Examples with AuthnStatementType org.keycloak.dom.saml.v2.assertion.AuthnStatementType used on opensource projects

Example 11 with AuthnStatementType

use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.

the class SAML2LoginResponseBuilder method buildModel.

public ResponseType buildModel() throws ConfigurationException, ProcessingException {
    ResponseType responseType = null;
    SAML2Response saml2Response = new SAML2Response();
    // Create a response type
    String id = IDGenerator.create("ID_");
    IssuerInfoHolder issuerHolder = new IssuerInfoHolder(issuer);
    issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue(nameId);
    idp.setNameIDFormat(nameIdFormat);
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI(destination);
    sp.setRequestID(requestID);
    sp.setIssuer(requestIssuer);
    responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
    AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
    // Add request issuer as the audience restriction
    AudienceRestrictionType audience = new AudienceRestrictionType();
    audience.addAudience(URI.create(requestIssuer));
    assertion.getConditions().addCondition(audience);
    // Update Conditions NotOnOrAfter
    if (assertionExpiration > 0) {
        ConditionsType conditions = assertion.getConditions();
        conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000L));
    }
    // Update SubjectConfirmationData NotOnOrAfter
    if (subjectExpiration > 0) {
        SubjectConfirmationDataType subjectConfirmationData = assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData();
        subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000L));
    }
    // Create an AuthnStatementType
    if (!disableAuthnStatement) {
        String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
        if (isNotNull(authMethod))
            authContextRef = authMethod;
        AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), authContextRef);
        if (sessionExpiration > 0)
            authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000L));
        if (sessionIndex != null)
            authnStatement.setSessionIndex(sessionIndex);
        else
            authnStatement.setSessionIndex(assertion.getID());
        assertion.addStatement(authnStatement);
    }
    if (includeOneTimeUseCondition) {
        assertion.getConditions().addCondition(new OneTimeUseType());
    }
    if (!this.extensions.isEmpty()) {
        ExtensionsType extensionsType = new ExtensionsType();
        for (NodeGenerator extension : this.extensions) {
            extensionsType.addExtension(extension);
        }
        responseType.setExtensions(extensionsType);
    }
    return responseType;
}

Example 12 with AuthnStatementType

use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.

the class SAMLAuthnStatementParser method instantiateElement.

@Override
protected AuthnStatementType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
    XMLGregorianCalendar authnInstant = XMLTimeUtil.parse(StaxParserUtil.getRequiredAttributeValue(element, SAMLAssertionQNames.ATTR_AUTHN_INSTANT));
    AuthnStatementType res = new AuthnStatementType(authnInstant);
    res.setSessionIndex(StaxParserUtil.getAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_INDEX));
    res.setSessionNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_NOT_ON_OR_AFTER));
    return res;
}

Example 13 with AuthnStatementType

use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.

the class SAMLDataMarshallerTest method testParseAuthnType.

@Test
public void testParseAuthnType() {
    SAMLDataMarshaller serializer = new SAMLDataMarshaller();
    AuthnStatementType authnStatement = serializer.deserialize(TEST_AUTHN_TYPE, AuthnStatementType.class);
    // test authnStatement
    Assert.assertEquals("fa0f4fd3-8a11-44f4-9acb-ee30c5bb8fe5", authnStatement.getSessionIndex());
    // back to String
    String serialized = serializer.serialize(authnStatement);
    Assert.assertEquals(TEST_AUTHN_TYPE, serialized);
}

Example 14 with AuthnStatementType

use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.

the class StatementUtil method createAuthnStatement.

/**
 * Create an AuthnStatementType given the issue instant and the type of authentication
 *
 * @param instant an instanceof {@link XMLGregorianCalendar}
 * @param authnContextClassRefValue indicate the type of authentication performed
 *
 * @return {@link AuthnStatementType}
 */
public static AuthnStatementType createAuthnStatement(XMLGregorianCalendar instant, String authnContextClassRefValue) {
    AuthnStatementType authnStatement = new AuthnStatementType(instant);
    AuthnContextType authnContext = new AuthnContextType();
    AuthnContextClassRefType authnContextClassRef = new AuthnContextClassRefType(URI.create(authnContextClassRefValue));
    AuthnContextType.AuthnContextTypeSequence sequence = new AuthnContextType.AuthnContextTypeSequence();
    sequence.setClassRef(authnContextClassRef);
    authnContext.setSequence(sequence);
    authnStatement.setAuthnContext(authnContext);
    return authnStatement;
}

Example 15 with AuthnStatementType

use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

/**
 * Write an {@code AssertionType} to stream
 *
 * @param assertion
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(AssertionType assertion) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
    NameIDType issuer = assertion.getIssuer();
    if (issuer != null)
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    SubjectType subject = assertion.getSubject();
    if (subject != null) {
        write(subject);
    }
    ConditionsType conditions = assertion.getConditions();
    if (conditions != null) {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
        if (conditions.getNotBefore() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
        }
        if (conditions.getNotOnOrAfter() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
        }
        List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
        if (typeOfConditions != null) {
            for (ConditionAbstractType typeCondition : typeOfConditions) {
                if (typeCondition instanceof AudienceRestrictionType) {
                    AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
                    List<URI> audiences = art.getAudience();
                    if (audiences != null) {
                        for (URI audience : audiences) {
                            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
                            StaxUtil.writeCharacters(writer, audience.toString());
                            StaxUtil.writeEndElement(writer);
                        }
                    }
                    StaxUtil.writeEndElement(writer);
                }
                if (typeCondition instanceof OneTimeUseType) {
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
                    StaxUtil.writeEndElement(writer);
                }
            }
        }
        StaxUtil.writeEndElement(writer);
    }
    AdviceType advice = assertion.getAdvice();
    if (advice != null)
        throw logger.notImplementedYet("Advice");
    Set<StatementAbstractType> statements = assertion.getStatements();
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            if (statement instanceof AuthnStatementType) {
                write((AuthnStatementType) statement, false);
            } else if (statement instanceof AttributeStatementType) {
                write((AttributeStatementType) statement);
            } else
                throw logger.writerUnknownTypeError(statement.getClass().getName());
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}