Search in sources :

Example 61 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project verify-hub by alphagov.

the class IPAddressValidator method validate.

public void validate(Assertion assertion) {
    for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
        for (Attribute attribute : attributeStatement.getAttributes()) {
            if (attribute.getName().equals(IdaConstants.Attributes_1_1.IPAddress.NAME)) {
                IPAddress ipAddressAttributeValue = (IPAddress) attribute.getAttributeValues().get(0);
                String addressValue = ipAddressAttributeValue.getValue();
                if (!Strings.isNullOrEmpty(addressValue)) {
                    return;
                }
                SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyIPAddress(assertion.getID());
                throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
            }
        }
    }
    SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingIPAddress(assertion.getID());
    throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) IPAddress(uk.gov.ida.saml.core.extensions.IPAddress)

Example 62 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project tesb-rt-se by Talend.

the class SAML2AuthorizingInterceptor method getRoleFromAssertion.

private String getRoleFromAssertion(SamlAssertionWrapper assertion) {
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        return null;
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        return null;
    }
    String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims";
    for (AttributeStatement statement : attributeStatements) {
        List<Attribute> attributes = statement.getAttributes();
        for (Attribute attribute : attributes) {
            if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) {
                Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM();
                return attributeValueElement.getTextContent();
            }
        }
    }
    return null;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion)

Example 63 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cloudstack by apache.

the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.

private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}
Also used : Status(org.opensaml.saml2.core.Status) AttributeStatementBuilder(org.opensaml.saml2.core.impl.AttributeStatementBuilder) StatusCodeBuilder(org.opensaml.saml2.core.impl.StatusCodeBuilder) Issuer(org.opensaml.saml2.core.Issuer) NameID(org.opensaml.saml2.core.NameID) Assertion(org.opensaml.saml2.core.Assertion) AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder) AuthnStatementBuilder(org.opensaml.saml2.core.impl.AuthnStatementBuilder) StatusCode(org.opensaml.saml2.core.StatusCode) DateTime(org.joda.time.DateTime) Subject(org.opensaml.saml2.core.Subject) Response(org.opensaml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) AuthnStatement(org.opensaml.saml2.core.AuthnStatement) StatusBuilder(org.opensaml.saml2.core.impl.StatusBuilder) IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder) ResponseBuilder(org.opensaml.saml2.core.impl.ResponseBuilder) SubjectBuilder(org.opensaml.saml2.core.impl.SubjectBuilder)

Example 64 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cloudstack by apache.

the class SAMLUtils method getValueFromAttributeStatements.

public static String getValueFromAttributeStatements(final List<AttributeStatement> attributeStatements, final String attributeKey) {
    if (attributeStatements == null || attributeStatements.size() < 1 || attributeKey == null) {
        return null;
    }
    for (AttributeStatement attributeStatement : attributeStatements) {
        if (attributeStatement == null || attributeStatements.size() < 1) {
            continue;
        }
        for (Attribute attribute : attributeStatement.getAttributes()) {
            if (attribute.getAttributeValues() != null && attribute.getAttributeValues().size() > 0) {
                String value = attribute.getAttributeValues().get(0).getDOM().getTextContent();
                s_logger.debug("SAML attribute name: " + attribute.getName() + " friendly-name:" + attribute.getFriendlyName() + " value:" + value);
                if (attributeKey.equals(attribute.getName()) || attributeKey.equals(attribute.getFriendlyName())) {
                    return value;
                }
            }
        }
    }
    return null;
}
Also used : Attribute(org.opensaml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml2.core.AttributeStatement)

Example 65 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project spring-security by spring-projects.

the class OpenSamlDecryptionUtils method decryptAssertionElements.

static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration registration) {
    Decrypter decrypter = decrypter(registration);
    for (AttributeStatement statement : assertion.getAttributeStatements()) {
        for (EncryptedAttribute encryptedAttribute : statement.getEncryptedAttributes()) {
            try {
                Attribute attribute = decrypter.decrypt(encryptedAttribute);
                statement.getAttributes().add(attribute);
            } catch (Exception ex) {
                throw new Saml2Exception(ex);
            }
        }
    }
    if (assertion.getSubject() == null) {
        return;
    }
    if (assertion.getSubject().getEncryptedID() == null) {
        return;
    }
    try {
        assertion.getSubject().setNameID((NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID()));
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)61 Attribute (org.opensaml.saml.saml2.core.Attribute)38 Assertion (org.opensaml.saml.saml2.core.Assertion)36 Test (org.junit.jupiter.api.Test)24 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)17 XMLObject (org.opensaml.core.xml.XMLObject)15 EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10 SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9 ArrayList (java.util.ArrayList)8 SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8 XSString (org.opensaml.core.xml.schema.XSString)7 NameID (org.opensaml.saml.saml2.core.NameID)7 Response (org.opensaml.saml.saml2.core.Response)7 Subject (org.opensaml.saml.saml2.core.Subject)7 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)6 AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)6 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)6 HashMap (java.util.HashMap)5 List (java.util.List)5 Map (java.util.Map)5