use of org.opensaml.saml.saml1.core.AttributeStatement in project verify-hub by alphagov.
the class IPAddressValidator method validate.
public void validate(Assertion assertion) {
for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
if (attribute.getName().equals(IdaConstants.Attributes_1_1.IPAddress.NAME)) {
IPAddress ipAddressAttributeValue = (IPAddress) attribute.getAttributeValues().get(0);
String addressValue = ipAddressAttributeValue.getValue();
if (!Strings.isNullOrEmpty(addressValue)) {
return;
}
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyIPAddress(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
}
}
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingIPAddress(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
use of org.opensaml.saml.saml1.core.AttributeStatement in project tesb-rt-se by Talend.
the class SAML2AuthorizingInterceptor method getRoleFromAssertion.
private String getRoleFromAssertion(SamlAssertionWrapper assertion) {
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
return null;
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
return null;
}
String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims";
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) {
Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM();
return attributeValueElement.getTextContent();
}
}
}
return null;
}
use of org.opensaml.saml.saml1.core.AttributeStatement in project cloudstack by apache.
the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.
private Response buildMockResponse() throws Exception {
Response samlMessage = new ResponseBuilder().buildObject();
samlMessage.setID("foo");
samlMessage.setVersion(SAMLVersion.VERSION_20);
samlMessage.setIssueInstant(new DateTime(0));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("MockedIssuer");
samlMessage.setIssuer(issuer);
Status status = new StatusBuilder().buildObject();
StatusCode statusCode = new StatusCodeBuilder().buildObject();
statusCode.setValue(StatusCode.SUCCESS_URI);
status.setStatusCode(statusCode);
samlMessage.setStatus(status);
Assertion assertion = new AssertionBuilder().buildObject();
Subject subject = new SubjectBuilder().buildObject();
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue("SOME-UNIQUE-ID");
nameID.setFormat(NameIDType.PERSISTENT);
subject.setNameID(nameID);
assertion.setSubject(subject);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setSessionIndex("Some Session String");
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
assertion.getAttributeStatements().add(attributeStatement);
samlMessage.getAssertions().add(assertion);
return samlMessage;
}
use of org.opensaml.saml.saml1.core.AttributeStatement in project cloudstack by apache.
the class SAMLUtils method getValueFromAttributeStatements.
public static String getValueFromAttributeStatements(final List<AttributeStatement> attributeStatements, final String attributeKey) {
if (attributeStatements == null || attributeStatements.size() < 1 || attributeKey == null) {
return null;
}
for (AttributeStatement attributeStatement : attributeStatements) {
if (attributeStatement == null || attributeStatements.size() < 1) {
continue;
}
for (Attribute attribute : attributeStatement.getAttributes()) {
if (attribute.getAttributeValues() != null && attribute.getAttributeValues().size() > 0) {
String value = attribute.getAttributeValues().get(0).getDOM().getTextContent();
s_logger.debug("SAML attribute name: " + attribute.getName() + " friendly-name:" + attribute.getFriendlyName() + " value:" + value);
if (attributeKey.equals(attribute.getName()) || attributeKey.equals(attribute.getFriendlyName())) {
return value;
}
}
}
}
return null;
}
use of org.opensaml.saml.saml1.core.AttributeStatement in project spring-security by spring-projects.
the class OpenSamlDecryptionUtils method decryptAssertionElements.
static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration registration) {
Decrypter decrypter = decrypter(registration);
for (AttributeStatement statement : assertion.getAttributeStatements()) {
for (EncryptedAttribute encryptedAttribute : statement.getEncryptedAttributes()) {
try {
Attribute attribute = decrypter.decrypt(encryptedAttribute);
statement.getAttributes().add(attribute);
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
}
if (assertion.getSubject() == null) {
return;
}
if (assertion.getSubject().getEncryptedID() == null) {
return;
}
try {
assertion.getSubject().setNameID((NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID()));
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Aggregations