Example 21 with XMLObject
use of org.opensaml.core.xml.XMLObject in project ddf by codice.
the class PaosInInterceptor method checkAuthnRequest.
private void checkAuthnRequest(SOAPPart soapRequest) throws IOException {
XMLObject authnXmlObj = null;
try {
Node node = soapRequest.getEnvelope().getBody().getFirstChild();
authnXmlObj = SamlProtocol.getXmlObjectFromNode(node);
} catch (WSSecurityException | SOAPException | XMLStreamException ex) {
throw new IOException("Unable to convert AuthnRequest document to XMLObject.");
}
if (authnXmlObj == null) {
throw new IOException("AuthnRequest object is not Found.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IOException("SAMLRequest object is not AuthnRequest.");
}
}
Also used :
XMLStreamException(javax.xml.stream.XMLStreamException)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Node(org.w3c.dom.Node)
SOAPException(javax.xml.soap.SOAPException)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
Example 22 with XMLObject
use of org.opensaml.core.xml.XMLObject in project verify-hub by alphagov.
the class AttributeQueryRequestBuilder method build.
public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String authnStatementAssertionId, String requestId) {
XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).buildSamlEnginePersistentId();
EncryptedAssertion encryptedAuthnAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).build();
String encryptedAuthnAssertionString = toBase64EncodedStringTransformer.apply(encryptedAuthnAssertion);
EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
return aHubMatchingServiceRequestDto().withId(requestId).withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS).withPersistentId(persistentId).withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString).withEncryptedAuthnAssertion(encryptedAuthnAssertionString).build();
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
XMLObject(org.opensaml.core.xml.XMLObject)
XmlObjectToBase64EncodedStringTransformer(uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer)
PersistentId(uk.gov.ida.hub.samlengine.domain.PersistentId)
PersistentIdBuilder.aPersistentId(uk.gov.ida.hub.samlengine.builders.PersistentIdBuilder.aPersistentId)
Example 23 with XMLObject
use of org.opensaml.core.xml.XMLObject in project carbon-apimgt by wso2.
the class SAMLGroupIDExtractorImpl method getOrganizationFromSamlAssertion.
/**
* Get the organization list from the SAML2 Assertion
*
* @param assertions SAML2 assertions returned in SAML response
* @return Organization list from the assertion
*/
private String getOrganizationFromSamlAssertion(List<Assertion> assertions) {
List<String> attributeValueArray = new ArrayList<>();
String organizationAttributeName = getOrganizationClaim();
for (Assertion assertion : assertions) {
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
if (attributeStatementList != null) {
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
String attributeName = attribute.getName();
if (organizationAttributeName.equals(attributeName)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
if (attributeValues != null) {
for (XMLObject attributeValue : attributeValues) {
attributeValueArray.add(getAttributeValue(attributeValue));
}
}
}
}
}
}
}
if (log.isDebugEnabled()) {
log.debug("Organization list found in assertion: " + attributeValueArray);
}
return String.join(",", attributeValueArray);
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
ArrayList(java.util.ArrayList)
Assertion(org.opensaml.saml.saml2.core.Assertion)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
Example 24 with XMLObject
use of org.opensaml.core.xml.XMLObject in project carbon-apimgt by wso2.
the class SAMLGroupIDExtractorImplTest method getGroupingIdentifierListTestCase.
@Test
public void getGroupingIdentifierListTestCase() throws ParserConfigurationException, IOException, SAXException, UnmarshallingException, UserStoreException {
String claim = "http://wso2.org/claims/organization";
String organizationValue = "organization";
SAMLGroupIDExtractorImpl samlGroupIDExtractor = new SAMLGroupIDExtractorImplWrapper();
Mockito.when(DocumentBuilderFactory.newInstance()).thenReturn(documentBuilderFactory);
Mockito.when(documentBuilderFactory.newDocumentBuilder()).thenReturn(documentBuilder);
Mockito.when(documentBuilder.parse(samlGroupIDExtractor.getByteArrayInputStream("test"))).thenReturn(document);
Mockito.when(document.getDocumentElement()).thenReturn(element);
ServiceReferenceHolder serviceReferenceHolder = Mockito.mock(ServiceReferenceHolder.class);
PowerMockito.mockStatic(ServiceReferenceHolder.class);
PowerMockito.mockStatic(XMLObjectProviderRegistrySupport.class);
Response response = Mockito.mock(Response.class);
List<Assertion> assertion = new ArrayList();
Subject subject = Mockito.mock(Subject.class);
NameID nameID = Mockito.mock(NameID.class);
Assertion assertion1 = Mockito.mock(Assertion.class);
assertion.add(assertion1);
Mockito.when(XMLObjectProviderRegistrySupport.getUnmarshallerFactory()).thenReturn(unmarshallerFactory);
Mockito.when(unmarshallerFactory.getUnmarshaller(element)).thenReturn(unmarshaller);
Mockito.when(unmarshaller.unmarshall(element)).thenReturn(response);
Mockito.when(response.getAssertions()).thenReturn(assertion);
Mockito.when(assertion.get(0).getSubject()).thenReturn(subject);
Mockito.when(subject.getNameID()).thenReturn(nameID);
Mockito.when(nameID.getValue()).thenReturn("user");
System.setProperty(APIConstants.READ_ORGANIZATION_FROM_SAML_ASSERTION, "true");
APIManagerConfigurationService apiManagerConfigService = Mockito.mock(APIManagerConfigurationService.class);
Mockito.when(ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
Mockito.when(serviceReferenceHolder.getAPIManagerConfigurationService()).thenReturn(apiManagerConfigService);
APIManagerConfiguration apiManagerConfig = Mockito.mock(APIManagerConfiguration.class);
Mockito.when(apiManagerConfigService.getAPIManagerConfiguration()).thenReturn(apiManagerConfig);
Mockito.when(apiManagerConfig.getFirstProperty(APIConstants.API_STORE_GROUP_EXTRACTOR_CLAIM_URI)).thenReturn("http://wso2.org/claims/organization");
System.setProperty("carbon.home", "");
PrivilegedCarbonContext carbonContext;
carbonContext = Mockito.mock(PrivilegedCarbonContext.class);
PowerMockito.mockStatic(PrivilegedCarbonContext.class);
PowerMockito.when(PrivilegedCarbonContext.getThreadLocalCarbonContext()).thenReturn(carbonContext);
PowerMockito.when(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()).thenReturn(-1234);
PowerMockito.doNothing().when(carbonContext).setTenantDomain("carbon.super", true);
AttributeStatement mockAttributeStatement = PowerMockito.mock(AttributeStatement.class);
List<AttributeStatement> attributeStatementList = Collections.singletonList(mockAttributeStatement);
PowerMockito.when(assertion1.getAttributeStatements()).thenReturn(attributeStatementList);
Attribute mockAttribute = PowerMockito.mock(Attribute.class);
List<Attribute> attributesList = Collections.singletonList(mockAttribute);
PowerMockito.when(mockAttributeStatement.getAttributes()).thenReturn(attributesList);
XMLObject rawAttribute = PowerMockito.mock(XMLObject.class);
PowerMockito.when(rawAttribute.toString()).thenReturn(organizationValue);
List<XMLObject> mockedAttributeValues = Collections.singletonList(rawAttribute);
AttributedStringImpl mockedAttributedStringImpl = new AttributedStringImpl("nameSpaceURI", "elementLocalName", "namespacePrefix");
String sampleAttrValue = "MockedAuthParamSampleAttribute";
mockedAttributedStringImpl.setValue(sampleAttrValue);
List<XMLObject> mockedXSSAttributeValues = Collections.singletonList((XMLObject) mockedAttributedStringImpl);
XSAnyImpl mockedXSAnyImpl = Mockito.mock(XSAnyImpl.class);
PowerMockito.when(mockedXSAnyImpl.getTextContent()).thenReturn(sampleAttrValue);
List<XMLObject> mockedXSAnyImplAttributeValues = Collections.singletonList((XMLObject) mockedXSAnyImpl);
List<XMLObject> multiMockedAttributeValues = Arrays.asList(rawAttribute, PowerMockito.mock(XMLObject.class));
AuthenticatorsConfiguration.AuthenticatorConfig mockedAuthenticatorConfig = Mockito.mock(AuthenticatorsConfiguration.AuthenticatorConfig.class);
PowerMockito.when(mockAttribute.getAttributeValues()).thenReturn(mockedAttributeValues, multiMockedAttributeValues, mockedXSSAttributeValues, mockedXSAnyImplAttributeValues);
PowerMockito.mockStatic(AuthenticatorsConfiguration.class);
AuthenticatorsConfiguration mockedAuthenticatorsConfiguration = PowerMockito.mock(AuthenticatorsConfiguration.class);
PowerMockito.when(AuthenticatorsConfiguration.getInstance()).thenReturn(mockedAuthenticatorsConfiguration);
Map<String, String> mockedConfigParameters = new HashMap<String, String>();
mockedConfigParameters.put(APIConstants.ORGANIZATION_CLAIM_ATTRIBUTE, claim);
PowerMockito.when(mockedAuthenticatorConfig.getParameters()).thenReturn(mockedConfigParameters);
PowerMockito.when(mockedAuthenticatorsConfiguration.getAuthenticatorConfig(APIConstants.SAML2_SSO_AUTHENTICATOR_NAME)).thenReturn(mockedAuthenticatorConfig);
PowerMockito.when(mockAttribute.getName()).thenReturn(claim);
String[] organizations = samlGroupIDExtractor.getGroupingIdentifierList("test");
Assert.assertEquals(organizationValue, organizations[0]);
}
Also used :
ServiceReferenceHolder(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
XSAnyImpl(org.opensaml.core.xml.schema.impl.XSAnyImpl)
AttributedStringImpl(org.opensaml.soap.wssecurity.impl.AttributedStringImpl)
NameID(org.opensaml.saml.saml2.core.NameID)
AuthenticatorsConfiguration(org.wso2.carbon.core.security.AuthenticatorsConfiguration)
Assertion(org.opensaml.saml.saml2.core.Assertion)
XMLObject(org.opensaml.core.xml.XMLObject)
PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext)
Subject(org.opensaml.saml.saml2.core.Subject)
Response(org.opensaml.saml.saml2.core.Response)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 25 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class SAMLUtils method getClaims.
/**
* Extract Claims from a SAML Assertion
*/
public static ClaimCollection getClaims(SamlAssertionWrapper assertion) {
ClaimCollection claims = new ClaimCollection();
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements();
for (AttributeStatement as : statements) {
for (Attribute atr : as.getAttributes()) {
SAMLClaim claim = new SAMLClaim();
claim.setClaimType(atr.getName());
claim.setName(atr.getName());
claim.setNameFormat(atr.getNameFormat());
claim.setFriendlyName(atr.getFriendlyName());
for (XMLObject o : atr.getAttributeValues()) {
String attrValue = o.getDOM().getTextContent();
claim.getValues().add(attrValue);
}
claims.add(claim);
}
}
} else {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getSaml1().getAttributeStatements();
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
SAMLClaim claim = new SAMLClaim();
String claimType = atr.getAttributeName();
if (atr.getAttributeNamespace() != null) {
claimType = atr.getAttributeNamespace() + "/" + claimType;
}
claim.setClaimType(claimType);
claim.setName(atr.getAttributeName());
claim.setNameFormat(atr.getAttributeNamespace());
for (XMLObject o : atr.getAttributeValues()) {
String attrValue = o.getDOM().getTextContent();
claim.getValues().add(attrValue);
}
claims.add(claim);
}
}
}
return claims;
}
Also used :
SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim)
Attribute(org.opensaml.saml.saml2.core.Attribute)
XMLObject(org.opensaml.core.xml.XMLObject)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Aggregations
XMLObject (org.opensaml.core.xml.XMLObject)68
Element (org.w3c.dom.Element)27
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)21
Document (org.w3c.dom.Document)21
ByteArrayInputStream (java.io.ByteArrayInputStream)19
Attribute (org.opensaml.saml.saml2.core.Attribute)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)10
IOException (java.io.IOException)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)9
ArrayList (java.util.ArrayList)8
Test (org.junit.Test)8
XSString (org.opensaml.core.xml.schema.XSString)7
Assertion (org.opensaml.saml.saml2.core.Assertion)7
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
HashMap (java.util.HashMap)6
List (java.util.List)6
XMLStreamException (javax.xml.stream.XMLStreamException)6
InputStream (java.io.InputStream)5
InputStreamReader (java.io.InputStreamReader)5
LogoutSecurityException (ddf.security.samlp.LogoutSecurityException)4
