Example 76 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class PassthroughAssertionUnmarshallerTest method transform_shouldTransformTheGpg45StatusIt01ForAFraudAssertion.
@Test
public void transform_shouldTransformTheGpg45StatusIt01ForAFraudAssertion() {
String gpg45Status = "IT01";
Assertion theAssertion = givenAFraudEventAssertion(gpg45Status);
PassthroughAssertion passthroughAssertion = unmarshaller.fromAssertion(theAssertion);
FraudDetectedDetails fraudDetectedDetails = passthroughAssertion.getFraudDetectedDetails().get();
assertThat(fraudDetectedDetails.getFraudIndicator()).isEqualTo(gpg45Status);
}
Also used :
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
FraudDetectedDetails(uk.gov.ida.saml.core.domain.FraudDetectedDetails)
Test(org.junit.jupiter.api.Test)
Example 77 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class PassthroughAssertionUnmarshallerTest method transform_shouldThrowExceptionWhenFraudIndicatorAuthnStatementDoesNotContainUniqueId.
@Test
public void transform_shouldThrowExceptionWhenFraudIndicatorAuthnStatementDoesNotContainUniqueId() {
Assertions.assertThrows(IllegalStateException.class, () -> {
Assertion theAssertion = anAssertion().addAuthnStatement(anAuthnStatement().withAuthnContext(anAuthnContext().withAuthnContextClassRef(anAuthnContextClassRef().withAuthnContextClasRefValue(IdaAuthnContext.LEVEL_X_AUTHN_CTX).build()).build()).build()).buildUnencrypted();
when(authnContextFactory.authnContextForLevelOfAssurance(IdaAuthnContext.LEVEL_X_AUTHN_CTX)).thenReturn(AuthnContext.LEVEL_X);
when(assertionStringTransformer.apply(theAssertion)).thenReturn("AUTHN_ASSERTION");
unmarshaller.fromAssertion(theAssertion);
});
}
Also used :
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
Test(org.junit.jupiter.api.Test)
Example 78 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class MatchingServiceAssertionToAssertionTransformer method transform.
public Assertion transform(MatchingServiceAssertion originalAssertion) {
Assertion transformedAssertion = openSamlXmlObjectFactory.createAssertion();
transformedAssertion.setIssueInstant(originalAssertion.getIssueInstant());
Issuer transformedIssuer = openSamlXmlObjectFactory.createIssuer(originalAssertion.getIssuerId());
transformedAssertion.setIssuer(transformedIssuer);
transformedAssertion.setID(originalAssertion.getId());
Subject subject = outboundAssertionToSubjectTransformer.transform(originalAssertion);
transformedAssertion.setSubject(subject);
MatchingServiceAuthnStatement authnStatement = originalAssertion.getAuthnStatement();
transformedAssertion.getAuthnStatements().add(matchingServiceAuthnStatementToAuthnStatementTransformer.transform(authnStatement));
Conditions conditions = openSamlXmlObjectFactory.createConditions();
AudienceRestriction audienceRestriction = openSamlXmlObjectFactory.createAudienceRestriction(originalAssertion.getAudience());
conditions.getAudienceRestrictions().add(audienceRestriction);
transformedAssertion.setConditions(conditions);
List<Attribute> userAttributesForAccountCreation = originalAssertion.getUserAttributesForAccountCreation();
if (!userAttributesForAccountCreation.isEmpty()) {
addAttributes(transformedAssertion, userAttributesForAccountCreation);
}
return transformedAssertion;
}
Also used :
AudienceRestriction(org.opensaml.saml.saml2.core.AudienceRestriction)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Attribute(org.opensaml.saml.saml2.core.Attribute)
MatchingServiceAssertion(uk.gov.ida.saml.msa.test.domain.MatchingServiceAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
MatchingServiceAuthnStatement(uk.gov.ida.saml.core.domain.MatchingServiceAuthnStatement)
Subject(org.opensaml.saml.saml2.core.Subject)
Conditions(org.opensaml.saml.saml2.core.Conditions)
Example 79 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project carbon-apimgt by wso2.
the class SAMLGroupIDExtractorImpl method getOrganizationFromSamlAssertion.
/**
* Get the organization list from the SAML2 Assertion
*
* @param assertions SAML2 assertions returned in SAML response
* @return Organization list from the assertion
*/
private String getOrganizationFromSamlAssertion(List<Assertion> assertions) {
List<String> attributeValueArray = new ArrayList<>();
String organizationAttributeName = getOrganizationClaim();
for (Assertion assertion : assertions) {
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
if (attributeStatementList != null) {
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
String attributeName = attribute.getName();
if (organizationAttributeName.equals(attributeName)) {
List<XMLObject> attributeValues = attribute.getAttributeValues();
if (attributeValues != null) {
for (XMLObject attributeValue : attributeValues) {
attributeValueArray.add(getAttributeValue(attributeValue));
}
}
}
}
}
}
}
if (log.isDebugEnabled()) {
log.debug("Organization list found in assertion: " + attributeValueArray);
}
return String.join(",", attributeValueArray);
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
ArrayList(java.util.ArrayList)
Assertion(org.opensaml.saml.saml2.core.Assertion)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
Example 80 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project carbon-apimgt by wso2.
the class SAMLGroupIDExtractorImpl method getGroupingIdentifierList.
@Override
public String[] getGroupingIdentifierList(String loginResponse) {
if (log.isDebugEnabled()) {
log.debug("Login response " + loginResponse);
}
ByteArrayInputStream samlResponseStream = null;
DocumentBuilder docBuilder;
String username = "";
String organization = "";
String[] groupIdArray = null;
try {
APIManagerConfiguration config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
String claim = config.getFirstProperty(APIConstants.API_STORE_GROUP_EXTRACTOR_CLAIM_URI);
if (StringUtils.isBlank(claim)) {
claim = "http://wso2.org/claims/organization";
}
samlResponseStream = getByteArrayInputStream(loginResponse);
DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
builderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
builderFactory.setNamespaceAware(true);
docBuilder = builderFactory.newDocumentBuilder();
Document document = docBuilder.parse(samlResponseStream);
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
Response response = (Response) unmarshaller.unmarshall(element);
List<Assertion> assertions = response.getAssertions();
if (assertions != null && assertions.size() > 0) {
Subject subject = assertions.get(0).getSubject();
if (subject != null) {
if (subject.getNameID() != null) {
username = subject.getNameID().getValue();
}
}
}
String isSAML2Enabled = System.getProperty(APIConstants.READ_ORGANIZATION_FROM_SAML_ASSERTION);
if (!StringUtils.isEmpty(isSAML2Enabled) && Boolean.parseBoolean(isSAML2Enabled)) {
organization = getOrganizationFromSamlAssertion(assertions);
} else {
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
UserStoreManager manager = realm.getUserStoreManager();
organization = manager.getUserClaimValue(MultitenantUtils.getTenantAwareUsername(username), claim, null);
}
if (log.isDebugEnabled()) {
log.debug("User organization " + organization);
}
if (organization != null) {
if (organization.contains(",")) {
groupIdArray = organization.split(",");
for (int i = 0; i < groupIdArray.length; i++) {
groupIdArray[i] = groupIdArray[i].toString().trim();
}
} else {
organization = organization.trim();
groupIdArray = new String[] { organization };
}
} else {
// If claim is null then returning a empty string
groupIdArray = new String[] {};
}
} catch (ParserConfigurationException e) {
String msg = "Error while parsing SAML Assertion";
log.error(msg, e);
} catch (UnmarshallingException e) {
String msg = "Error while unmarshalling the SAML Assertion";
log.error(msg, e);
} catch (SAXException e) {
String msg = "Parsing exception occur while unmarshalling the SAML Assertion";
log.error(msg, e);
} catch (IOException e) {
String msg = "IO exception happen while unmarshalling the SAML Assertion";
log.error(msg, e);
} catch (UserStoreException e) {
log.error("User store exception occurred for user" + username, e);
} catch (org.wso2.carbon.user.api.UserStoreException e) {
log.error("Error while checking user existence for " + username, e);
} finally {
if (samlResponseStream != null) {
try {
samlResponseStream.close();
} catch (IOException e) {
// Ignore
log.error("ERROR_CLOSING_STREAM");
}
}
}
return groupIdArray;
}
Also used :
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
Element(org.w3c.dom.Element)
XSString(org.opensaml.core.xml.schema.XSString)
Document(org.w3c.dom.Document)
SAXException(org.xml.sax.SAXException)
UserRealm(org.wso2.carbon.user.core.UserRealm)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
Unmarshaller(org.opensaml.core.xml.io.Unmarshaller)
UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)
Assertion(org.opensaml.saml.saml2.core.Assertion)
UnmarshallerFactory(org.opensaml.core.xml.io.UnmarshallerFactory)
UserStoreManager(org.wso2.carbon.user.core.UserStoreManager)
IOException(java.io.IOException)
Subject(org.opensaml.saml.saml2.core.Subject)
Response(org.opensaml.saml.saml2.core.Response)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
RealmService(org.wso2.carbon.user.core.service.RealmService)
Aggregations
Assertion (org.opensaml.saml.saml2.core.Assertion)175
Test (org.junit.jupiter.api.Test)118
Response (org.opensaml.saml.saml2.core.Response)62
AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)61
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)58
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)43
Attribute (org.opensaml.saml.saml2.core.Attribute)25
DateTime (org.joda.time.DateTime)23
Element (org.w3c.dom.Element)22
NameID (org.opensaml.saml.saml2.core.NameID)20
XMLObject (org.opensaml.core.xml.XMLObject)19
PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)17
ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)15
Authentication (org.springframework.security.core.Authentication)14
SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)13
Test (org.junit.Test)12
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)12
Conditions (org.opensaml.saml.saml2.core.Conditions)12
NameIDBuilder (org.opensaml.saml.saml2.core.impl.NameIDBuilder)11
Saml2ResponseValidatorResult (org.springframework.security.saml2.core.Saml2ResponseValidatorResult)11
