Examples with Assertion org.opensaml.saml.saml1.core.Assertion used on opensource projects

Example 96 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method build.

@Audit(action = "SAML2_RESPONSE", actionResolverName = "SAML2_RESPONSE_ACTION_RESOLVER", resourceResolverName = "SAML2_RESPONSE_RESOURCE_RESOLVER")
@Override
public T build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final Assertion assertion = buildSamlAssertion(authnRequest, request, response, casAssertion, service, adaptor, binding);
    final T finalResponse = buildResponse(assertion, casAssertion, authnRequest, service, adaptor, request, response, binding);
    return encodeFinalResponse(request, response, service, adaptor, finalResponse, binding, authnRequest, casAssertion);
}

Example 97 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class WsFederationAction method handleWsFederationAuthenticationRequest.

private Event handleWsFederationAuthenticationRequest(final RequestContext context) {
    final Service service = wsFederationCookieManager.retrieve(context);
    LOGGER.debug("Retrieved service [{}] from the session cookie", service);
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final String wResult = request.getParameter(WRESULT);
    LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
    if (StringUtils.isBlank(wResult)) {
        LOGGER.error("No [{}] parameter is found", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to create an assertion from the token parameter");
    final RequestedSecurityToken rsToken = this.wsFederationHelper.getRequestSecurityTokenFromResult(wResult);
    final Pair<Assertion, WsFederationConfiguration> assertion = this.wsFederationHelper.buildAndVerifyAssertion(rsToken, configurations);
    if (assertion == null) {
        LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
        return error();
    }
    LOGGER.debug("Attempting to validate the signature on the assertion");
    if (!this.wsFederationHelper.validateSignature(assertion)) {
        final String msg = "WS Requested Security Token is blank or the signature is not valid.";
        LOGGER.error(msg);
        throw new IllegalArgumentException(msg);
    }
    return buildCredentialsFromAssertion(context, assertion, service);
}

Example 98 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorResourceTest method assertThatDecryptedAssertionsAreTheSame.

private void assertThatDecryptedAssertionsAreTheSame(InboundResponseFromCountry response, org.opensaml.saml.saml2.core.Response originalResponse) {
    AssertionDecrypter hubDecrypter = new AssertionDecrypter(TestCertificateStrings.HUB_TEST_PRIVATE_ENCRYPTION_KEY, TestCertificateStrings.HUB_TEST_PUBLIC_ENCRYPTION_CERT);
    List<Assertion> originalAssertions = hubDecrypter.decryptAssertions(originalResponse);
    AssertionDecrypter rpDecrypter = new AssertionDecrypter(TestCertificateStrings.TEST_RP_MS_PRIVATE_ENCRYPTION_KEY, TestCertificateStrings.TEST_RP_PUBLIC_ENCRYPTION_CERT);
    Assertion returnedAssertion = rpDecrypter.decryptAssertion(response.getEncryptedIdentityAssertionBlob().get());
    assertThat(originalAssertions).hasSize(1);
    Assertion originalAssertion = originalAssertions.get(0);
    assertEquals(returnedAssertion, originalAssertion);
}

Example 99 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorService method translate.

public InboundResponseFromCountry translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
    Response response = unmarshall(samlResponseDto);
    ValidatedResponse validatedResponse = validateResponse(response);
    List<Assertion> assertions = assertionDecrypter.decryptAssertions(validatedResponse);
    Optional<Assertion> validatedIdentityAssertion = validateAssertion(validatedResponse, assertions);
    return toModel(validatedResponse, validatedIdentityAssertion, samlResponseDto.getMatchingServiceEntityId());
}

Example 100 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method buildSAML2Credentials.

protected final SAML2Credentials buildSAML2Credentials(final SAML2MessageContext context) {
    final NameID nameId = context.getSAMLSubjectNameIdentifierContext().getSAML2SubjectNameID();
    final Assertion subjectAssertion = context.getSubjectAssertion();
    final String sessionIndex = getSessionIndex(subjectAssertion);
    final String issuerEntityId = subjectAssertion.getIssuer().getValue();
    List<AuthnStatement> authnStatements = subjectAssertion.getAuthnStatements();
    List<String> authnContexts = new ArrayList<String>();
    for (AuthnStatement authnStatement : authnStatements) {
        authnContexts.add(authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
    }
    final List<Attribute> attributes = new ArrayList<Attribute>();
    for (final AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
        for (final Attribute attribute : attributeStatement.getAttributes()) {
            attributes.add(attribute);
        }
        if (!attributeStatement.getEncryptedAttributes().isEmpty()) {
            if (decrypter == null) {
                logger.warn("Encrypted attributes returned, but no keystore was provided.");
            } else {
                for (final EncryptedAttribute encryptedAttribute : attributeStatement.getEncryptedAttributes()) {
                    try {
                        attributes.add(decrypter.decrypt(encryptedAttribute));
                    } catch (final DecryptionException e) {
                        logger.warn("Decryption of attribute failed, continue with the next one", e);
                    }
                }
            }
        }
    }
    return new SAML2Credentials(nameId, issuerEntityId, attributes, subjectAssertion.getConditions(), sessionIndex, authnContexts);
}