Examples with AttributeStatement org.opensaml.saml.saml1.core.AttributeStatement used on opensource projects

Search in sources :

Example 21 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorServiceTest method setup.

@Before
public void setup() {
    IdaSamlBootstrap.bootstrap();
    final String idpEntityId = TestEntityIds.STUB_IDP_ONE;
    final String assertionId1 = randomUUID().toString();
    final String assertionId2 = randomUUID().toString();
    final String requestId = randomUUID().toString();
    final SignatureAlgorithm signatureAlgorithm = new SignatureRSASHA1();
    final DigestAlgorithm digestAlgorithm = new DigestSHA256();
    final Subject mdsAssertionSubject = aSubject().withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
    final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
    final Subject authnAssertionSubject = aSubject().withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
    final AttributeStatement ipAddress = anAttributeStatement().addAttribute(IPAddressAttributeBuilder.anIPAddress().build()).build();
    final Optional<Signature> signature = of(SignatureBuilder.aSignature().build());
    final SignatureImpl signatureImpl = ((SignatureImpl) signature.get());
    signatureImpl.setXMLSignature(BuilderHelper.createXMLSignature(signatureAlgorithm, digestAlgorithm));
    authnStatementAssertion = AssertionBuilder.anAssertion().withId(assertionId1).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(authnAssertionSubject).addAttributeStatement(ipAddress).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build()).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId1, digestAlgorithm).build()).buildUnencrypted();
    matchingDatasetAssertion = AssertionBuilder.anAssertion().withId(assertionId2).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(mdsAssertionSubject).addAttributeStatement(matchingDatasetAttributeStatement).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId2, digestAlgorithm).build()).buildUnencrypted();
    when(responseContainer.getSamlResponse()).thenReturn(saml);
    when(stringToOpenSamlResponseTransformer.apply(saml)).thenReturn(samlResponse);
    when(samlResponseToIdaResponseIssuedByIdpTransformer.apply(samlResponse)).thenReturn(responseFromIdp);
    when(authStatementAssertion.getUnderlyingAssertionBlob()).thenReturn(authStatementUnderlyingAssertionBlob);
    when(authStatementAssertion.getAuthnContext()).thenReturn(Optional.empty());
    when(authStatementAssertion.getFraudDetectedDetails()).thenReturn(Optional.empty());
    when(authStatementAssertion.getPrincipalIpAddressAsSeenByIdp()).thenReturn(Optional.of(principalIpAddressSeenByIdp));
    when(authnStatementPersistentId.getNameId()).thenReturn("a name id");
    when(authnStatementPersistentId.getNameId()).thenReturn(persistentIdName);
    when(authStatementAssertion.getPersistentId()).thenReturn(authnStatementPersistentId);
    when(responseFromIdp.getIssuer()).thenReturn(responseIssuer);
    when(responseFromIdp.getStatus()).thenReturn(status);
    when(responseFromIdp.getMatchingDatasetAssertion()).thenReturn(empty());
    when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(empty());
    when(responseFromIdp.getSignature()).thenReturn(signature);
    ;
    when(samlResponse.getIssuer()).thenReturn(issuer);
    when(stringToAssertionTransformer.apply(authStatementUnderlyingAssertionBlob)).thenReturn(authnStatementAssertion);
    when(stringToAssertionTransformer.apply(matchingDatasetUnderlyingAssertionBlob)).thenReturn(matchingDatasetAssertion);
    InboundResponseFromIdpDataGenerator inboundResponseFromIdpDataGenerator = new InboundResponseFromIdpDataGenerator(assertionBlobEncrypter);
    service = new IdpAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, stringToAssertionTransformer, samlResponseToIdaResponseIssuedByIdpTransformer, inboundResponseFromIdpDataGenerator, idpAssertionMetricsCollector);
}
Also used : DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256) SignatureRSASHA1(org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.idp.test.builders.AttributeStatementBuilder.anAttributeStatement) Signature(org.opensaml.xmlsec.signature.Signature) SignatureAlgorithm(org.opensaml.xmlsec.algorithm.SignatureAlgorithm) SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl) InboundResponseFromIdpDataGenerator(uk.gov.ida.saml.hub.transformers.inbound.InboundResponseFromIdpDataGenerator) Subject(org.opensaml.saml.saml2.core.Subject) SubjectBuilder.aSubject(uk.gov.ida.saml.idp.test.builders.SubjectBuilder.aSubject) DigestAlgorithm(org.opensaml.xmlsec.algorithm.DigestAlgorithm) Before(org.junit.Before)

Example 22 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project verify-hub by alphagov.

the class AuthnResponseFactory method aFraudResponseFromIdpBuilder.

public ResponseBuilder aFraudResponseFromIdpBuilder(String idpEntityId, String persistentId) throws Exception {
    TestCredentialFactory idpSigningCredentialFactory = new TestCredentialFactory(publicSigningCerts.get(idpEntityId), privateSigningKeys.get(idpEntityId));
    String requestId = generateId();
    final Subject mdsAssertionSubject = SubjectBuilder.aSubject().withPersistentId(persistentId).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
    final Subject authnAssertionSubject = SubjectBuilder.aSubject().withNameId(buildNameID(persistentId)).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
    final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
    final Credential encryptingCredential = hubEncryptionCredentialFactory.getEncryptingCredential();
    final Credential signingCredential = idpSigningCredentialFactory.getSigningCredential();
    final AssertionBuilder mdsAssertion = AssertionBuilder.anAssertion().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(mdsAssertionSubject).addAttributeStatement(matchingDatasetAttributeStatement);
    final AssertionBuilder authnAssertion = AssertionBuilder.anAssertion().withId(generateId()).addAttributeStatement(anAttributeStatement().addAttribute(IdpFraudEventIdAttributeBuilder.anIdpFraudEventIdAttribute().withValue("a-fraud-event").build()).addAttribute(Gpg45StatusAttributeBuilder.aGpg45StatusAttribute().withValue("IT01").build()).addAttribute(anIPAddress().build()).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(authnAssertionSubject).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().withAuthnContext(AuthnContextBuilder.anAuthnContext().withAuthnContextClassRef(AuthnContextClassRefBuilder.anAuthnContextClassRef().withAuthnContextClasRefValue(IdaAuthnContext.LEVEL_X_AUTHN_CTX).build()).build()).build());
    ResponseBuilder responseBuilder = ResponseBuilder.aResponse().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withInResponseTo(requestId).addEncryptedAssertion(mdsAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential)).addEncryptedAssertion(authnAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential));
    return responseBuilder;
}
Also used : TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory) BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.core.test.builders.AttributeStatementBuilder.anAttributeStatement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AssertionBuilder(uk.gov.ida.saml.core.test.builders.AssertionBuilder) ResponseBuilder(uk.gov.ida.saml.core.test.builders.ResponseBuilder) Subject(org.opensaml.saml.saml2.core.Subject)

Example 23 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cxf by apache.

the class OnBehalfOfValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    Subject subject = saml2Assertion.getSubject();
    NameID nameID = subject.getNameID();
    String subjectName = nameID.getValue();
    if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
        return validatedCredential;
    }
    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) NameID(org.opensaml.saml.saml2.core.NameID) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Subject(org.opensaml.saml.saml2.core.Subject)

Example 24 with AttributeStatement

use of org.opensaml.saml.saml1.core.AttributeStatement in project cxf by apache.

the class SAMLUtils method getSaml1Subject.

private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) {
    for (Statement stmt : assertionW.getSaml1().getStatements()) {
        org.opensaml.saml.saml1.core.Subject samlSubject = null;
        if (stmt instanceof AttributeStatement) {
            AttributeStatement attrStmt = (AttributeStatement) stmt;
            samlSubject = attrStmt.getSubject();
        } else if (stmt instanceof AuthenticationStatement) {
            AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
            samlSubject = authStmt.getSubject();
        } else {
            AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement) stmt;
            samlSubject = authzStmt.getSubject();
        }
        if (samlSubject != null) {
            return samlSubject;
        }
    }
    return null;
}
Also used : Statement(org.opensaml.saml.saml1.core.Statement) AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement) AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)17 Attribute (org.opensaml.saml.saml2.core.Attribute)10 XMLObject (org.opensaml.core.xml.XMLObject)8 Subject (org.opensaml.saml.saml2.core.Subject)5 Map (java.util.Map)4 Assertion (org.opensaml.saml.saml2.core.Assertion)4 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)4 SecurityAssertion (ddf.security.assertion.SecurityAssertion)3 HashMap (java.util.HashMap)3 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)3 Credential (org.apache.wss4j.dom.validate.Credential)3 Credential (org.opensaml.security.credential.Credential)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 XSString (org.opensaml.core.xml.schema.XSString)2 Attribute (org.opensaml.saml2.core.Attribute)2 Signature (org.opensaml.xmlsec.signature.Signature)2 UTF8NameValueMicroformat (com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)1 UTF8NameValueSequence (com.intel.mtwilson.datatypes.UTF8NameValueSequence)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial