMessage();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
callback.setIssuer(issuer);
String subject = m != null ? (String) m.getContextualProperty("saml.subject.name") : null;
if (subject == null) {
subject = subjectName;
}
String subjectQualifier = "www.mock-sts.com";
SubjectBean subjectBean = new SubjectBean(subject, subjectQualifier, confirmationMethod);
callback.setSubject(subjectBean);
ConditionsBean conditions = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(audience));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callback.setConditions(conditions);
AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
authDecBean.setDecision(Decision.INDETERMINATE);
authDecBean.setResource("https://sp.example.com/SAML2");
authDecBean.setSubject(subjectBean);
ActionBean actionBean = new ActionBean();
actionBean.setContents("Read");
authDecBean.setActions(Collections.singletonList(actionBean));
callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setSubject(subjectBean);
authBean.setAuthenticationInstant(new DateTime());
authBean.setSessionIndex("123456");
authBean.setSubject(subjectBean);
// AuthnContextClassRef is not set
authBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
List<String> roles = m != null ? CastUtils.<String>cast((List<?>) m.getContextualProperty("saml.roles")) : null;
if (roles == null) {
roles = Collections.singletonList("user");
}
List<AttributeBean> claims = new ArrayList<>();
AttributeBean roleClaim = new AttributeBean();
roleClaim.setSimpleName("subject-role");
roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
roleClaim.setAttributeValues(new ArrayList<>(roles));
claims.add(roleClaim);
List<String> authMethods = m != null ? CastUtils.<String>cast((List<?>) m.getContextualProperty("saml.auth")) : null;
if (authMethods == null) {
authMethods = Collections.singletonList("password");
}
AttributeBean authClaim = new AttributeBean();
authClaim.setSimpleName("http://claims/authentication");
authClaim.setQualifiedName("http://claims/authentication");
authClaim.setNameFormat("http://claims/authentication-format");
authClaim.setAttributeValues(new ArrayList<>(authMethods));
claims.add(authClaim);
attrBean.setSamlAttributes(claims);
callback.setAttributeStatementData(Collections.singletonList(attrBean));
if (signAssertion) {
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(issuerKeyName);
callback.setIssuerKeyPassword(issuerKeyPassword);
callback.setSignAssertion(true);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)
Message(org.apache.cxf.message.Message)
AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)
ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean)
ArrayList(java.util.ArrayList)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
ActionBean(org.apache.wss4j.common.saml.bean.ActionBean)
DateTime(org.joda.time.DateTime)
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
ArrayList(java.util.ArrayList)
List(java.util.List)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
Example 13 with SubjectBean
use of org.apache.wss4j.common.saml.bean.SubjectBean in project testcases by coheigea.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
if (conditions != null) {
callback.setConditions(conditions);
}
callback.setIssuer("sts");
if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean = new SubjectBean(subjectName, null, confirmationMethod);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
callback.setSignatureAlgorithm(signatureAlgorithm);
callback.setSignatureDigestAlgorithm(digestAlgorithm);
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(cryptoAlias);
callback.setIssuerKeyPassword(cryptoPassword);
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 14 with SubjectBean
use of org.apache.wss4j.common.saml.bean.SubjectBean in project syncope by apache.
the class SAML2CallbackHandler method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
samlCallback.setSamlVersion(Version.SAML_20);
samlCallback.setIssuer(issuer);
if (conditions != null) {
samlCallback.setConditions(conditions);
}
SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfirmationMethod);
subjectBean.setSubjectConfirmationData(subjectConfirmationData);
samlCallback.setSubject(subjectBean);
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setAuthenticationMethod("Password");
samlCallback.setAuthenticationStatementData(Collections.singletonList(authBean));
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Callback(javax.security.auth.callback.Callback)
AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 15 with SubjectBean
use of org.apache.wss4j.common.saml.bean.SubjectBean in project cxf by apache.
the class AbstractStaxBindingHandler method addIssuedToken.
protected SecurePart addIssuedToken(AbstractToken token, SecurityToken secToken, boolean signed, boolean endorsing) {
assertToken(token);
if (isTokenRequired(token.getIncludeTokenType())) {
final Element el = secToken.getToken();
if (el != null && "Assertion".equals(el.getLocalName()) && (WSSConstants.NS_SAML.equals(el.getNamespaceURI()) || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (endorsing) {
actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
properties.addAction(actionToPerform);
// Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
final SubjectBean subjectBean;
if (signed || endorsing) {
KeyInfoBean keyInfo = new KeyInfoBean();
keyInfo.setCertificate(secToken.getX509Certificate());
keyInfo.setEphemeralKey(secToken.getSecret());
subjectBean = new SubjectBean("", "", "");
subjectBean.setKeyInfo(keyInfo);
} else {
subjectBean = null;
}
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
samlCallback.setAssertionElement(el);
samlCallback.setSubject(subjectBean);
if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
samlCallback.setSamlVersion(Version.SAML_11);
} else {
samlCallback.setSamlVersion(Version.SAML_20);
}
}
}
}
};
properties.setSamlCallbackHandler(callbackHandler);
QName qname = WSSConstants.TAG_SAML2_ASSERTION;
if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
qname = WSSConstants.TAG_SAML_ASSERTION;
}
return new SecurePart(qname, Modifier.Element);
} else if (isRequestor()) {
// An Encrypted Token...just include it as is
properties.addAction(WSSConstants.CUSTOM_TOKEN);
}
}
return null;
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Callback(javax.security.auth.callback.Callback)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Aggregations
SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)23
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)18
AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)14
IOException (java.io.IOException)12
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)12
Crypto (org.apache.wss4j.common.crypto.Crypto)11
AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)11
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)9
AuthenticationStatementBean (org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)4
ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)4
AuthDecisionStatementBean (org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)3
Principal (java.security.Principal)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
Callback (javax.security.auth.callback.Callback)2
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2
X500Principal (javax.security.auth.x500.X500Principal)2
Message (org.apache.cxf.message.Message)2
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)2
