Search in sources :

Example 51 with XMLObject

use of org.opensaml.core.xml.XMLObject in project carbon-apimgt by wso2.

the class SystemScopeUtils method getRolesFromAssertion.

/**
 * Get the role list from the SAML2 Assertion
 *
 * @param assertion SAML2 assertion
 * @return Role list from the assertion
 */
public static String[] getRolesFromAssertion(Assertion assertion) {
    List<String> roles = new ArrayList<String>();
    String roleClaim = getRoleClaim();
    List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
    if (attributeStatementList != null) {
        for (AttributeStatement statement : attributeStatementList) {
            List<Attribute> attributesList = statement.getAttributes();
            for (Attribute attribute : attributesList) {
                String attributeName = attribute.getName();
                if (attributeName != null && roleClaim.equals(attributeName)) {
                    List<XMLObject> attributeValues = attribute.getAttributeValues();
                    if (attributeValues != null && attributeValues.size() == 1) {
                        String attributeValueString = getAttributeValue(attributeValues.get(0));
                        String multiAttributeSeparator = getAttributeSeparator();
                        String[] attributeValuesArray = attributeValueString.split(multiAttributeSeparator);
                        if (log.isDebugEnabled()) {
                            log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + Arrays.toString(attributeValuesArray));
                        }
                        roles.addAll(Arrays.asList(attributeValuesArray));
                    } else if (attributeValues != null && attributeValues.size() > 1) {
                        for (XMLObject attributeValue : attributeValues) {
                            String attributeValueString = getAttributeValue(attributeValue);
                            if (log.isDebugEnabled()) {
                                log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + attributeValue);
                            }
                            roles.add(attributeValueString);
                        }
                    }
                }
            }
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Role list found for assertion: " + assertion + ", roles: " + roles);
    }
    return roles.toArray(new String[roles.size()]);
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) XSString(org.opensaml.core.xml.schema.XSString)

Example 52 with XMLObject

use of org.opensaml.core.xml.XMLObject in project cxf by apache.

the class AbstractRequestAssertionConsumerHandler method readSAMLResponse.

private org.opensaml.saml.saml2.core.Response readSAMLResponse(boolean postBinding, String samlResponse) {
    if (StringUtils.isEmpty(samlResponse)) {
        reportError("MISSING_SAML_RESPONSE");
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    String samlResponseDecoded = samlResponse;
    /*
        // URL Decoding only applies for the re-direct binding
        if (!postBinding) {
            try {
                samlResponseDecoded = URLDecoder.decode(samlResponse, StandardCharsets.UTF_8);
            } catch (UnsupportedEncodingException e) {
                throw ExceptionUtils.toBadRequestException(null, null);
            }
        }
        */
    final Reader reader;
    if (isSupportBase64Encoding()) {
        try {
            byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
            final InputStream tokenStream = !postBinding && isSupportDeflateEncoding() ? new DeflateEncoderDecoder().inflateToken(deflatedToken) : new ByteArrayInputStream(deflatedToken);
            reader = new InputStreamReader(tokenStream, StandardCharsets.UTF_8);
        } catch (Base64Exception | DataFormatException ex) {
            throw ExceptionUtils.toBadRequestException(ex, null);
        }
    } else {
        reader = new StringReader(samlResponseDecoded);
    }
    final Document responseDoc;
    try {
        responseDoc = StaxUtils.read(reader);
    } catch (Exception ex) {
        throw new WebApplicationException(400);
    }
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Received response: " + DOM2Writer.nodeToString(responseDoc.getDocumentElement()));
    }
    final XMLObject responseObject;
    try {
        responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw ExceptionUtils.toBadRequestException(ex, null);
    }
    if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    return (org.opensaml.saml.saml2.core.Response) responseObject;
}
Also used : InputStreamReader(java.io.InputStreamReader) WebApplicationException(javax.ws.rs.WebApplicationException) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) StringReader(java.io.StringReader) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) DeflateEncoderDecoder(org.apache.cxf.rs.security.saml.DeflateEncoderDecoder) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) DataFormatException(java.util.zip.DataFormatException) IOException(java.io.IOException) Base64Exception(org.apache.cxf.common.util.Base64Exception) WebApplicationException(javax.ws.rs.WebApplicationException) Response(javax.ws.rs.core.Response) DataFormatException(java.util.zip.DataFormatException) ByteArrayInputStream(java.io.ByteArrayInputStream) Base64Exception(org.apache.cxf.common.util.Base64Exception) StringReader(java.io.StringReader)

Example 53 with XMLObject

use of org.opensaml.core.xml.XMLObject in project cxf by apache.

the class SAMLClaimsTest method testSaml2StaticClaims.

/**
 * Test the creation of a SAML2 Assertion with StaticClaimsHandler
 */
@org.junit.Test
public void testSaml2StaticClaims() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
    ClaimsManager claimsManager = new ClaimsManager();
    StaticClaimsHandler claimsHandler = new StaticClaimsHandler();
    Map<String, String> staticClaimsMap = new HashMap<>();
    staticClaimsMap.put(CLAIM_STATIC_COMPANY, CLAIM_STATIC_COMPANY_VALUE);
    claimsHandler.setGlobalClaims(staticClaimsMap);
    claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection claims = new ClaimCollection();
    Claim claim = new Claim();
    claim.setClaimType(CLAIM_STATIC_COMPANY);
    claims.add(claim);
    providerParameters.setRequestedPrimaryClaims(claims);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
    List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
    assertEquals(attributes.size(), 1);
    assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY);
    XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
    assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE);
}
Also used : StaticEndpointClaimsHandler(org.apache.cxf.sts.claims.StaticEndpointClaimsHandler) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) StaticClaimsHandler(org.apache.cxf.sts.claims.StaticClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) HashMap(java.util.HashMap) Attribute(org.opensaml.saml.saml2.core.Attribute) StaticClaimsHandler(org.apache.cxf.sts.claims.StaticClaimsHandler) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 54 with XMLObject

use of org.opensaml.core.xml.XMLObject in project cxf by apache.

the class SAMLClaimsTest method testSaml2StaticEndpointClaims.

/**
 * Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler
 */
@org.junit.Test
public void testSaml2StaticEndpointClaims() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
    ClaimsManager claimsManager = new ClaimsManager();
    StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler();
    // Create claims map for specific application
    Map<String, String> endpointClaimsMap = new HashMap<>();
    endpointClaimsMap.put(CLAIM_APPLICATION, CLAIM_APPLICATION_VALUE);
    Map<String, Map<String, String>> staticClaims = new HashMap<>();
    staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap);
    claimsHandler.setEndpointClaims(staticClaims);
    claimsHandler.setSupportedClaims(Collections.singletonList(CLAIM_APPLICATION));
    claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection claims = new ClaimCollection();
    Claim claim = new Claim();
    claim.setClaimType(CLAIM_APPLICATION);
    claims.add(claim);
    providerParameters.setRequestedPrimaryClaims(claims);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
    List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
    assertEquals(attributes.size(), 1);
    assertEquals(attributes.get(0).getName(), CLAIM_APPLICATION);
    XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
    assertEquals(valueObj.getDOM().getTextContent(), CLAIM_APPLICATION_VALUE);
}
Also used : StaticEndpointClaimsHandler(org.apache.cxf.sts.claims.StaticEndpointClaimsHandler) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) StaticClaimsHandler(org.apache.cxf.sts.claims.StaticClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) HashMap(java.util.HashMap) Attribute(org.opensaml.saml.saml2.core.Attribute) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) StaticEndpointClaimsHandler(org.apache.cxf.sts.claims.StaticEndpointClaimsHandler) HashMap(java.util.HashMap) Map(java.util.Map) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 55 with XMLObject

use of org.opensaml.core.xml.XMLObject in project cxf by apache.

the class StaxClaimsValidator method handleSAML2Assertion.

private boolean handleSAML2Assertion(org.opensaml.saml.saml2.core.Assertion assertion) throws WSSecurityException {
    List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
        List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
        for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
            if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
                continue;
            }
            for (XMLObject attributeValue : attribute.getAttributeValues()) {
                Element attributeValueElement = attributeValue.getDOM();
                String text = attributeValueElement.getTextContent();
                if (!"admin-user".equals(text)) {
                    return false;
                }
            }
        }
    }
    return true;
}
Also used : Element(org.w3c.dom.Element) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Aggregations

XMLObject (org.opensaml.core.xml.XMLObject)68 Element (org.w3c.dom.Element)27 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)21 Document (org.w3c.dom.Document)21 ByteArrayInputStream (java.io.ByteArrayInputStream)19 Attribute (org.opensaml.saml.saml2.core.Attribute)14 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)10 IOException (java.io.IOException)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)9 ArrayList (java.util.ArrayList)8 Test (org.junit.Test)8 XSString (org.opensaml.core.xml.schema.XSString)7 Assertion (org.opensaml.saml.saml2.core.Assertion)7 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7 HashMap (java.util.HashMap)6 List (java.util.List)6 XMLStreamException (javax.xml.stream.XMLStreamException)6 InputStream (java.io.InputStream)5 InputStreamReader (java.io.InputStreamReader)5 LogoutSecurityException (ddf.security.samlp.LogoutSecurityException)4