use of org.opensaml.saml.saml1.core.Subject in project OpenAttestation by OpenAttestation.
the class SamlGenerator method createSubject.
private Subject createSubject(TxtHost host) throws ConfigurationException, UnknownHostException {
// Create the Subject
SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
Subject subject = (Subject) subjectBuilder.buildObject();
subject.setNameID(createNameID(host));
subject.getSubjectConfirmations().add(createSubjectConfirmation(host));
return subject;
}
use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.
the class GoogleAccountsServiceResponseBuilder method constructSamlResponse.
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
*
* @param service the service
* @return the SAML response
*/
protected String constructSamlResponse(final GoogleAccountsService service) {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService registeredService = servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}
final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service);
final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, service.getId(), service);
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix, notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant, currentDateTime.plusSeconds(this.skewAllowance), service.getId());
assertion.setConditions(conditions);
final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId, service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final StringWriter writer = new StringWriter();
this.samlObjectBuilder.marshalSamlXmlObject(response, writer);
final String result = writer.toString();
LOGGER.debug("Generated Google SAML response: [{}]", result);
return result;
}
use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newSubject.
/**
* New subject element.
*
* @param nameIdFormat the name id format
* @param nameIdValue the name id value
* @param recipient the recipient
* @param notOnOrAfter the not on or after
* @param inResponseTo the in response to
* @return the subject
*/
public Subject newSubject(final String nameIdFormat, final String nameIdValue, final String recipient, final ZonedDateTime notOnOrAfter, final String inResponseTo) {
final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class);
confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
final SubjectConfirmationData data = newSamlObject(SubjectConfirmationData.class);
data.setRecipient(recipient);
data.setNotOnOrAfter(DateTimeUtils.dateTimeOf(notOnOrAfter));
data.setInResponseTo(inResponseTo);
confirmation.setSubjectConfirmationData(data);
final Subject subject = newSamlObject(Subject.class);
subject.setNameID(getNameID(nameIdFormat, nameIdValue));
subject.getSubjectConfirmations().add(confirmation);
return subject;
}
use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.
the class Saml10ObjectBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param subject the subject
* @param attributes the attributes
* @param attributeNamespace the attribute namespace
* @return the attribute statement
*/
public AttributeStatement newAttributeStatement(final Subject subject, final Map<String, Object> attributes, final String attributeNamespace) {
final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
attrStatement.setSubject(subject);
for (final Map.Entry<String, Object> e : attributes.entrySet()) {
if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
continue;
}
final Attribute attribute = newSamlObject(Attribute.class);
attribute.setAttributeName(e.getKey());
if (StringUtils.isNotBlank(attributeNamespace)) {
attribute.setAttributeNamespace(attributeNamespace);
}
addAttributeValuesToSaml1Attribute(e.getKey(), e.getValue(), attribute.getAttributeValues());
attrStatement.getAttributes().add(attribute);
}
return attrStatement;
}
use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.
the class Saml10ObjectBuilder method newAuthenticationStatement.
/**
* New authentication statement.
*
* @param authenticationDate the authentication date
* @param authenticationMethod the authentication method
* @param subjectId the subject id
* @return the authentication statement
*/
public AuthenticationStatement newAuthenticationStatement(final ZonedDateTime authenticationDate, final Collection<Object> authenticationMethod, final String subjectId) {
final AuthenticationStatement authnStatement = newSamlObject(AuthenticationStatement.class);
authnStatement.setAuthenticationInstant(DateTimeUtils.dateTimeOf(authenticationDate));
authnStatement.setAuthenticationMethod(authenticationMethod != null && !authenticationMethod.isEmpty() ? authenticationMethod.iterator().next().toString() : SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_UNSPECIFIED);
authnStatement.setSubject(newSubject(subjectId));
return authnStatement;
}
Aggregations