Examples with Assertion org.opensaml.saml.saml2.core.Assertion used on opensource projects

Example 16 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project ddf by codice.

the class SubjectUtils method getAttribute.

/**
     * Get any attribute from a subject by key.
     *
     * @param subject
     * @param key
     * @return attribute values or an empty list if not found.
     */
public static List<String> getAttribute(@Nullable Subject subject, String key) {
    Validate.notNull(key);
    if (subject == null) {
        LOGGER.debug("Incoming subject was null, cannot look up {}.", key);
        return Collections.emptyList();
    }
    PrincipalCollection principals = subject.getPrincipals();
    if (principals == null) {
        LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key);
        return Collections.emptyList();
    }
    SecurityAssertion assertion = principals.oneByType(SecurityAssertion.class);
    if (assertion == null) {
        LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key);
        return Collections.emptyList();
    }
    return assertion.getAttributeStatements().stream().flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)).flatMap(a -> a.getAttributeValues().stream()).filter(o -> o instanceof XSString).map(o -> (XSString) o).map(XSString::getValue).collect(Collectors.toList());
}

Example 17 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project ddf by codice.

the class AttributeQueryClaimsHandler method getAttributes.

/**
     * Gets the attributes for the supplied user from the external attribute store.
     * Returns null if the AttributeQueryClient is null.
     *
     * @param nameId used for the request.
     * @return The collection of attributes retrieved from the external attribute store.
     * @throws URISyntaxException
     */
protected ProcessedClaimCollection getAttributes(String nameId) throws URISyntaxException {
    ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
    LOGGER.debug("Sending AttributeQuery Request.");
    AttributeQueryClient attributeQueryClient;
    Assertion assertion;
    try {
        attributeQueryClient = createAttributeQueryClient(simpleSign, externalAttributeStoreUrl, issuer, destination);
        if (attributeQueryClient == null) {
            return null;
        }
        assertion = attributeQueryClient.query(nameId);
        if (assertion != null) {
            createClaims(claimCollection, assertion);
        }
    } catch (AttributeQueryException ex) {
        LOGGER.info("Error occurred in AttributeQueryClient, did not retrieve response. Set log level for \"org.codice.ddf.security.claims.attributequery.common\" to DEBUG for more information.");
        LOGGER.debug("Error occurred in AttributeQueryClient, did not retrieve response.", ex);
    }
    return claimCollection;
}

Example 18 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project ddf by codice.

the class AbstractAuthorizingRealm method doGetAuthorizationInfo.

/**
     * Takes the security attributes about the subject of the incoming security token and builds
     * sets of permissions and roles for use in further checking.
     *
     * @param principalCollection holds the security assertions for the primary principal of this request
     * @return a new collection of permissions and roles corresponding to the security assertions
     * @throws AuthorizationException if there are no security assertions associated with this principal collection or
     *                                if the token cannot be processed successfully.
     */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal());
    SecurityAssertion assertion = principalCollection.oneByType(SecurityAssertion.class);
    if (assertion == null) {
        String msg = "No assertion found, cannot retrieve authorization info.";
        throw new AuthorizationException(msg);
    }
    List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    Set<Permission> permissions = new HashSet<>();
    Set<String> roles = new HashSet<>();
    Map<String, Set<String>> permissionsMap = new HashMap<>();
    Collection<Expansion> expansionServices = getUserExpansionServices();
    for (AttributeStatement curStatement : attributeStatements) {
        addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices);
    }
    for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) {
        permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue()));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ","));
        }
    }
    if (permissionsMap.containsKey(SAML_ROLE)) {
        roles.addAll(permissionsMap.get(SAML_ROLE));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ","));
        }
    }
    info.setObjectPermissions(permissions);
    info.setRoles(roles);
    return info;
}

Example 19 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project verify-hub by alphagov.

the class IdpAssertionMetricsCollectorTest method shouldGetMaxInNotOnOrAfterFromSubjectConfirmations.

@Test
public void shouldGetMaxInNotOnOrAfterFromSubjectConfirmations() {
    DateTimeFreezer.freezeTime();
    MetricRegistry metricRegistry = new MetricRegistry();
    IdpAssertionMetricsCollector idpAssertionMetricsCollector = new IdpAssertionMetricsCollector(metricRegistry);
    DateTime notOnOrAfterSmaller = DateTime.now().plusMinutes(15);
    DateTime notOnOrAfterBigger = DateTime.now().plusMinutes(30);
    Assertion anAssertion = anAssertion().withIssuer(anIssuer().withIssuerId("testIdP").build()).withSubject(aSubject().withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withNotOnOrAfter(notOnOrAfterSmaller).build()).build()).withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withNotOnOrAfter(notOnOrAfterBigger).build()).build()).build()).buildUnencrypted();
    idpAssertionMetricsCollector.update(anAssertion);
    Gauge actual = metricRegistry.getGauges().get("notOnOrAfter.testIdP");
    assertThat(actual.getValue()).isEqualTo(30L);
}

Example 20 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project verify-hub by alphagov.

the class UnknownMethodAlgorithmLoggerTest method shouldReportUnknownDigestAlgorithmInIDPAssertion.

@Test
public void shouldReportUnknownDigestAlgorithmInIDPAssertion() throws Exception {
    Assertion authnStatementAssertion = anAssertion().withId(ID).withIssuer(anIssuer().withIssuerId(ISSUER_IDP).build()).withSignature(signatureWithUnknownDigestAlgorithm.get()).buildUnencrypted();
    UnknownMethodAlgorithmLogger.probeAssertionForMethodAlgorithm(authnStatementAssertion, AUTHN_STATEMENT);
    verifyLog(mockAppender, captorLoggingEvent, 1, String.format(UnknownMethodAlgorithmLogger.DIGEST_ALGORITHM_MESSAGE, IDP, DIGEST_SHA1_ID, AUTHN_STATEMENT + Assertion.DEFAULT_ELEMENT_LOCAL_NAME));
}