Examples with Conditions org.opensaml.saml.saml1.core.Conditions used on opensource projects

Search in sources :

Example 11 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cas by apereo.

the class WsFederationHelper method createCredentialFromToken.

/**
 * createCredentialFromToken converts a SAML 1.1 assertion to a WSFederationCredential.
 *
 * @param assertion the provided assertion
 * @return an equivalent credential.
 */
public WsFederationCredential createCredentialFromToken(final Assertion assertion) {
    val retrievedOn = ZonedDateTime.now(clock);
    LOGGER.trace("Retrieved on [{}]", retrievedOn);
    val credential = new WsFederationCredential();
    credential.setRetrievedOn(retrievedOn);
    credential.setId(assertion.getID());
    credential.setIssuer(assertion.getIssuer());
    credential.setIssuedOn(DateTimeUtils.zonedDateTimeOf(assertion.getIssueInstant()));
    val conditions = assertion.getConditions();
    if (conditions != null) {
        credential.setNotBefore(DateTimeUtils.zonedDateTimeOf(conditions.getNotBefore()));
        credential.setNotOnOrAfter(DateTimeUtils.zonedDateTimeOf(conditions.getNotOnOrAfter()));
        if (!conditions.getAudienceRestrictionConditions().isEmpty()) {
            credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getURI());
        }
    }
    if (!assertion.getAuthenticationStatements().isEmpty()) {
        credential.setAuthenticationMethod(assertion.getAuthenticationStatements().get(0).getAuthenticationMethod());
    }
    val attributes = new HashMap<String, List<Object>>();
    assertion.getAttributeStatements().stream().flatMap(attributeStatement -> attributeStatement.getAttributes().stream()).forEach(item -> {
        LOGGER.trace("Processed attribute: [{}]", item.getAttributeName());
        final List<Object> itemList = item.getAttributeValues().stream().map(xmlObject -> ((XSAny) xmlObject).getTextContent()).collect(Collectors.toList());
        if (!itemList.isEmpty()) {
            attributes.put(item.getAttributeName(), itemList);
        }
    });
    credential.setAttributes(attributes);
    LOGGER.debug("WsFederation Credential retrieved as: [{}]", credential);
    return credential;
}
Also used : lombok.val(lombok.val) WsFederationCertificateProvider(org.apereo.cas.support.wsfederation.authentication.crypto.WsFederationCertificateProvider) XSAny(org.opensaml.core.xml.schema.XSAny) ChainingEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) SneakyThrows(lombok.SneakyThrows) Assertion(org.opensaml.saml.saml1.core.Assertion) ZonedDateTime(java.time.ZonedDateTime) RequiredArgsConstructor(lombok.RequiredArgsConstructor) StaticCredentialResolver(org.opensaml.security.credential.impl.StaticCredentialResolver) Security(java.security.Security) StringUtils(org.apache.commons.lang3.StringUtils) SamlUtils(org.apereo.cas.support.saml.SamlUtils) LoggingUtils(org.apereo.cas.util.LoggingUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) Pair(org.apache.commons.lang3.tuple.Pair) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) ByteArrayInputStream(java.io.ByteArrayInputStream) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential) Unchecked(org.jooq.lambda.Unchecked) UsageType(org.opensaml.security.credential.UsageType) DateTimeUtils(org.apereo.cas.util.DateTimeUtils) PEMParser(org.bouncycastle.openssl.PEMParser) Collection(java.util.Collection) ProtocolCriterion(org.opensaml.saml.criterion.ProtocolCriterion) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) RequestedSecurityToken(org.opensaml.soap.wsfed.RequestedSecurityToken) EncryptedData(org.opensaml.xmlsec.encryption.EncryptedData) EncryptedElementTypeEncryptedKeyResolver(org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver) EncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver) Setter(lombok.Setter) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) RegisteredServiceProperty(org.apereo.cas.services.RegisteredServiceProperty) RegisteredServiceAccessStrategyUtils(org.apereo.cas.services.RegisteredServiceAccessStrategyUtils) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) X509CertParser(org.bouncycastle.jce.provider.X509CertParser) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) Predicates(com.google.common.base.Predicates) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) XMLObject(org.opensaml.core.xml.XMLObject) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) SignatureTrustEngine(org.opensaml.xmlsec.signature.support.SignatureTrustEngine) ServicesManager(org.apereo.cas.services.ServicesManager) InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver) RequestSecurityTokenResponse(org.opensaml.soap.wsfed.RequestSecurityTokenResponse) Credential(org.opensaml.security.credential.Credential) lombok.val(lombok.val) InputStreamReader(java.io.InputStreamReader) RegexUtils(org.apereo.cas.util.RegexUtils) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Service(org.apereo.cas.authentication.principal.Service) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) Clock(java.time.Clock) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) BufferedReader(java.io.BufferedReader) SimpleRetrievalMethodEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver) HashMap(java.util.HashMap) XMLObject(org.opensaml.core.xml.XMLObject) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential) XSAny(org.opensaml.core.xml.schema.XSAny)

Example 12 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project cxf by apache.

the class SamlOAuthValidator method validate.

public void validate(Message message, SamlAssertionWrapper wrapper) {
    validateSAMLVersion(wrapper);
    Conditions cs = wrapper.getSaml2().getConditions();
    validateAudience(message, cs);
    if (issuer != null) {
        String actualIssuer = getIssuer(wrapper);
        String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer;
        if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) {
            throw ExceptionUtils.toNotAuthorizedException(null, null);
        }
    }
    if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) {
        throw ExceptionUtils.toNotAuthorizedException(null, null);
    }
}
Also used : Conditions(org.opensaml.saml.saml2.core.Conditions)

Example 13 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project verify-hub by alphagov.

the class IdaAuthnRequestFromHubToAuthnRequestTransformer method supplementAuthnRequestWithDetails.

protected void supplementAuthnRequestWithDetails(IdaAuthnRequestFromHub originalRequestFromHub, AuthnRequest authnRequest) {
    Conditions conditions = getSamlObjectFactory().createConditions();
    conditions.setNotOnOrAfter(originalRequestFromHub.getSessionExpiryTimestamp());
    authnRequest.setConditions(conditions);
    Scoping scoping = getSamlObjectFactory().createScoping();
    scoping.setProxyCount(0);
    authnRequest.setScoping(scoping);
    AuthnContextComparisonTypeEnumeration comparisonType = originalRequestFromHub.getComparisonType();
    RequestedAuthnContext requestedAuthnContext = getSamlObjectFactory().createRequestedAuthnContext(comparisonType);
    originalRequestFromHub.getLevelsOfAssurance().stream().map(AuthnContext::getUri).map(uri -> getSamlObjectFactory().createAuthnContextClassReference(uri)).forEach(ref -> requestedAuthnContext.getAuthnContextClassRefs().add(ref));
    NameIDPolicy nameIdPolicy = getSamlObjectFactory().createNameIdPolicy();
    nameIdPolicy.setFormat(NameIDType.PERSISTENT);
    nameIdPolicy.setSPNameQualifier(HubConstants.SP_NAME_QUALIFIER);
    nameIdPolicy.setAllowCreate(true);
    authnRequest.setNameIDPolicy(nameIdPolicy);
    authnRequest.setRequestedAuthnContext(requestedAuthnContext);
    if (originalRequestFromHub.getForceAuthentication().isPresent()) {
        authnRequest.setForceAuthn(originalRequestFromHub.getForceAuthentication().get());
    }
}
Also used : AuthnContextComparisonTypeEnumeration(org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration) IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) HubConstants(uk.gov.ida.saml.hub.HubConstants) Inject(com.google.inject.Inject) NameIDType(org.opensaml.saml.saml2.core.NameIDType) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) Scoping(org.opensaml.saml.saml2.core.Scoping) Conditions(org.opensaml.saml.saml2.core.Conditions) OpenSamlXmlObjectFactory(uk.gov.ida.saml.core.OpenSamlXmlObjectFactory) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) Scoping(org.opensaml.saml.saml2.core.Scoping) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) AuthnContextComparisonTypeEnumeration(org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration) Conditions(org.opensaml.saml.saml2.core.Conditions) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 14 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method assertion.

private Assertion assertion() {
    Assertion assertion = TestOpenSamlObjects.assertion();
    assertion.setIssueInstant(DateTime.now());
    for (SubjectConfirmation confirmation : assertion.getSubject().getSubjectConfirmations()) {
        SubjectConfirmationData data = confirmation.getSubjectConfirmationData();
        data.setNotBefore(DateTime.now().minus(Duration.millis(5 * 60 * 1000)));
        data.setNotOnOrAfter(DateTime.now().plus(Duration.millis(5 * 60 * 1000)));
    }
    Conditions conditions = assertion.getConditions();
    conditions.setNotBefore(DateTime.now().minus(Duration.millis(5 * 60 * 1000)));
    conditions.setNotOnOrAfter(DateTime.now().plus(Duration.millis(5 * 60 * 1000)));
    return assertion;
}
Also used : SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData) Conditions(org.opensaml.saml.saml2.core.Conditions)

Example 15 with Conditions

use of org.opensaml.saml.saml1.core.Conditions in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method assertion.

private Assertion assertion() {
    Assertion assertion = TestOpenSamlObjects.assertion();
    assertion.setIssueInstant(Instant.now());
    for (SubjectConfirmation confirmation : assertion.getSubject().getSubjectConfirmations()) {
        SubjectConfirmationData data = confirmation.getSubjectConfirmationData();
        data.setNotBefore(Instant.now().minus(Duration.ofMillis(5 * 60 * 1000)));
        data.setNotOnOrAfter(Instant.now().plus(Duration.ofMillis(5 * 60 * 1000)));
    }
    Conditions conditions = assertion.getConditions();
    conditions.setNotBefore(Instant.now().minus(Duration.ofMillis(5 * 60 * 1000)));
    conditions.setNotOnOrAfter(Instant.now().plus(Duration.ofMillis(5 * 60 * 1000)));
    return assertion;
}
Also used : SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData) Conditions(org.opensaml.saml.saml2.core.Conditions)

Aggregations

Conditions (org.opensaml.saml.saml2.core.Conditions)16 DateTime (org.joda.time.DateTime)8 Assertion (org.opensaml.saml.saml2.core.Assertion)8 Subject (org.opensaml.saml.saml2.core.Subject)7 ArrayList (java.util.ArrayList)5 Attribute (org.opensaml.saml.saml2.core.Attribute)5 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)5 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)5 SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)5 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)4 Issuer (org.opensaml.saml.saml2.core.Issuer)4 NameID (org.opensaml.saml.saml2.core.NameID)4 ZonedDateTime (java.time.ZonedDateTime)3 XMLObject (org.opensaml.core.xml.XMLObject)3 AudienceRestriction (org.opensaml.saml.saml2.core.AudienceRestriction)3 AuthnContext (org.opensaml.saml.saml2.core.AuthnContext)3 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)3 SubjectConfirmationData (org.opensaml.saml.saml2.core.SubjectConfirmationData)3 AssertionBuilder (org.opensaml.saml.saml2.core.impl.AssertionBuilder)3 AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial