Examples with Attribute org.opensaml.saml.saml2.core.Attribute used on opensource projects

Example 21 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project ddf by codice.

the class AttributeQueryClaimsHandler method createClaims.

/**
 * Creates claims from the extracted attributes.
 *
 * @param claimsCollection The collection of claims.
 * @param assertion Assertion from the response.
 * @return The collection of claims.
 * @throws URISyntaxException
 */
protected ClaimsCollection createClaims(ClaimsCollection claimsCollection, Assertion assertion) {
    // Should only contain one Attribute Statement.
    AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
    List<Attribute> attributeList = attributeStatement.getAttributes();
    // and create the claim, otherwise, create the claim using its original attribute value.
    for (Attribute attribute : attributeList) {
        for (String claimType : supportedClaims) {
            if (claimType.equalsIgnoreCase(attribute.getName())) {
                String claimValue = attribute.getDOM().getTextContent();
                claimsCollection.add(createSingleValuedClaim(claimType, attributeMap.getOrDefault(claimValue, claimValue)));
                break;
            }
        }
    }
    return claimsCollection;
}

Example 22 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project ddf by codice.

the class AttributeQueryClaimsHandler method getAttributes.

/**
 * Gets the attributes for the supplied user from the external attribute store. Returns null if
 * the AttributeQueryClient is null.
 *
 * @param nameId used for the request.
 * @return The collection of attributes retrieved from the external attribute store.
 * @throws URISyntaxException
 */
protected ClaimsCollection getAttributes(String nameId) throws URISyntaxException {
    ClaimsCollection claimCollection = new ClaimsCollectionImpl();
    LOGGER.debug("Sending AttributeQuery Request.");
    AttributeQueryClient attributeQueryClient;
    Assertion assertion;
    try {
        attributeQueryClient = createAttributeQueryClient(simpleSign, externalAttributeStoreUrl, issuer, destination);
        if (attributeQueryClient == null) {
            return null;
        }
        assertion = attributeQueryClient.query(nameId);
        if (assertion != null) {
            createClaims(claimCollection, assertion);
        }
    } catch (AttributeQueryException ex) {
        LOGGER.info("Error occurred in AttributeQueryClient, did not retrieve response. Set log level for \"org.codice.ddf.security.claims.attributequery.common\" to DEBUG for more information.");
        LOGGER.debug("Error occurred in AttributeQueryClient, did not retrieve response.", ex);
    }
    return claimCollection;
}

Example 23 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project ddf by codice.

the class SamlAssertionValidatorImplTest method createHolderOfKeyAssertion.

private Assertion createHolderOfKeyAssertion() throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(ISSUER);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    X509SubjectName x509SubjectName = new X509SubjectNameBuilder().buildObject();
    x509SubjectName.setValue("EMAILADDRESS=localhost@example.org, CN=localhost, OU=Dev, O=DDF, ST=AZ, C=US");
    org.opensaml.xmlsec.signature.X509Certificate x509Certificate = new X509CertificateBuilder().buildObject();
    byte[] certBytes = certificate.getEncoded();
    String certString = new String(Base64.encode(certBytes));
    x509Certificate.setValue(certString);
    X509Data x509Data = new X509DataBuilder().buildObject();
    x509Data.getX509SubjectNames().add(x509SubjectName);
    x509Data.getX509Certificates().add(x509Certificate);
    KeyInfo keyInfo = new KeyInfoBuilder().buildObject();
    keyInfo.getX509Datas().add(x509Data);
    KeyInfoConfirmationDataType keyInfoConfirmationDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
    keyInfoConfirmationDataType.getKeyInfos().add(keyInfo);
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
    subjectConfirmation.setSubjectConfirmationData(keyInfoConfirmationDataType);
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(new DateTime().plusDays(3));
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    Signature signature = OpenSAMLUtil.buildSignature();
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signature.setSignatureAlgorithm(WSS4JConstants.RSA);
    BasicX509Credential signingCredential;
    signingCredential = new BasicX509Credential(certificate);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    KeyInfo signatureKeyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
    signature.setKeyInfo(signatureKeyInfo);
    assertion.setSignature(signature);
    return assertion;
}

Example 24 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project verify-hub by alphagov.

the class HubAssertionMarshallerTest method transform_shouldTransformCycle3DataAssertion.

@Test
public void transform_shouldTransformCycle3DataAssertion() {
    String attributeName = "someName";
    String value = "some value";
    HubAssertion assertion = aHubAssertion().withCycle3Data(aCycle3Dataset().addCycle3Data(attributeName, value).build()).build();
    Attribute expectedAttribute = aSimpleStringAttribute().build();
    when(attributeFactory.createCycle3DataAttribute(attributeName, value)).thenReturn(expectedAttribute);
    Assertion transformedAssertion = marshaller.toSaml(assertion);
    List<AttributeStatement> attributeStatements = transformedAssertion.getAttributeStatements();
    assertThat(attributeStatements.size()).isGreaterThan(0);
    Attribute attribute = attributeStatements.get(0).getAttributes().get(0);
    assertThat(attribute).isEqualTo(expectedAttribute);
}

Example 25 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project verify-hub by alphagov.

the class MatchingDatasetAssertionValidatorTest method validate_shouldThrowExceptionWhenNameIsNotRecognised.

@Test
public void validate_shouldThrowExceptionWhenNameIsNotRecognised() {
    Attribute attribute = aSimpleStringAttribute().withName("dummy attribute").build();
    AttributeStatement attributeStatement = anEmptyMatchingDatasetAttributeStatement_1_1().addCustomAttribute(attribute).build();
    Assertion assertion = anAssertion().addAttributeStatement(attributeStatement).buildUnencrypted();
    validateFail(() -> validator.validate(assertion, RESPONSE_ISSUER_ID), mdsAttributeNotRecognised("dummy attribute"));
}