Examples with SAML11AssertionType org.keycloak.dom.saml.v1.assertion.SAML11AssertionType used on opensource projects

Search in sources :

Example 1 with SAML11AssertionType

use of org.keycloak.dom.saml.v1.assertion.SAML11AssertionType in project keycloak by keycloak.

the class SAML11AssertionParser method parse.

/**
 * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
 */
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
    StartElement startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
    startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
    // Special case: Encrypted Assertion
    StaxParserUtil.validate(startElement, ASSERTION);
    SAML11AssertionType assertion = parseBaseAttributes(startElement);
    Attribute issuerAttribute = startElement.getAttributeByName(new QName(SAML11Constants.ISSUER));
    String issuer = StaxParserUtil.getAttributeValue(issuerAttribute);
    assertion.setIssuer(issuer);
    // Peek at the next event
    while (xmlEventReader.hasNext()) {
        XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
        if (xmlEvent == null)
            break;
        if (xmlEvent instanceof EndElement) {
            xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
            EndElement endElement = (EndElement) xmlEvent;
            String endElementTag = StaxParserUtil.getElementName(endElement);
            if (endElementTag.equals(JBossSAMLConstants.ASSERTION.get()))
                break;
            else
                throw logger.parserUnknownEndElement(endElementTag, xmlEvent.getLocation());
        }
        StartElement peekedElement = null;
        if (xmlEvent instanceof StartElement) {
            peekedElement = (StartElement) xmlEvent;
        } else {
            peekedElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
        }
        if (peekedElement == null)
            break;
        String tag = StaxParserUtil.getElementName(peekedElement);
        if (tag.equals(JBossSAMLConstants.SIGNATURE.get())) {
            assertion.setSignature(StaxParserUtil.getDOMElement(xmlEventReader));
        } else if (JBossSAMLConstants.ISSUER.get().equalsIgnoreCase(tag)) {
            startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
            issuer = StaxParserUtil.getElementText(xmlEventReader);
            assertion.setIssuer(issuer);
        } else if (JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase(tag)) {
            SAML11SubjectParser subjectParser = new SAML11SubjectParser();
            SAML11SubjectType subject = (SAML11SubjectType) subjectParser.parse(xmlEventReader);
            SAML11SubjectStatementType subStat = new SAML11SubjectStatementType();
            subStat.setSubject(subject);
        } else if (JBossSAMLConstants.CONDITIONS.get().equalsIgnoreCase(tag)) {
            startElement = (StartElement) xmlEvent;
            SAML11ConditionsType conditions = SAML11ParserUtil.parseSAML11Conditions(xmlEventReader);
            assertion.setConditions(conditions);
        } else if (SAML11Constants.AUTHENTICATION_STATEMENT.equals(tag)) {
            startElement = (StartElement) xmlEvent;
            SAML11AuthenticationStatementType authStat = SAML11ParserUtil.parseAuthenticationStatement(xmlEventReader);
            assertion.add(authStat);
        } else if (SAML11Constants.ATTRIBUTE_STATEMENT.equalsIgnoreCase(tag)) {
            SAML11AttributeStatementType attributeStatementType = SAML11ParserUtil.parseSAML11AttributeStatement(xmlEventReader);
            assertion.add(attributeStatementType);
        } else if (SAML11Constants.AUTHORIZATION_DECISION_STATEMENT.equalsIgnoreCase(tag)) {
            SAML11AuthorizationDecisionStatementType authzStat = SAML11ParserUtil.parseSAML11AuthorizationDecisionStatement(xmlEventReader);
            assertion.add(authzStat);
        } else
            throw logger.parserUnknownTag(tag, peekedElement.getLocation());
    }
    return assertion;
}
Also used : SAML11ConditionsType(org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType) SAML11SubjectType(org.keycloak.dom.saml.v1.assertion.SAML11SubjectType) Attribute(javax.xml.stream.events.Attribute) EndElement(javax.xml.stream.events.EndElement) QName(javax.xml.namespace.QName) StartElement(javax.xml.stream.events.StartElement) SAML11AuthenticationStatementType(org.keycloak.dom.saml.v1.assertion.SAML11AuthenticationStatementType) SAML11AssertionType(org.keycloak.dom.saml.v1.assertion.SAML11AssertionType) XMLEvent(javax.xml.stream.events.XMLEvent) SAML11AuthorizationDecisionStatementType(org.keycloak.dom.saml.v1.assertion.SAML11AuthorizationDecisionStatementType) SAML11SubjectStatementType(org.keycloak.dom.saml.v1.assertion.SAML11SubjectStatementType) SAML11AttributeStatementType(org.keycloak.dom.saml.v1.assertion.SAML11AttributeStatementType)

Example 2 with SAML11AssertionType

use of org.keycloak.dom.saml.v1.assertion.SAML11AssertionType in project keycloak by keycloak.

the class SAML11AssertionParser method parseBaseAttributes.

private SAML11AssertionType parseBaseAttributes(StartElement nextElement) throws ParsingException {
    Attribute idAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.ASSERTIONID));
    if (idAttribute == null)
        throw logger.parserRequiredAttribute("AssertionID");
    String id = StaxParserUtil.getAttributeValue(idAttribute);
    Attribute majVersionAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.MAJOR_VERSION));
    String majVersion = StaxParserUtil.getAttributeValue(majVersionAttribute);
    StringUtil.match("1", majVersion);
    Attribute minVersionAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.MINOR_VERSION));
    String minVersion = StaxParserUtil.getAttributeValue(minVersionAttribute);
    StringUtil.match("1", minVersion);
    Attribute issueInstantAttribute = nextElement.getAttributeByName(new QName(JBossSAMLConstants.ISSUE_INSTANT.get()));
    XMLGregorianCalendar issueInstant = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstantAttribute));
    return new SAML11AssertionType(id, issueInstant);
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) Attribute(javax.xml.stream.events.Attribute) QName(javax.xml.namespace.QName) SAML11AssertionType(org.keycloak.dom.saml.v1.assertion.SAML11AssertionType)

Example 3 with SAML11AssertionType

use of org.keycloak.dom.saml.v1.assertion.SAML11AssertionType in project keycloak by keycloak.

the class SAML11ResponseParser method parse.

/**
 * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
 */
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
    // Get the startelement
    StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
    StaxParserUtil.validate(startElement, RESPONSE);
    Attribute idAttr = startElement.getAttributeByName(new QName(SAML11Constants.RESPONSE_ID));
    if (idAttr == null)
        throw logger.parserRequiredAttribute(SAML11Constants.RESPONSE_ID);
    String id = StaxParserUtil.getAttributeValue(idAttr);
    Attribute issueInstant = startElement.getAttributeByName(new QName(SAML11Constants.ISSUE_INSTANT));
    if (issueInstant == null)
        throw logger.parserRequiredAttribute(SAML11Constants.ISSUE_INSTANT);
    XMLGregorianCalendar issueInstantVal = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstant));
    SAML11ResponseType response = new SAML11ResponseType(id, issueInstantVal);
    while (xmlEventReader.hasNext()) {
        // Let us peek at the next start element
        startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
        if (startElement == null)
            break;
        String elementName = StaxParserUtil.getElementName(startElement);
        if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
            Element sig = StaxParserUtil.getDOMElement(xmlEventReader);
            response.setSignature(sig);
        } else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) {
            SAML11AssertionParser assertionParser = new SAML11AssertionParser();
            response.add((SAML11AssertionType) assertionParser.parse(xmlEventReader));
        } else if (JBossSAMLConstants.STATUS.get().equals(elementName)) {
            response.setStatus(parseStatus(xmlEventReader));
        } else
            throw logger.parserUnknownStartElement(elementName, startElement.getLocation());
    }
    return response;
}
Also used : StartElement(javax.xml.stream.events.StartElement) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) Attribute(javax.xml.stream.events.Attribute) SAML11ResponseType(org.keycloak.dom.saml.v1.protocol.SAML11ResponseType) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) EndElement(javax.xml.stream.events.EndElement) StartElement(javax.xml.stream.events.StartElement) SAML11AssertionType(org.keycloak.dom.saml.v1.assertion.SAML11AssertionType)

Example 4 with SAML11AssertionType

use of org.keycloak.dom.saml.v1.assertion.SAML11AssertionType in project keycloak by keycloak.

the class AssertionUtil method hasExpired.

/**
 * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and
 * SP are
 * out of sync.
 *
 * @param assertion
 * @param clockSkewInMilis in miliseconds
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException {
    boolean expiry = false;
    // Check for validity of assertion
    SAML11ConditionsType conditionsType = assertion.getConditions();
    if (conditionsType != null) {
        XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
        XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
        XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
        XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
        XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
        logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
        expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
        if (expiry) {
            logger.samlAssertionExpired(assertion.getID());
        }
    }
    // TODO: if conditions do not exist, assume the assertion to be everlasting?
    return expiry;
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML11ConditionsType(org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType)

Example 5 with SAML11AssertionType

use of org.keycloak.dom.saml.v1.assertion.SAML11AssertionType in project keycloak by keycloak.

the class AssertionUtil method createSAML11TimedConditions.

/**
 * Add validity conditions to the SAML2 Assertion
 *
 * @param assertion
 * @param durationInMilis
 *
 * @throws ConfigurationException
 * @throws IssueInstantMissingException
 */
public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException {
    XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
    if (issueInstant == null)
        throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
    XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew);
    SAML11ConditionsType conditionsType = new SAML11ConditionsType();
    XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew);
    conditionsType.setNotBefore(beforeInstant);
    conditionsType.setNotOnOrAfter(assertionValidityLength);
    assertion.setConditions(conditionsType);
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML11ConditionsType(org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType) IssueInstantMissingException(org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException)

Aggregations

SAML11AssertionType (org.keycloak.dom.saml.v1.assertion.SAML11AssertionType)6 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)5 SAML11ConditionsType (org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType)5 QName (javax.xml.namespace.QName)3 Attribute (javax.xml.stream.events.Attribute)3 SAML11AttributeStatementType (org.keycloak.dom.saml.v1.assertion.SAML11AttributeStatementType)3 Element (org.w3c.dom.Element)3 URI (java.net.URI)2 EndElement (javax.xml.stream.events.EndElement)2 StartElement (javax.xml.stream.events.StartElement)2 SAML11AuthenticationStatementType (org.keycloak.dom.saml.v1.assertion.SAML11AuthenticationStatementType)2 SAML11AuthorizationDecisionStatementType (org.keycloak.dom.saml.v1.assertion.SAML11AuthorizationDecisionStatementType)2 SAML11StatementAbstractType (org.keycloak.dom.saml.v1.assertion.SAML11StatementAbstractType)2 SAML11SubjectStatementType (org.keycloak.dom.saml.v1.assertion.SAML11SubjectStatementType)2 ArrayList (java.util.ArrayList)1 XMLEvent (javax.xml.stream.events.XMLEvent)1 SAML11AdviceType (org.keycloak.dom.saml.v1.assertion.SAML11AdviceType)1 SAML11AttributeType (org.keycloak.dom.saml.v1.assertion.SAML11AttributeType)1 SAML11AudienceRestrictionCondition (org.keycloak.dom.saml.v1.assertion.SAML11AudienceRestrictionCondition)1 SAML11ConditionAbstractType (org.keycloak.dom.saml.v1.assertion.SAML11ConditionAbstractType)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial