Examples with Attribute org.opensaml.saml.saml2.core.Attribute used on opensource projects

Example 41 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project cxf by apache.

the class SAMLUtils method getClaims.

/**
 * Extract Claims from a SAML Assertion
 */
public static ClaimCollection getClaims(SamlAssertionWrapper assertion) {
    ClaimCollection claims = new ClaimCollection();
    if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements();
        for (AttributeStatement as : statements) {
            for (Attribute atr : as.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                claim.setClaimType(atr.getName());
                claim.setName(atr.getName());
                claim.setNameFormat(atr.getNameFormat());
                claim.setFriendlyName(atr.getFriendlyName());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    } else {
        List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getSaml1().getAttributeStatements();
        for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
            for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                String claimType = atr.getAttributeName();
                if (atr.getAttributeNamespace() != null) {
                    claimType = atr.getAttributeNamespace() + "/" + claimType;
                }
                claim.setClaimType(claimType);
                claim.setName(atr.getAttributeName());
                claim.setNameFormat(atr.getAttributeNamespace());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    }
    return claims;
}

Example 42 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project cxf by apache.

the class ActAsValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    // The technical user should be in the Subject
    Subject subject = saml2Assertion.getSubject();
    if (subject == null || subject.getNameID() == null || !subject.getNameID().getValue().contains("www.client.com")) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    for (AttributeStatement statement : attributeStatements) {
        List<Attribute> attributes = statement.getAttributes();
        for (Attribute attribute : attributes) {
            if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) {
                continue;
            }
            for (XMLObject attributeValue : attribute.getAttributeValues()) {
                Element attributeValueElement = attributeValue.getDOM();
                String text = attributeValueElement.getTextContent();
                if (text.contains("alice") || text.contains("bob")) {
                    return validatedCredential;
                }
            }
        }
    }
    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}

Example 43 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAttribute.

/**
     * New attribute.
     *
     * @param setFriendlyName       the set friendly name
     * @param e                     the entry to process and turn into a saml attribute
     * @param configuredNameFormats the configured name formats. If an attribute is found in this collection, the linked name format
     *                              will be used.
     * @return the attribute
     */
protected Attribute newAttribute(final boolean setFriendlyName, final Map.Entry<String, Object> e, final Map<String, String> configuredNameFormats) {
    final Attribute attribute = newSamlObject(Attribute.class);
    attribute.setName(e.getKey());
    if (setFriendlyName) {
        attribute.setFriendlyName(e.getKey());
    }
    addAttributeValuesToSaml2Attribute(e.getKey(), e.getValue(), attribute.getAttributeValues());
    if (!configuredNameFormats.isEmpty() && configuredNameFormats.containsKey(attribute.getName())) {
        final String nameFormat = configuredNameFormats.get(attribute.getName());
        LOGGER.debug("Found name format [{}] for attribute [{}]", nameFormat, attribute.getName());
        switch(nameFormat.trim().toLowerCase()) {
            case "basic":
                attribute.setNameFormat(Attribute.BASIC);
                break;
            case "uri":
                attribute.setNameFormat(Attribute.URI_REFERENCE);
                break;
            case "unspecified":
                attribute.setNameFormat(Attribute.UNSPECIFIED);
                break;
            default:
                attribute.setNameFormat(nameFormat);
                break;
        }
        LOGGER.debug("Attribute [{}] is assigned the name format of [{}]", attribute.getName(), attribute.getNameFormat());
    } else {
        LOGGER.debug("Skipped name format, as no name formats are defined or none is found for attribute [{}]", attribute.getName());
    }
    LOGGER.debug("Attribute [{}] has [{}] value(s)", attribute.getName(), attribute.getAttributeValues().size());
    return attribute;
}

Example 44 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method buildNameId.

/**
     * Build name id.
     * If there are no explicitly defined NameIDFormats, include the default format.
     * see: http://saml2int.org/profile/current/#section92
     *
     * @param authnRequest the authn request
     * @param assertion    the assertion
     * @param service      the service
     * @param adaptor      the adaptor
     * @return the name id
     * @throws SamlException the saml exception
     */
private NameID buildNameId(final AuthnRequest authnRequest, final Assertion assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final List<String> supportedNameFormats = adaptor.getSupportedNameIdFormats();
    LOGGER.debug("Metadata for [{}] declares support for the following NameIDs [{}]", adaptor.getEntityId(), supportedNameFormats);
    if (supportedNameFormats.isEmpty()) {
        supportedNameFormats.add(NameIDType.TRANSIENT);
        LOGGER.debug("No supported nameId formats could be determined from metadata. Added default [{}]", NameIDType.TRANSIENT);
    }
    if (StringUtils.isNotBlank(service.getRequiredNameIdFormat())) {
        final String fmt = parseAndBuildRequiredNameIdFormat(service);
        supportedNameFormats.add(0, fmt);
        LOGGER.debug("Added required nameId format [{}] based on saml service configuration for [{}]", fmt, service.getServiceId());
    }
    String requiredNameFormat = null;
    if (authnRequest.getNameIDPolicy() != null) {
        requiredNameFormat = authnRequest.getNameIDPolicy().getFormat();
        LOGGER.debug("AuthN request indicates [{}] is the required NameID format", requiredNameFormat);
        if (NameID.ENCRYPTED.equals(requiredNameFormat)) {
            LOGGER.warn("Encrypted NameID formats are not supported");
            requiredNameFormat = null;
        }
    }
    if (StringUtils.isNotBlank(requiredNameFormat) && !supportedNameFormats.contains(requiredNameFormat)) {
        LOGGER.warn("Required NameID format [{}] in the AuthN request issued by [{}] is not supported based on the metadata for [{}]", requiredNameFormat, SamlIdPUtils.getIssuerFromSamlRequest(authnRequest), adaptor.getEntityId());
        throw new SamlException("Required NameID format cannot be provided because it is not supported");
    }
    for (final String nameFormat : supportedNameFormats) {
        try {
            LOGGER.debug("Evaluating NameID format [{}]", nameFormat);
            final SAML2StringNameIDEncoder encoder = new SAML2StringNameIDEncoder();
            encoder.setNameFormat(nameFormat);
            if (authnRequest.getNameIDPolicy() != null) {
                final String qualifier = authnRequest.getNameIDPolicy().getSPNameQualifier();
                LOGGER.debug("NameID qualifier is set to [{}]", qualifier);
                encoder.setNameQualifier(qualifier);
            }
            final IdPAttribute attribute = new IdPAttribute(AttributePrincipal.class.getName());
            final IdPAttributeValue<String> value = new StringAttributeValue(assertion.getPrincipal().getName());
            LOGGER.debug("NameID attribute value is set to [{}]", assertion.getPrincipal().getName());
            attribute.setValues(Collections.singletonList(value));
            LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
            final NameID nameid = encoder.encode(attribute);
            LOGGER.debug("Final NameID encoded is [{}] with value [{}]", nameid.getFormat(), nameid.getValue());
            return nameid;
        } catch (final Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
    }
    return null;
}

Example 45 with Attribute

use of org.opensaml.saml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.

the class TrustAssertion method populateAssertionMap.

/**
     * Sample assertion statements that may appear in the XML: Trusted (boolean)
     * Trusted_BIOS (boolean) Trusted_VMM (boolean) BIOS_Name (string)
     * BIOS_Version (string) BIOS_OEM (string) VMM_Name (string) VMM_Version
     * (string) VMM_OSName (string) VMM_OSVersion (string) The BIOS_* entries
     * will only appear if Trusted_BIOS is true The VMM_* entries will only
     * appear if Trusted_VMM is true
     */
private void populateAssertionMap() {
    for (Statement statement : assertion.getStatements()) {
        if (statement instanceof AttributeStatement) {
            HashMap<String, String> assertionMap = new HashMap<String, String>();
            HostTrustAssertion hostTrustAssertion = new HostTrustAssertion(assertion, assertionMap);
            log.debug("attributes.size: " + ((AttributeStatement) statement).getAttributes().size());
            for (Attribute attribute : ((AttributeStatement) statement).getAttributes()) {
                String attributeValue = null;
                for (XMLObject value : attribute.getAttributeValues()) {
                    if (value instanceof XSAny) {
                        // boolean attributes are the text "true" or "false"
                        attributeValue = (((XSAny) value).getTextContent());
                    }
                    if (value instanceof XSString) {
                        attributeValue = (((XSString) value).getValue());
                    }
                }
                assertionMap.put(attribute.getName(), attributeValue);
            }
            hostAssertionMap.put(assertionMap.get("Host_Name"), hostTrustAssertion);
        }
    }
}