Search in sources :

Example 6 with Subject

use of org.opensaml.saml.saml1.core.Subject in project ddf by codice.

the class SamlProtocol method createSubject.

public static Subject createSubject(NameID nameId) {
    Subject subject = subjectBuilder.buildObject();
    subject.setNameID(nameId);
    return subject;
}
Also used : Subject(org.opensaml.saml.saml2.core.Subject)

Example 7 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class Saml10ObjectBuilder method newSubject.

/**
     * New subject element with given confirmation method.
     *
     * @param identifier the identifier
     * @param confirmationMethod the confirmation method
     * @return the subject
     */
public Subject newSubject(final String identifier, final String confirmationMethod) {
    final SubjectConfirmation confirmation = newSamlObject(SubjectConfirmation.class);
    final ConfirmationMethod method = newSamlObject(ConfirmationMethod.class);
    method.setConfirmationMethod(confirmationMethod);
    confirmation.getConfirmationMethods().add(method);
    final NameIdentifier nameIdentifier = newSamlObject(NameIdentifier.class);
    nameIdentifier.setNameIdentifier(identifier);
    final Subject subject = newSamlObject(Subject.class);
    subject.setNameIdentifier(nameIdentifier);
    subject.setSubjectConfirmation(confirmation);
    return subject;
}
Also used : SubjectConfirmation(org.opensaml.saml.saml1.core.SubjectConfirmation) NameIdentifier(org.opensaml.saml.saml1.core.NameIdentifier) ConfirmationMethod(org.opensaml.saml.saml1.core.ConfirmationMethod) Subject(org.opensaml.saml.saml1.core.Subject)

Example 8 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class Saml10SuccessResponseView method prepareResponse.

@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
    final ZonedDateTime issuedAt = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
    final Service service = getAssertionFrom(model).getService();
    LOGGER.debug("Preparing SAML response for service [{}]", service);
    final Authentication authentication = getPrimaryAuthenticationFrom(model);
    final Collection<Object> authnMethods = CollectionUtils.toCollection(authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
    LOGGER.debug("Authentication methods found are [{}]", authnMethods);
    final Principal principal = getPrincipal(model);
    final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement(authentication.getAuthenticationDate(), authnMethods, principal.getId());
    LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, authentication.getAuthenticationDate());
    final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId());
    LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, issuedAt);
    final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.skewAllowance);
    assertion.setConditions(conditions);
    LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
    final Subject subject = this.samlObjectBuilder.newSubject(principal.getId());
    LOGGER.debug("Built subject for principal [{}]", principal);
    final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service);
    LOGGER.debug("Authentication statement shall include these attributes [{}]", attributesToSend);
    if (!attributesToSend.isEmpty()) {
        assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(subject, attributesToSend, this.defaultAttributeNamespace));
    }
    response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
    LOGGER.debug("Set response status code to [{}]", response.getStatus());
    response.getAssertions().add(assertion);
}
Also used : ZonedDateTime(java.time.ZonedDateTime) Authentication(org.apereo.cas.authentication.Authentication) Assertion(org.opensaml.saml.saml1.core.Assertion) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) Principal(org.apereo.cas.authentication.principal.Principal) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement) Conditions(org.opensaml.saml.saml1.core.Conditions) Subject(org.opensaml.saml.saml1.core.Subject)

Example 9 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cas by apereo.

the class SamlProfileSamlSubjectBuilder method buildSubject.

private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response, assertion, service, adaptor);
    final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
    final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(), authnRequest.getAssertionConsumerServiceURL(), validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
    subject.setNameID(nameID);
    return subject;
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID) ZonedDateTime(java.time.ZonedDateTime) Subject(org.opensaml.saml.saml2.core.Subject)

Example 10 with Subject

use of org.opensaml.saml.saml1.core.Subject in project cloudstack by apache.

the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.

private Response buildMockResponse() throws Exception {
    Response samlMessage = new ResponseBuilder().buildObject();
    samlMessage.setID("foo");
    samlMessage.setVersion(SAMLVersion.VERSION_20);
    samlMessage.setIssueInstant(new DateTime(0));
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue("MockedIssuer");
    samlMessage.setIssuer(issuer);
    Status status = new StatusBuilder().buildObject();
    StatusCode statusCode = new StatusCodeBuilder().buildObject();
    statusCode.setValue(StatusCode.SUCCESS_URI);
    status.setStatusCode(statusCode);
    samlMessage.setStatus(status);
    Assertion assertion = new AssertionBuilder().buildObject();
    Subject subject = new SubjectBuilder().buildObject();
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setValue("SOME-UNIQUE-ID");
    nameID.setFormat(NameIDType.PERSISTENT);
    subject.setNameID(nameID);
    assertion.setSubject(subject);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setSessionIndex("Some Session String");
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    samlMessage.getAssertions().add(assertion);
    return samlMessage;
}
Also used : Status(org.opensaml.saml2.core.Status) AttributeStatementBuilder(org.opensaml.saml2.core.impl.AttributeStatementBuilder) StatusCodeBuilder(org.opensaml.saml2.core.impl.StatusCodeBuilder) Issuer(org.opensaml.saml2.core.Issuer) NameID(org.opensaml.saml2.core.NameID) Assertion(org.opensaml.saml2.core.Assertion) AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder) AuthnStatementBuilder(org.opensaml.saml2.core.impl.AuthnStatementBuilder) StatusCode(org.opensaml.saml2.core.StatusCode) DateTime(org.joda.time.DateTime) Subject(org.opensaml.saml2.core.Subject) Response(org.opensaml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) AuthnStatement(org.opensaml.saml2.core.AuthnStatement) StatusBuilder(org.opensaml.saml2.core.impl.StatusBuilder) IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder) ResponseBuilder(org.opensaml.saml2.core.impl.ResponseBuilder) SubjectBuilder(org.opensaml.saml2.core.impl.SubjectBuilder)

Aggregations

Subject (org.opensaml.saml.saml2.core.Subject)4 ZonedDateTime (java.time.ZonedDateTime)3 RegisteredService (org.apereo.cas.services.RegisteredService)2 AuthenticationStatement (org.opensaml.saml.saml1.core.AuthenticationStatement)2 Subject (org.opensaml.saml.saml1.core.Subject)2 Subject (org.opensaml.saml2.core.Subject)2 StringWriter (java.io.StringWriter)1 SecureRandom (java.security.SecureRandom)1 Map (java.util.Map)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Authentication (org.apereo.cas.authentication.Authentication)1 Principal (org.apereo.cas.authentication.principal.Principal)1 Service (org.apereo.cas.authentication.principal.Service)1 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1 DateTime (org.joda.time.DateTime)1 SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)1 XMLObject (org.opensaml.core.xml.XMLObject)1 SAMLObject (org.opensaml.saml.common.SAMLObject)1 Assertion (org.opensaml.saml.saml1.core.Assertion)1 Attribute (org.opensaml.saml.saml1.core.Attribute)1