Search in sources :

Example 1 with Subject

use of org.opensaml.saml.saml1.core.Subject in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createSubject.

private Subject createSubject(TxtHost host) throws ConfigurationException, UnknownHostException {
    // Create the Subject
    SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
    Subject subject = (Subject) subjectBuilder.buildObject();
    subject.setNameID(createNameID(host));
    subject.getSubjectConfirmations().add(createSubjectConfirmation(host));
    return subject;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Subject(org.opensaml.saml2.core.Subject)

Example 2 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class GoogleAccountsServiceResponseBuilder method constructSamlResponse.

/**
     * Construct SAML response.
     * <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
     *
     * @param service the service
     * @return the SAML response
     */
protected String constructSamlResponse(final GoogleAccountsService service) {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
    final RegisteredService registeredService = servicesManager.findServiceBy(service);
    if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
    final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service);
    final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, service.getId(), service);
    response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
    final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
    final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix, notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
    final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant, currentDateTime.plusSeconds(this.skewAllowance), service.getId());
    assertion.setConditions(conditions);
    final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId, service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
    assertion.setSubject(subject);
    response.getAssertions().add(assertion);
    final StringWriter writer = new StringWriter();
    this.samlObjectBuilder.marshalSamlXmlObject(response, writer);
    final String result = writer.toString();
    LOGGER.debug("Generated Google SAML response: [{}]", result);
    return result;
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Assertion(org.opensaml.saml.saml2.core.Assertion) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) SecureRandom(java.security.SecureRandom) Conditions(org.opensaml.saml.saml2.core.Conditions) Subject(org.opensaml.saml.saml2.core.Subject) StringWriter(java.io.StringWriter) ZonedDateTime(java.time.ZonedDateTime) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)

Example 3 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newSubject.

/**
     * New subject element.
     *
     * @param nameIdFormat the name id format
     * @param nameIdValue  the name id value
     * @param recipient    the recipient
     * @param notOnOrAfter the not on or after
     * @param inResponseTo the in response to
     * @return the subject
     */
public Subject newSubject(final String nameIdFormat, final String nameIdValue, final String recipient, final ZonedDateTime notOnOrAfter, final String inResponseTo) {
    final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class);
    confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
    final SubjectConfirmationData data = newSamlObject(SubjectConfirmationData.class);
    data.setRecipient(recipient);
    data.setNotOnOrAfter(DateTimeUtils.dateTimeOf(notOnOrAfter));
    data.setInResponseTo(inResponseTo);
    confirmation.setSubjectConfirmationData(data);
    final Subject subject = newSamlObject(Subject.class);
    subject.setNameID(getNameID(nameIdFormat, nameIdValue));
    subject.getSubjectConfirmations().add(confirmation);
    return subject;
}
Also used : SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData) Subject(org.opensaml.saml.saml2.core.Subject)

Example 4 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class Saml10ObjectBuilder method newAttributeStatement.

/**
     * New attribute statement.
     *
     * @param subject the subject
     * @param attributes the attributes
     * @param attributeNamespace the attribute namespace
     * @return the attribute statement
     */
public AttributeStatement newAttributeStatement(final Subject subject, final Map<String, Object> attributes, final String attributeNamespace) {
    final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
    attrStatement.setSubject(subject);
    for (final Map.Entry<String, Object> e : attributes.entrySet()) {
        if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
            continue;
        }
        final Attribute attribute = newSamlObject(Attribute.class);
        attribute.setAttributeName(e.getKey());
        if (StringUtils.isNotBlank(attributeNamespace)) {
            attribute.setAttributeNamespace(attributeNamespace);
        }
        addAttributeValuesToSaml1Attribute(e.getKey(), e.getValue(), attribute.getAttributeValues());
        attrStatement.getAttributes().add(attribute);
    }
    return attrStatement;
}
Also used : Attribute(org.opensaml.saml.saml1.core.Attribute) AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) SAMLObject(org.opensaml.saml.common.SAMLObject) Map(java.util.Map)

Example 5 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class Saml10ObjectBuilder method newAuthenticationStatement.

/**
     * New authentication statement.
     *
     * @param authenticationDate the authentication date
     * @param authenticationMethod the authentication method
     * @param subjectId the subject id
     * @return the authentication statement
     */
public AuthenticationStatement newAuthenticationStatement(final ZonedDateTime authenticationDate, final Collection<Object> authenticationMethod, final String subjectId) {
    final AuthenticationStatement authnStatement = newSamlObject(AuthenticationStatement.class);
    authnStatement.setAuthenticationInstant(DateTimeUtils.dateTimeOf(authenticationDate));
    authnStatement.setAuthenticationMethod(authenticationMethod != null && !authenticationMethod.isEmpty() ? authenticationMethod.iterator().next().toString() : SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_UNSPECIFIED);
    authnStatement.setSubject(newSubject(subjectId));
    return authnStatement;
}
Also used : AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)

Aggregations

Subject (org.opensaml.saml.saml2.core.Subject)4 ZonedDateTime (java.time.ZonedDateTime)3 RegisteredService (org.apereo.cas.services.RegisteredService)2 AuthenticationStatement (org.opensaml.saml.saml1.core.AuthenticationStatement)2 Subject (org.opensaml.saml.saml1.core.Subject)2 Subject (org.opensaml.saml2.core.Subject)2 StringWriter (java.io.StringWriter)1 SecureRandom (java.security.SecureRandom)1 Map (java.util.Map)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Authentication (org.apereo.cas.authentication.Authentication)1 Principal (org.apereo.cas.authentication.principal.Principal)1 Service (org.apereo.cas.authentication.principal.Service)1 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1 DateTime (org.joda.time.DateTime)1 SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)1 XMLObject (org.opensaml.core.xml.XMLObject)1 SAMLObject (org.opensaml.saml.common.SAMLObject)1 Assertion (org.opensaml.saml.saml1.core.Assertion)1 Attribute (org.opensaml.saml.saml1.core.Attribute)1