Example 51 with Attribute
use of org.opensaml.saml.saml2.core.Attribute in project ddf by codice.
the class SecurityAssertionImpl method getPrincipals.
@Override
public Set<Principal> getPrincipals() {
Set<Principal> principals = new HashSet<>();
Principal primary = getPrincipal();
principals.add(primary);
principals.add(new RolePrincipal(primary.getName()));
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
for (final XMLObject obj : attr.getAttributeValues()) {
principals.add(new RolePrincipal(((XSString) obj).getValue()));
}
}
}
}
return principals;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
HashSet(java.util.HashSet)
Example 52 with Attribute
use of org.opensaml.saml.saml2.core.Attribute in project cas by apereo.
the class SamlProfileSamlNameIdBuilder method encodeNameIdBasedOnNameFormat.
/**
* Encode name id based on name format name id.
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param nameFormat the name format
* @param service the service
* @param adaptor the adaptor
* @return the name id
*/
protected NameID encodeNameIdBasedOnNameFormat(final RequestAbstractType authnRequest, final Object assertion, final String nameFormat, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
try {
if (authnRequest instanceof AttributeQuery) {
final AttributeQuery query = AttributeQuery.class.cast(authnRequest);
final NameID nameID = query.getSubject().getNameID();
nameID.detach();
return nameID;
}
final IdPAttribute attribute = prepareNameIdAttribute(assertion, nameFormat, adaptor);
final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
final NameID nameid = encoder.encode(attribute);
LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
return nameid;
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
Also used :
AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery)
NameID(org.opensaml.saml.saml2.core.NameID)
IdPAttribute(net.shibboleth.idp.attribute.IdPAttribute)
SAML2StringNameIDEncoder(net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder)
SamlException(org.apereo.cas.support.saml.SamlException)
Example 53 with Attribute
use of org.opensaml.saml.saml2.core.Attribute in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newAttribute.
/**
* New attribute.
*
* @param attributeFriendlyName the attribute friendly name
* @param e the entry to process and turn into a saml attribute
* @param configuredNameFormats the configured name formats. If an attribute is found in this
* collection, the linked name format will be used.
* @param defaultNameFormat the default name format
* @return the attribute
*/
protected Attribute newAttribute(final String attributeFriendlyName, final Map.Entry<String, Object> e, final Map<String, String> configuredNameFormats, final String defaultNameFormat) {
final Attribute attribute = newSamlObject(Attribute.class);
attribute.setName(e.getKey());
if (StringUtils.isNotBlank(attributeFriendlyName)) {
attribute.setFriendlyName(attributeFriendlyName);
} else {
attribute.setFriendlyName(e.getKey());
}
addAttributeValuesToSaml2Attribute(e.getKey(), e.getValue(), attribute.getAttributeValues());
if (!configuredNameFormats.isEmpty() && configuredNameFormats.containsKey(attribute.getName())) {
final String nameFormat = configuredNameFormats.get(attribute.getName());
LOGGER.debug("Found name format [{}] for attribute [{}]", nameFormat, attribute.getName());
configureAttributeNameFormat(attribute, nameFormat);
LOGGER.debug("Attribute [{}] is assigned the name format of [{}]", attribute.getName(), attribute.getNameFormat());
} else {
LOGGER.debug("Skipped name format, as no name formats are defined or none is found for attribute [{}]", attribute.getName());
configureAttributeNameFormat(attribute, defaultNameFormat);
}
LOGGER.debug("Attribute [{}] has [{}] value(s)", attribute.getName(), attribute.getAttributeValues().size());
return attribute;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
Example 54 with Attribute
use of org.opensaml.saml.saml2.core.Attribute in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param attributes the attributes
* @param attributeFriendlyNames the attribute friendly names
* @param configuredNameFormats the configured name formats
* @param defaultNameFormat the default name format
* @return the attribute statement
*/
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final Map<String, String> attributeFriendlyNames, final Map<String, String> configuredNameFormats, final String defaultNameFormat) {
final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
for (final Map.Entry<String, Object> e : attributes.entrySet()) {
if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
continue;
}
final String friendlyName = attributeFriendlyNames.getOrDefault(e.getKey(), null);
final Attribute attribute = newAttribute(friendlyName, e, configuredNameFormats, defaultNameFormat);
attrStatement.getAttributes().add(attribute);
}
return attrStatement;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
Map(java.util.Map)
Example 55 with Attribute
use of org.opensaml.saml.saml2.core.Attribute in project verify-hub by alphagov.
the class EidasAttributeStatementAssertionValidator method validateAttributes.
private void validateAttributes(Assertion assertion) {
final List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements.isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsStatementMissing();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attributeStatements.size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsMultipleStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
final List<Attribute> attributes = attributeStatements.get(0).getAttributes();
if (attributes.isEmpty()) {
SamlValidationSpecificationFailure failure = attributeStatementEmpty(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Set<String> attributeNames = attributes.stream().map(Attribute::getName).collect(Collectors.toSet());
if (!attributeNames.containsAll(MANDATORY_ATTRIBUTES.keySet())) {
throw new SamlTransformationErrorException(String.format("Mandatory attributes not provided. Expected %s but got %s", MANDATORY_ATTRIBUTES.values().stream().collect(Collectors.joining(",")), attributes.stream().map(Attribute::getFriendlyName).collect(Collectors.joining(","))), Level.ERROR);
}
for (Attribute attribute : attributes) {
final String attributeName = attribute.getName();
if (!VALID_EIDAS_ATTRIBUTE_NAMES.contains(attributeName)) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsAttributeNotRecognised(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attribute.getAttributeValues().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyAttribute(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_TYPE_FOR_ATTRIBUTE.get(attributeName).equals(attribute.getAttributeValues().get(0).getSchemaType())) {
final QName schemaType = attribute.getAttributeValues().get(0).getSchemaType();
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.attributeWithIncorrectType(attributeName, VALID_TYPE_FOR_ATTRIBUTE.get(attributeName), schemaType);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_ATTRIBUTE_NAME_FORMATS.contains(attribute.getNameFormat())) {
SamlTransformationErrorManager.warn(invalidAttributeNameFormat(attribute.getNameFormat()));
}
}
}
Also used :
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
QName(javax.xml.namespace.QName)
Aggregations
Attribute (org.opensaml.saml.saml2.core.Attribute)63
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)44
Test (org.junit.jupiter.api.Test)27
Assertion (org.opensaml.saml.saml2.core.Assertion)23
List (java.util.List)18
XMLObject (org.opensaml.core.xml.XMLObject)18
lombok.val (lombok.val)15
AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)13
Map (java.util.Map)12
EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)12
ArrayList (java.util.ArrayList)11
HashMap (java.util.HashMap)11
XSString (org.opensaml.core.xml.schema.XSString)11
NameID (org.opensaml.saml.saml2.core.NameID)10
Slf4j (lombok.extern.slf4j.Slf4j)9
SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9
Element (org.w3c.dom.Element)8
SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8
Issuer (org.opensaml.saml.saml2.core.Issuer)7
AttributeStatementLogData (uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData)7
