use of org.opensaml.saml.saml1.core.Assertion in project cloudstack by apache.
the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.
private Response buildMockResponse() throws Exception {
Response samlMessage = new ResponseBuilder().buildObject();
samlMessage.setID("foo");
samlMessage.setVersion(SAMLVersion.VERSION_20);
samlMessage.setIssueInstant(new DateTime(0));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("MockedIssuer");
samlMessage.setIssuer(issuer);
Status status = new StatusBuilder().buildObject();
StatusCode statusCode = new StatusCodeBuilder().buildObject();
statusCode.setValue(StatusCode.SUCCESS_URI);
status.setStatusCode(statusCode);
samlMessage.setStatus(status);
Assertion assertion = new AssertionBuilder().buildObject();
Subject subject = new SubjectBuilder().buildObject();
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue("SOME-UNIQUE-ID");
nameID.setFormat(NameIDType.PERSISTENT);
subject.setNameID(nameID);
assertion.setSubject(subject);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setSessionIndex("Some Session String");
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
assertion.getAttributeStatements().add(attributeStatement);
samlMessage.getAssertions().add(assertion);
return samlMessage;
}
use of org.opensaml.saml.saml1.core.Assertion in project ddf by codice.
the class AttributeQueryClient method retrieveResponse.
/**
* Retrieves the response and returns its SAML Assertion.
*
* @param requestDocument of the request.
* @return Assertion of the response or null if the response is empty.
* @throws AttributeQueryException
*/
private Assertion retrieveResponse(Document requestDocument) throws AttributeQueryException {
Assertion assertion = null;
try {
Document responseDocument = sendRequest(requestDocument);
if (responseDocument == null) {
return null;
}
// Print Response
if (LOGGER.isTraceEnabled()) {
printXML("SAML Response:\n {}", responseDocument);
}
// Extract Response from Soap message.
NodeList elementsByTagNameNS = responseDocument.getElementsByTagNameNS(SAML2_PROTOCOL, "Response");
if (elementsByTagNameNS == null) {
throw new AttributeQueryException("Unable to find SAML Response.");
}
Node responseNode = elementsByTagNameNS.item(0);
Element responseElement = (Element) responseNode;
Unmarshaller unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(responseElement);
Response response = (Response) unmarshaller.unmarshall(responseElement);
LOGGER.debug("Successfully marshalled Element to SAML Response.");
if (response.getStatus().getStatusCode().getValue().equals(SAML2_SUCCESS)) {
LOGGER.debug("Successful response, retrieved attributes.");
// Should only have one assertion.
assertion = response.getAssertions().get(0);
} else {
reportError(response.getStatus());
}
return assertion;
} catch (UnmarshallingException e) {
throw new AttributeQueryException("Unable to marshall Element to SAML Response.", e);
}
}
use of org.opensaml.saml.saml1.core.Assertion in project ddf by codice.
the class TestAttributeQueryClient method testRetrieveResponse.
@Test
public void testRetrieveResponse() {
setResponse(cannedResponse, false);
Assertion assertion = attributeQueryClient.query(USERNAME);
assertThat(assertion, is(notNullValue()));
assertThat(assertion.getIssuer().getValue(), is(equalTo("localhost")));
assertThat(assertion.getSubject().getNameID().getValue(), is(equalTo("admin")));
assertThat(assertion.getAttributeStatements(), is(notNullValue()));
}
use of org.opensaml.saml.saml1.core.Assertion in project ddf by codice.
the class SimpleSign method signSamlObject.
public void signSamlObject(SignableSAMLObject samlObject) throws SignatureException {
X509Certificate[] certificates = getSignatureCertificates();
String sigAlgo = getSignatureAlgorithm(certificates[0]);
PrivateKey privateKey = getSignaturePrivateKey();
// Create the signature
Signature signature = OpenSAMLUtil.buildSignature();
if (signature == null) {
throw new SignatureException("Unable to build signature.");
}
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(sigAlgo);
BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
try {
KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.security.SecurityException e) {
throw new SignatureException("Error generating KeyInfo from signing credential", e);
}
if (samlObject instanceof Response) {
List<Assertion> assertions = ((Response) samlObject).getAssertions();
for (Assertion assertion : assertions) {
assertion.getSignature().setSigningCredential(signingCredential);
}
}
samlObject.setSignature(signature);
SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
contentRef.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);
samlObject.releaseDOM();
samlObject.releaseChildrenDOM(true);
}
use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.
the class GoogleAccountsServiceResponseBuilder method constructSamlResponse.
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
*
* @param service the service
* @param authentication the authentication
* @return the SAML response
*/
protected String constructSamlResponse(final GoogleAccountsService service, final Authentication authentication) {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService registeredService = servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}
final Principal principal = authentication.getPrincipal();
final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service, registeredService);
final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, null, service);
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
final String sessionIndex = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix, notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant, currentDateTime.plusSeconds(this.skewAllowance), service.getId());
assertion.setConditions(conditions);
final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId, service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId(), null);
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final String result = SamlUtils.transformSamlObject(this.samlObjectBuilder.getConfigBean(), response, true).toString();
LOGGER.debug("Generated Google SAML response: [{}]", result);
return result;
}
Aggregations