use of org.opensaml.core.xml.XMLObject in project carbon-apimgt by wso2.
the class SystemScopeUtils method getRolesFromAssertion.
/**
* Get the role list from the SAML2 Assertion
*
* @param assertion SAML2 assertion
* @return Role list from the assertion
*/
public static String[] getRolesFromAssertion(Assertion assertion) {
List<String> roles = new ArrayList<String>();
String roleClaim = getRoleClaim();
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
if (attributeStatementList != null) {
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
String attributeName = attribute.getName();
if (attributeName != null && roleClaim.equals(attributeName)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
if (attributeValues != null && attributeValues.size() == 1) {
String attributeValueString = getAttributeValue(attributeValues.get(0));
String multiAttributeSeparator = getAttributeSeparator();
String[] attributeValuesArray = attributeValueString.split(multiAttributeSeparator);
if (log.isDebugEnabled()) {
log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + Arrays.toString(attributeValuesArray));
}
roles.addAll(Arrays.asList(attributeValuesArray));
} else if (attributeValues != null && attributeValues.size() > 1) {
for (XMLObject attributeValue : attributeValues) {
String attributeValueString = getAttributeValue(attributeValue);
if (log.isDebugEnabled()) {
log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + attributeValue);
}
roles.add(attributeValueString);
}
}
}
}
}
}
if (log.isDebugEnabled()) {
log.debug("Role list found for assertion: " + assertion + ", roles: " + roles);
}
return roles.toArray(new String[roles.size()]);
}
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class AbstractRequestAssertionConsumerHandler method readSAMLResponse.
private org.opensaml.saml.saml2.core.Response readSAMLResponse(boolean postBinding, String samlResponse) {
if (StringUtils.isEmpty(samlResponse)) {
reportError("MISSING_SAML_RESPONSE");
throw ExceptionUtils.toBadRequestException(null, null);
}
String samlResponseDecoded = samlResponse;
/*
// URL Decoding only applies for the re-direct binding
if (!postBinding) {
try {
samlResponseDecoded = URLDecoder.decode(samlResponse, StandardCharsets.UTF_8);
} catch (UnsupportedEncodingException e) {
throw ExceptionUtils.toBadRequestException(null, null);
}
}
*/
final Reader reader;
if (isSupportBase64Encoding()) {
try {
byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
final InputStream tokenStream = !postBinding && isSupportDeflateEncoding() ? new DeflateEncoderDecoder().inflateToken(deflatedToken) : new ByteArrayInputStream(deflatedToken);
reader = new InputStreamReader(tokenStream, StandardCharsets.UTF_8);
} catch (Base64Exception | DataFormatException ex) {
throw ExceptionUtils.toBadRequestException(ex, null);
}
} else {
reader = new StringReader(samlResponseDecoded);
}
final Document responseDoc;
try {
responseDoc = StaxUtils.read(reader);
} catch (Exception ex) {
throw new WebApplicationException(400);
}
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Received response: " + DOM2Writer.nodeToString(responseDoc.getDocumentElement()));
}
final XMLObject responseObject;
try {
responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
} catch (WSSecurityException ex) {
throw ExceptionUtils.toBadRequestException(ex, null);
}
if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
throw ExceptionUtils.toBadRequestException(null, null);
}
return (org.opensaml.saml.saml2.core.Response) responseObject;
}
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class SAMLClaimsTest method testSaml2StaticClaims.
/**
* Test the creation of a SAML2 Assertion with StaticClaimsHandler
*/
@org.junit.Test
public void testSaml2StaticClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
StaticClaimsHandler claimsHandler = new StaticClaimsHandler();
Map<String, String> staticClaimsMap = new HashMap<>();
staticClaimsMap.put(CLAIM_STATIC_COMPANY, CLAIM_STATIC_COMPANY_VALUE);
claimsHandler.setGlobalClaims(staticClaimsMap);
claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CLAIM_STATIC_COMPANY);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
assertEquals(attributes.size(), 1);
assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY);
XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE);
}
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class SAMLClaimsTest method testSaml2StaticEndpointClaims.
/**
* Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler
*/
@org.junit.Test
public void testSaml2StaticEndpointClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler();
// Create claims map for specific application
Map<String, String> endpointClaimsMap = new HashMap<>();
endpointClaimsMap.put(CLAIM_APPLICATION, CLAIM_APPLICATION_VALUE);
Map<String, Map<String, String>> staticClaims = new HashMap<>();
staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap);
claimsHandler.setEndpointClaims(staticClaims);
claimsHandler.setSupportedClaims(Collections.singletonList(CLAIM_APPLICATION));
claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CLAIM_APPLICATION);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
assertEquals(attributes.size(), 1);
assertEquals(attributes.get(0).getName(), CLAIM_APPLICATION);
XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
assertEquals(valueObj.getDOM().getTextContent(), CLAIM_APPLICATION_VALUE);
}
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class StaxClaimsValidator method handleSAML2Assertion.
private boolean handleSAML2Assertion(org.opensaml.saml.saml2.core.Assertion assertion) throws WSSecurityException {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Aggregations