Search in sources :

Example 6 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project verify-hub by alphagov.

the class AuthnResponseFactory method aResponseFromIdpBuilder.

public ResponseBuilder aResponseFromIdpBuilder(String idpEntityId, String ipAddressSeenByIdp, String requestId, DateTime issueInstant, String authnStatementAssertionId, String authnAssertionSubjectPid, String authnAssertionIssuer, String authnAssertionInResponseTo, String mdsStatementAssertionId, String mdsAssertionSubjectPid, String mdsAssertionIssuer, String mdsAssertionInResponseTo, Optional<BasicCredential> basicCredential) throws Exception {
    TestCredentialFactory idpSigningCredentialFactory = new TestCredentialFactory(publicSigningCerts.get(idpEntityId), privateSigningKeys.get(idpEntityId));
    final Subject mdsAssertionSubject = SubjectBuilder.aSubject().withPersistentId(mdsAssertionSubjectPid).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(mdsAssertionInResponseTo).build()).build()).build();
    final Subject authnAssertionSubject = SubjectBuilder.aSubject().withNameId(buildNameID(authnAssertionSubjectPid)).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(authnAssertionInResponseTo).build()).build()).build();
    final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
    final Credential encryptingCredential;
    if (basicCredential.isPresent()) {
        encryptingCredential = basicCredential.get();
    } else {
        encryptingCredential = hubEncryptionCredentialFactory.getEncryptingCredential();
    }
    final Credential signingCredential = idpSigningCredentialFactory.getSigningCredential();
    final AssertionBuilder mdsAssertion = AssertionBuilder.anAssertion().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(mdsAssertionIssuer).build()).withSubject(mdsAssertionSubject).withId(mdsStatementAssertionId).addAttributeStatement(matchingDatasetAttributeStatement);
    final AssertionBuilder authnAssertion = AssertionBuilder.anAssertion().withId(generateId()).addAttributeStatement(anAttributeStatement().addAttribute(anIPAddress().withValue(ipAddressSeenByIdp).build()).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(authnAssertionIssuer).build()).withSubject(authnAssertionSubject).withId(authnStatementAssertionId).withIssueInstant(issueInstant).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build());
    ResponseBuilder responseBuilder = ResponseBuilder.aResponse().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSigningCredential(signingCredential).withInResponseTo(requestId).addEncryptedAssertion(mdsAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential)).addEncryptedAssertion(authnAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential));
    return responseBuilder;
}
Also used : TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory) BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.core.test.builders.AttributeStatementBuilder.anAttributeStatement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AssertionBuilder(uk.gov.ida.saml.core.test.builders.AssertionBuilder) ResponseBuilder(uk.gov.ida.saml.core.test.builders.ResponseBuilder) Subject(org.opensaml.saml.saml2.core.Subject)

Example 7 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cas by apereo.

the class Saml10ObjectBuilder method newAttributeStatement.

/**
 * New attribute statement.
 *
 * @param subject            the subject
 * @param attributes         the attributes
 * @param attributeNamespace the attribute namespace
 * @return the attribute statement
 */
public AttributeStatement newAttributeStatement(final Subject subject, final Map<String, Object> attributes, final String attributeNamespace) {
    final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
    attrStatement.setSubject(subject);
    for (final Map.Entry<String, Object> e : attributes.entrySet()) {
        if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
            continue;
        }
        final Attribute attribute = newSamlObject(Attribute.class);
        attribute.setAttributeName(e.getKey());
        if (StringUtils.isNotBlank(attributeNamespace)) {
            attribute.setAttributeNamespace(attributeNamespace);
        }
        addAttributeValuesToSaml1Attribute(e.getKey(), e.getValue(), attribute.getAttributeValues());
        attrStatement.getAttributes().add(attribute);
    }
    return attrStatement;
}
Also used : Attribute(org.opensaml.saml.saml1.core.Attribute) AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) SAMLObject(org.opensaml.saml.common.SAMLObject) Map(java.util.Map)

Example 8 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cxf by apache.

the class SAMLUtils method getClaims.

/**
 * Extract Claims from a SAML Assertion
 */
public static ClaimCollection getClaims(SamlAssertionWrapper assertion) {
    ClaimCollection claims = new ClaimCollection();
    if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements();
        for (AttributeStatement as : statements) {
            for (Attribute atr : as.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                claim.setClaimType(URI.create(atr.getName()));
                claim.setName(atr.getName());
                claim.setNameFormat(atr.getNameFormat());
                claim.setFriendlyName(atr.getFriendlyName());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    } else {
        List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getSaml1().getAttributeStatements();
        for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
            for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                String claimType = atr.getAttributeName();
                if (atr.getAttributeNamespace() != null) {
                    claimType = atr.getAttributeNamespace() + "/" + claimType;
                }
                claim.setClaimType(URI.create(claimType));
                claim.setName(atr.getAttributeName());
                claim.setNameFormat(atr.getAttributeNamespace());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    }
    return claims;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim) Attribute(org.opensaml.saml.saml2.core.Attribute) XMLObject(org.opensaml.core.xml.XMLObject) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 9 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cxf by apache.

the class ActAsValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    // The technical user should be in the Subject
    Subject subject = saml2Assertion.getSubject();
    if (subject == null || subject.getNameID() == null || !subject.getNameID().getValue().contains("www.client.com")) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    for (AttributeStatement statement : attributeStatements) {
        List<Attribute> attributes = statement.getAttributes();
        for (Attribute attribute : attributes) {
            if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) {
                continue;
            }
            for (XMLObject attributeValue : attribute.getAttributeValues()) {
                Element attributeValueElement = attributeValue.getDOM();
                String text = attributeValueElement.getTextContent();
                if (text.contains("alice") || text.contains("bob")) {
                    return validatedCredential;
                }
            }
        }
    }
    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Subject(org.opensaml.saml.saml2.core.Subject)

Example 10 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project OpenAttestation by OpenAttestation.

the class TrustAssertion method populateAssertionMap.

/**
     * Sample assertion statements that may appear in the XML: Trusted (boolean)
     * Trusted_BIOS (boolean) Trusted_VMM (boolean) BIOS_Name (string)
     * BIOS_Version (string) BIOS_OEM (string) VMM_Name (string) VMM_Version
     * (string) VMM_OSName (string) VMM_OSVersion (string) The BIOS_* entries
     * will only appear if Trusted_BIOS is true The VMM_* entries will only
     * appear if Trusted_VMM is true
     */
private void populateAssertionMap() {
    for (Statement statement : assertion.getStatements()) {
        if (statement instanceof AttributeStatement) {
            HashMap<String, String> assertionMap = new HashMap<String, String>();
            HostTrustAssertion hostTrustAssertion = new HostTrustAssertion(assertion, assertionMap);
            log.debug("attributes.size: " + ((AttributeStatement) statement).getAttributes().size());
            for (Attribute attribute : ((AttributeStatement) statement).getAttributes()) {
                String attributeValue = null;
                for (XMLObject value : attribute.getAttributeValues()) {
                    if (value instanceof XSAny) {
                        // boolean attributes are the text "true" or "false"
                        attributeValue = (((XSAny) value).getTextContent());
                    }
                    if (value instanceof XSString) {
                        attributeValue = (((XSString) value).getValue());
                    }
                }
                assertionMap.put(attribute.getName(), attributeValue);
            }
            hostAssertionMap.put(assertionMap.get("Host_Name"), hostTrustAssertion);
        }
    }
}
Also used : HashMap(java.util.HashMap) Attribute(org.opensaml.saml2.core.Attribute) Statement(org.opensaml.saml2.core.Statement) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) XMLObject(org.opensaml.xml.XMLObject) XSString(org.opensaml.xml.schema.XSString) XSString(org.opensaml.xml.schema.XSString) XSAny(org.opensaml.xml.schema.XSAny)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)17 Attribute (org.opensaml.saml.saml2.core.Attribute)10 XMLObject (org.opensaml.core.xml.XMLObject)8 Subject (org.opensaml.saml.saml2.core.Subject)5 Map (java.util.Map)4 Assertion (org.opensaml.saml.saml2.core.Assertion)4 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)4 SecurityAssertion (ddf.security.assertion.SecurityAssertion)3 HashMap (java.util.HashMap)3 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)3 Credential (org.apache.wss4j.dom.validate.Credential)3 Credential (org.opensaml.security.credential.Credential)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 XSString (org.opensaml.core.xml.schema.XSString)2 Attribute (org.opensaml.saml2.core.Attribute)2 Signature (org.opensaml.xmlsec.signature.Signature)2 UTF8NameValueMicroformat (com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)1 UTF8NameValueSequence (com.intel.mtwilson.datatypes.UTF8NameValueSequence)1