use of org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext in project cas by apereo.
the class SamlProfileSamlAttributeStatementBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param context the context
* @param attributes the attributes
* @param builder the builder
* @return the attribute statement
* @throws Exception the exception
*/
public AttributeStatement newAttributeStatement(final SamlProfileBuilderContext context, final Map<String, Object> attributes, final Saml20AttributeBuilder builder) throws Exception {
val attrStatement = SamlUtils.newSamlObject(AttributeStatement.class);
val resp = samlIdPProperties.getResponse();
val nameFormats = new HashMap<>(resp.configureAttributeNameFormats());
nameFormats.putAll(context.getRegisteredService().getAttributeNameFormats());
val globalFriendlyNames = samlIdPProperties.getCore().getAttributeFriendlyNames();
val friendlyNames = new HashMap<>(CollectionUtils.convertDirectedListToMap(globalFriendlyNames));
val urns = new HashMap<String, String>();
attributeDefinitionStore.getAttributeDefinitions().stream().filter(defn -> defn instanceof SamlIdPAttributeDefinition).map(SamlIdPAttributeDefinition.class::cast).forEach(defn -> {
if (StringUtils.isNotBlank(defn.getFriendlyName())) {
friendlyNames.put(defn.getKey(), defn.getFriendlyName());
}
if (StringUtils.isNotBlank(defn.getUrn())) {
urns.put(defn.getKey(), defn.getUrn());
}
});
friendlyNames.putAll(context.getRegisteredService().getAttributeFriendlyNames());
SamlIdPAttributeDefinitionCatalog.load().filter(defn -> !friendlyNames.containsKey(defn.getKey())).forEach(defn -> {
friendlyNames.put(defn.getKey(), defn.getFriendlyName());
urns.put(defn.getKey(), defn.getUrn());
});
for (val entry : attributes.entrySet()) {
var attributeValue = entry.getValue();
if (attributeValue instanceof Collection<?> && ((Collection<?>) attributeValue).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", entry.getKey());
continue;
}
val friendlyName = friendlyNames.getOrDefault(entry.getKey(), null);
val attributeNames = urns.containsKey(entry.getKey()) ? List.of(urns.get(entry.getKey())) : getMappedAttributeNamesFromAttributeDefinitionStore(entry);
for (val name : attributeNames) {
LOGGER.trace("Processing SAML attribute [{}] with value [{}], friendlyName [{}]", name, attributeValue, friendlyName);
val valueType = context.getRegisteredService().getAttributeValueTypes().get(name);
if (NameIDType.class.getSimpleName().equalsIgnoreCase(valueType)) {
val nameIdObject = samlNameIdBuilder.build(context);
if (nameIdObject instanceof NameID) {
val nameID = newSamlObject(NameID.class);
val nameId = (NameID) nameIdObject;
nameID.setFormat(nameId.getFormat());
nameID.setNameQualifier(nameId.getNameQualifier());
nameID.setSPNameQualifier(nameId.getSPNameQualifier());
nameID.setValue(nameId.getValue());
attributeValue = nameID;
}
}
if (NameID.PERSISTENT.equalsIgnoreCase(valueType)) {
val nameID = newSamlObject(NameID.class);
nameID.setFormat(NameID.PERSISTENT);
nameID.setNameQualifier(SamlIdPUtils.determineNameIdNameQualifier(context.getRegisteredService(), samlIdPMetadataResolver));
FunctionUtils.doIf(StringUtils.isNotBlank(context.getRegisteredService().getServiceProviderNameIdQualifier()), value -> nameID.setSPNameQualifier(context.getRegisteredService().getServiceProviderNameIdQualifier()), value -> nameID.setSPNameQualifier(context.getAdaptor().getEntityId())).accept(context.getRegisteredService());
CollectionUtils.firstElement(attributeValue).ifPresent(value -> nameID.setValue(value.toString()));
attributeValue = nameID;
}
LOGGER.debug("Creating SAML attribute [{}] with value [{}], friendlyName [{}]", name, attributeValue, friendlyName);
val attribute = newAttribute(friendlyName, name, attributeValue, nameFormats, resp.getDefaultAttributeNameFormat(), context.getRegisteredService().getAttributeValueTypes());
LOGGER.trace("Created SAML attribute [{}] with NameID format [{}]", attribute.getName(), attribute.getNameFormat());
builder.build(attrStatement, attribute);
}
}
return attrStatement;
}
use of org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method getAuthenticationContextByAssertion.
/**
* Gets authentication context by assertion.
* This is more of a template method for the time being,
* and may be enhanced later to support more advanced parsing of classes
* from the assertion.
*
* @param context the context
* @param requestedAuthnContext the requested authn context
* @param authnContextClassRefs the authn context class refs
* @return the authentication context by assertion
*/
protected String getAuthenticationContextByAssertion(final SamlProfileBuilderContext context, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) {
LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getURI()));
val authnContexts = casProperties.getAuthn().getSamlIdp().getCore().getAuthenticationContextClassMappings();
val definedContexts = CollectionUtils.convertDirectedListToMap(authnContexts);
val mappedMethod = authnContextClassRefs.stream().filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> definedContexts.containsKey(ref.getURI())).map(ref -> Pair.of(ref, definedContexts.get(ref.getURI()))).findFirst().orElse(null);
val attributes = context.getAuthenticatedAssertion().getAttributes();
val contextAttribute = casProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute();
if (attributes.containsKey(contextAttribute) && mappedMethod != null) {
val authnContext = attributes.get(contextAttribute);
val satisfiedContext = CollectionUtils.firstElement(authnContext).map(Object::toString).orElse(null);
if (StringUtils.equals(mappedMethod.getValue(), satisfiedContext)) {
return mappedMethod.getLeft().getURI();
}
}
return null;
}
Aggregations