Examples with SAML2TokenGenerationState org.forgerock.openam.sts.service.invocation.SAML2TokenGenerationState used on opensource projects

Search in sources :

Example 1 with SAML2TokenGenerationState

use of org.forgerock.openam.sts.service.invocation.SAML2TokenGenerationState in project OpenAM by OpenRock.

the class SAML2TokenGenerationImpl method generate.

public String generate(SSOToken subjectToken, STSInstanceState stsInstanceState, TokenGenerationServiceInvocationState invocationState) throws TokenCreationException {
    final SAML2Config saml2Config = stsInstanceState.getConfig().getSaml2Config();
    if (saml2Config == null) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "Invocation targets a SAML2 token, but no SAML2Config was specified in the published sts!");
    }
    final String subjectId = ssoTokenIdentity.validateAndGetTokenPrincipal(subjectToken);
    final Assertion assertion = AssertionFactory.getInstance().createAssertion();
    setVersionAndId(assertion);
    setIssuer(assertion, saml2Config);
    final Date issueInstant = new Date();
    setIssueInstant(assertion, issueInstant);
    final SAML2TokenGenerationState tokenGenerationState = invocationState.getSaml2TokenGenerationState();
    setConditions(assertion, saml2Config, issueInstant, tokenGenerationState.getSaml2SubjectConfirmation());
    setSubject(assertion, subjectId, saml2Config.getSpAcsUrl(), saml2Config, invocationState.getSaml2TokenGenerationState().getSaml2SubjectConfirmation(), issueInstant, tokenGenerationState.getProofTokenState());
    setAuthenticationStatements(assertion, saml2Config, tokenGenerationState.getAuthnContextClassRef());
    setAttributeStatements(assertion, subjectToken, saml2Config);
    setAuthzDecisionStatements(assertion, subjectToken, saml2Config);
    /*
        entering this branch handles both encryption and signing, as the encryption of the entire assertion must be
        proceeded by signing.
         */
    String assertionString;
    if (saml2Config.encryptAssertion()) {
        EncryptedAssertion encryptedAssertion = handleSingingAndEncryptionOfEntireAssertion(assertion, saml2Config, stsInstanceState);
        try {
            assertionString = encryptedAssertion.toXMLString(ASSERTION_TO_STRING_INCLUDE_NAMESPACE_PREFIX, ASSERTION_TO_STRING_DECLARE_NAMESPACE_PREFIX);
        } catch (SAML2Exception e) {
            throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught calling Assertion.toXMLString: " + e, e);
        }
    } else {
        if (saml2Config.encryptAttributes()) {
            encryptAttributeStatement(assertion, saml2Config, stsInstanceState);
        }
        if (saml2Config.encryptNameID()) {
            encryptNameID(assertion, saml2Config, stsInstanceState);
        }
        if (saml2Config.signAssertion()) {
            signAssertion(assertion, stsInstanceState);
        }
        try {
            assertionString = assertion.toXMLString(ASSERTION_TO_STRING_INCLUDE_NAMESPACE_PREFIX, ASSERTION_TO_STRING_DECLARE_NAMESPACE_PREFIX);
        } catch (SAML2Exception e) {
            throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught calling Assertion.toXMLString: " + e, e);
        }
    }
    if (stsInstanceState.getConfig().persistIssuedTokensInCTS()) {
        try {
            ctsTokenPersistence.persistToken(invocationState.getStsInstanceId(), TokenType.SAML2, assertionString, subjectId, issueInstant.getTime(), saml2Config.getTokenLifetimeInSeconds());
        } catch (CTSTokenPersistenceException e) {
            throw new TokenCreationException(e.getCode(), e.getMessage(), e);
        }
    }
    return assertionString;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) CTSTokenPersistenceException(org.forgerock.openam.sts.CTSTokenPersistenceException) Date(java.util.Date) SAML2TokenGenerationState(org.forgerock.openam.sts.service.invocation.SAML2TokenGenerationState)

Aggregations

Assertion (com.sun.identity.saml2.assertion.Assertion)1 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)1 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 Date (java.util.Date)1 CTSTokenPersistenceException (org.forgerock.openam.sts.CTSTokenPersistenceException)1 TokenCreationException (org.forgerock.openam.sts.TokenCreationException)1 SAML2Config (org.forgerock.openam.sts.config.user.SAML2Config)1 SAML2TokenGenerationState (org.forgerock.openam.sts.service.invocation.SAML2TokenGenerationState)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial