Search in sources :

Example 1 with SamlProfileBuilderContext

use of org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext in project cas by apereo.

the class SamlProfileSamlAttributeStatementBuilder method newAttributeStatement.

/**
 * New attribute statement.
 *
 * @param context    the context
 * @param attributes the attributes
 * @param builder    the builder
 * @return the attribute statement
 * @throws Exception the exception
 */
public AttributeStatement newAttributeStatement(final SamlProfileBuilderContext context, final Map<String, Object> attributes, final Saml20AttributeBuilder builder) throws Exception {
    val attrStatement = SamlUtils.newSamlObject(AttributeStatement.class);
    val resp = samlIdPProperties.getResponse();
    val nameFormats = new HashMap<>(resp.configureAttributeNameFormats());
    nameFormats.putAll(context.getRegisteredService().getAttributeNameFormats());
    val globalFriendlyNames = samlIdPProperties.getCore().getAttributeFriendlyNames();
    val friendlyNames = new HashMap<>(CollectionUtils.convertDirectedListToMap(globalFriendlyNames));
    val urns = new HashMap<String, String>();
    attributeDefinitionStore.getAttributeDefinitions().stream().filter(defn -> defn instanceof SamlIdPAttributeDefinition).map(SamlIdPAttributeDefinition.class::cast).forEach(defn -> {
        if (StringUtils.isNotBlank(defn.getFriendlyName())) {
            friendlyNames.put(defn.getKey(), defn.getFriendlyName());
        }
        if (StringUtils.isNotBlank(defn.getUrn())) {
            urns.put(defn.getKey(), defn.getUrn());
        }
    });
    friendlyNames.putAll(context.getRegisteredService().getAttributeFriendlyNames());
    SamlIdPAttributeDefinitionCatalog.load().filter(defn -> !friendlyNames.containsKey(defn.getKey())).forEach(defn -> {
        friendlyNames.put(defn.getKey(), defn.getFriendlyName());
        urns.put(defn.getKey(), defn.getUrn());
    });
    for (val entry : attributes.entrySet()) {
        var attributeValue = entry.getValue();
        if (attributeValue instanceof Collection<?> && ((Collection<?>) attributeValue).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", entry.getKey());
            continue;
        }
        val friendlyName = friendlyNames.getOrDefault(entry.getKey(), null);
        val attributeNames = urns.containsKey(entry.getKey()) ? List.of(urns.get(entry.getKey())) : getMappedAttributeNamesFromAttributeDefinitionStore(entry);
        for (val name : attributeNames) {
            LOGGER.trace("Processing SAML attribute [{}] with value [{}], friendlyName [{}]", name, attributeValue, friendlyName);
            val valueType = context.getRegisteredService().getAttributeValueTypes().get(name);
            if (NameIDType.class.getSimpleName().equalsIgnoreCase(valueType)) {
                val nameIdObject = samlNameIdBuilder.build(context);
                if (nameIdObject instanceof NameID) {
                    val nameID = newSamlObject(NameID.class);
                    val nameId = (NameID) nameIdObject;
                    nameID.setFormat(nameId.getFormat());
                    nameID.setNameQualifier(nameId.getNameQualifier());
                    nameID.setSPNameQualifier(nameId.getSPNameQualifier());
                    nameID.setValue(nameId.getValue());
                    attributeValue = nameID;
                }
            }
            if (NameID.PERSISTENT.equalsIgnoreCase(valueType)) {
                val nameID = newSamlObject(NameID.class);
                nameID.setFormat(NameID.PERSISTENT);
                nameID.setNameQualifier(SamlIdPUtils.determineNameIdNameQualifier(context.getRegisteredService(), samlIdPMetadataResolver));
                FunctionUtils.doIf(StringUtils.isNotBlank(context.getRegisteredService().getServiceProviderNameIdQualifier()), value -> nameID.setSPNameQualifier(context.getRegisteredService().getServiceProviderNameIdQualifier()), value -> nameID.setSPNameQualifier(context.getAdaptor().getEntityId())).accept(context.getRegisteredService());
                CollectionUtils.firstElement(attributeValue).ifPresent(value -> nameID.setValue(value.toString()));
                attributeValue = nameID;
            }
            LOGGER.debug("Creating SAML attribute [{}] with value [{}], friendlyName [{}]", name, attributeValue, friendlyName);
            val attribute = newAttribute(friendlyName, name, attributeValue, nameFormats, resp.getDefaultAttributeNameFormat(), context.getRegisteredService().getAttributeValueTypes());
            LOGGER.trace("Created SAML attribute [{}] with NameID format [{}]", attribute.getName(), attribute.getNameFormat());
            builder.build(attrStatement, attribute);
        }
    }
    return attrStatement;
}
Also used : lombok.val(lombok.val) AbstractSaml20ObjectBuilder(org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) SamlUtils(org.apereo.cas.support.saml.SamlUtils) ProtocolAttributeEncoder(org.apereo.cas.authentication.ProtocolAttributeEncoder) Saml20AttributeBuilder(org.apereo.cas.support.saml.util.Saml20AttributeBuilder) SamlIdPObjectEncrypter(org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectEncrypter) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) ServiceFactory(org.apereo.cas.authentication.principal.ServiceFactory) AttributeDefinitionStore(org.apereo.cas.authentication.attribute.AttributeDefinitionStore) Collection(java.util.Collection) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) lombok.val(lombok.val) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) AttributeDefinition(org.apereo.cas.authentication.attribute.AttributeDefinition) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) SamlProfileBuilderContext(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext) SAMLObject(org.opensaml.saml.common.SAMLObject) SamlProfileObjectBuilder(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder) NameIDType(org.opensaml.saml.saml2.core.NameIDType) NameID(org.opensaml.saml.saml2.core.NameID) HashMap(java.util.HashMap) NameID(org.opensaml.saml.saml2.core.NameID) NameIDType(org.opensaml.saml.saml2.core.NameIDType)

Example 2 with SamlProfileBuilderContext

use of org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext in project cas by apereo.

the class DefaultAuthnContextClassRefBuilder method getAuthenticationContextByAssertion.

/**
 * Gets authentication context by assertion.
 * This is more of a template method for the time being,
 * and may be enhanced later to support more advanced parsing of classes
 * from the assertion.
 *
 * @param context               the context
 * @param requestedAuthnContext the requested authn context
 * @param authnContextClassRefs the authn context class refs
 * @return the authentication context by assertion
 */
protected String getAuthenticationContextByAssertion(final SamlProfileBuilderContext context, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) {
    LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
    authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getURI()));
    val authnContexts = casProperties.getAuthn().getSamlIdp().getCore().getAuthenticationContextClassMappings();
    val definedContexts = CollectionUtils.convertDirectedListToMap(authnContexts);
    val mappedMethod = authnContextClassRefs.stream().filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> definedContexts.containsKey(ref.getURI())).map(ref -> Pair.of(ref, definedContexts.get(ref.getURI()))).findFirst().orElse(null);
    val attributes = context.getAuthenticatedAssertion().getAttributes();
    val contextAttribute = casProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute();
    if (attributes.containsKey(contextAttribute) && mappedMethod != null) {
        val authnContext = attributes.get(contextAttribute);
        val satisfiedContext = CollectionUtils.firstElement(authnContext).map(Object::toString).orElse(null);
        if (StringUtils.equals(mappedMethod.getValue(), satisfiedContext)) {
            return mappedMethod.getLeft().getURI();
        }
    }
    return null;
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) AuthnContext(org.opensaml.saml.saml2.core.AuthnContext) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) StringUtils(org.apache.commons.lang3.StringUtils) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) SamlProfileBuilderContext(org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext) Pair(org.apache.commons.lang3.tuple.Pair) CollectionUtils(org.apereo.cas.util.CollectionUtils) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)

Aggregations

List (java.util.List)2 Slf4j (lombok.extern.slf4j.Slf4j)2 lombok.val (lombok.val)2 StringUtils (org.apache.commons.lang3.StringUtils)2 SamlProfileBuilderContext (org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext)2 CollectionUtils (org.apereo.cas.util.CollectionUtils)2 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 RequiredArgsConstructor (lombok.RequiredArgsConstructor)1 Pair (org.apache.commons.lang3.tuple.Pair)1 ProtocolAttributeEncoder (org.apereo.cas.authentication.ProtocolAttributeEncoder)1 AttributeDefinition (org.apereo.cas.authentication.attribute.AttributeDefinition)1 AttributeDefinitionStore (org.apereo.cas.authentication.attribute.AttributeDefinitionStore)1 ServiceFactory (org.apereo.cas.authentication.principal.ServiceFactory)1 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1 SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)1 OpenSamlConfigBean (org.apereo.cas.support.saml.OpenSamlConfigBean)1 SamlIdPUtils (org.apereo.cas.support.saml.SamlIdPUtils)1