Examples with SubjectConfirmationDataType org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType used on opensource projects

Search in sources :

Example 6 with SubjectConfirmationDataType

use of org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType in project keycloak by keycloak.

the class SAML2Response method createResponseType.

/**
 * Create a ResponseType
 *
 * <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion
 *
 * If you want to control over the assertion being issued, then use
 * {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder, IssuerInfoHolder, AssertionType)}
 *
 * @param ID id of the response
 * @param sp holder with the information about the Service Provider
 * @param idp holder with the information on the Identity Provider
 * @param issuerInfo holder with information on the issuer
 *
 * @return
 *
 * @throws ConfigurationException
 * @throws ProcessingException
 */
public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws ProcessingException {
    String responseDestinationURI = sp.getResponseDestinationURI();
    XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
    // Create assertion -> subject
    SubjectType subjectType = new SubjectType();
    // subject -> nameid
    NameIDType nameIDType = new NameIDType();
    nameIDType.setFormat(idp.getNameIDFormat() == null ? null : URI.create(idp.getNameIDFormat()));
    nameIDType.setValue(idp.getNameIDFormatValue());
    SubjectType.STSubType subType = new SubjectType.STSubType();
    subType.addBaseID(nameIDType);
    subjectType.setSubType(subType);
    SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
    subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
    SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
    subjectConfirmationData.setInResponseTo(sp.getRequestID());
    subjectConfirmationData.setRecipient(responseDestinationURI);
    // subjectConfirmationData.setNotBefore(issueInstant);
    subjectConfirmationData.setNotOnOrAfter(issueInstant);
    subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
    subjectType.addConfirmation(subjectConfirmation);
    AssertionType assertionType;
    NameIDType issuerID = issuerInfo.getIssuer();
    issueInstant = XMLTimeUtil.getIssueInstant();
    ConditionsType conditions = null;
    List<StatementAbstractType> statements = new LinkedList<>();
    // generate an id for the new assertion.
    String assertionID = IDGenerator.create("ID_");
    assertionType = SAMLAssertionFactory.createAssertion(assertionID, issuerID, issueInstant, conditions, subjectType, statements);
    try {
        AssertionUtil.createTimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW);
    } catch (ConfigurationException e) {
        throw logger.processingError(e);
    } catch (IssueInstantMissingException e) {
        throw logger.processingError(e);
    }
    ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
    // InResponseTo ID
    responseType.setInResponseTo(sp.getRequestID());
    // Destination
    responseType.setDestination(responseDestinationURI);
    return responseType;
}
Also used : EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) LinkedList(java.util.LinkedList) IssueInstantMissingException(org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Example 7 with SubjectConfirmationDataType

use of org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType in project keycloak by keycloak.

the class SAML2LoginResponseBuilder method buildModel.

public ResponseType buildModel() throws ConfigurationException, ProcessingException {
    ResponseType responseType = null;
    SAML2Response saml2Response = new SAML2Response();
    // Create a response type
    String id = IDGenerator.create("ID_");
    IssuerInfoHolder issuerHolder = new IssuerInfoHolder(issuer);
    issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue(nameId);
    idp.setNameIDFormat(nameIdFormat);
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI(destination);
    sp.setRequestID(requestID);
    sp.setIssuer(requestIssuer);
    responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
    AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
    // Add request issuer as the audience restriction
    AudienceRestrictionType audience = new AudienceRestrictionType();
    audience.addAudience(URI.create(requestIssuer));
    assertion.getConditions().addCondition(audience);
    // Update Conditions NotOnOrAfter
    if (assertionExpiration > 0) {
        ConditionsType conditions = assertion.getConditions();
        conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000L));
    }
    // Update SubjectConfirmationData NotOnOrAfter
    if (subjectExpiration > 0) {
        SubjectConfirmationDataType subjectConfirmationData = assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData();
        subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000L));
    }
    // Create an AuthnStatementType
    if (!disableAuthnStatement) {
        String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
        if (isNotNull(authMethod))
            authContextRef = authMethod;
        AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), authContextRef);
        if (sessionExpiration > 0)
            authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000L));
        if (sessionIndex != null)
            authnStatement.setSessionIndex(sessionIndex);
        else
            authnStatement.setSessionIndex(assertion.getID());
        assertion.addStatement(authnStatement);
    }
    if (includeOneTimeUseCondition) {
        assertion.getConditions().addCondition(new OneTimeUseType());
    }
    if (!this.extensions.isEmpty()) {
        ExtensionsType extensionsType = new ExtensionsType();
        for (NodeGenerator extension : this.extensions) {
            extensionsType.addExtension(extension);
        }
        responseType.setExtensions(extensionsType);
    }
    return responseType;
}
Also used : AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) IssuerInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) IDPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder)

Example 8 with SubjectConfirmationDataType

use of org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType in project keycloak by keycloak.

the class SAMLSubjectConfirmationParser method processSubElement.

@Override
protected void processSubElement(XMLEventReader xmlEventReader, SubjectConfirmationType target, SAMLAssertionQNames element, StartElement elementDetail) throws ParsingException {
    switch(element) {
        case NAMEID:
            NameIDType nameID = SAMLParserUtil.parseNameIDType(xmlEventReader);
            target.setNameID(nameID);
            break;
        case ENCRYPTED_ID:
            Element domElement = StaxParserUtil.getDOMElement(xmlEventReader);
            target.setEncryptedID(new EncryptedElementType(domElement));
            break;
        case SUBJECT_CONFIRMATION_DATA:
            SubjectConfirmationDataType subjectConfirmationData = SAMLSubjectConfirmationDataParser.INSTANCE.parse(xmlEventReader);
            target.setSubjectConfirmationData(subjectConfirmationData);
            break;
        default:
            throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
    }
}
Also used : SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) Element(org.w3c.dom.Element) StartElement(javax.xml.stream.events.StartElement) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) EncryptedElementType(org.keycloak.dom.saml.v2.assertion.EncryptedElementType)

Example 9 with SubjectConfirmationDataType

use of org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType in project keycloak by keycloak.

the class BaseWriter method write.

private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod());
    BaseIDAbstractType baseID = subjectConfirmationType.getBaseID();
    if (baseID != null) {
        write(baseID);
    }
    NameIDType nameIDType = subjectConfirmationType.getNameID();
    if (nameIDType != null) {
        write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
    }
    SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData();
    if (subjectConfirmationData != null) {
        write(subjectConfirmationData);
    }
    StaxUtil.writeEndElement(writer);
}
Also used : SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) QName(javax.xml.namespace.QName) BaseIDAbstractType(org.keycloak.dom.saml.v2.assertion.BaseIDAbstractType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 10 with SubjectConfirmationDataType

use of org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType in project keycloak by keycloak.

the class SessionNotOnOrAfterTest method checkSessionNotOnOrAfter.

private SAML2Object checkSessionNotOnOrAfter(SAML2Object ob, int ssoMaxLifespan, int accessCodeLifespan, int accessTokenLifespan) {
    assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) ob;
    Assert.assertNotNull(resp);
    Assert.assertNotNull(resp.getAssertions());
    Assert.assertThat(resp.getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(resp.getAssertions().get(0));
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion());
    // session lifespan
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getStatements());
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = statements.stream().filter(statement -> statement instanceof AuthnStatementType).map(s -> (AuthnStatementType) s).findFirst().orElse(null);
    assertThat(authType, notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000L)));
    // Conditions
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    ConditionsType condition = resp.getAssertions().get(0).getAssertion().getConditions();
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000L), condition.getNotOnOrAfter());
    // SubjectConfirmation (confirmationData has no NotBefore, using the previous one because it's the same)
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation());
    List<SubjectConfirmationType> confirmations = resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation();
    SubjectConfirmationDataType confirmationData = confirmations.stream().map(c -> c.getSubjectConfirmationData()).filter(c -> c != null).findFirst().orElse(null);
    Assert.assertNotNull(confirmationData);
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000L), confirmationData.getNotOnOrAfter());
    return null;
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Set(java.util.Set) Test(org.junit.Test) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) Assert.assertThat(org.junit.Assert.assertThat) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) List(java.util.List) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Assert(org.junit.Assert) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

SubjectConfirmationDataType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType)9 StartElement (javax.xml.stream.events.StartElement)3 ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)3 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)3 SubjectConfirmationType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType)3 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)3 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)2 QName (javax.xml.namespace.QName)2 EndElement (javax.xml.stream.events.EndElement)2 XMLEvent (javax.xml.stream.events.XMLEvent)2 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)2 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)2 StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)2 SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)2 KeyInfoType (org.keycloak.dom.xmlsec.w3.xmldsig.KeyInfoType)2 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Set (java.util.Set)1 Attribute (javax.xml.stream.events.Attribute)1 Matchers.greaterThan (org.hamcrest.Matchers.greaterThan)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial