Examples with AttributeStatement org.opensaml.saml.saml2.core.AttributeStatement used on opensource projects

Search in sources :

Example 56 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project verify-hub by alphagov.

the class IPAddressValidator method validate.

public void validate(Assertion assertion) {
    for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
        for (Attribute attribute : attributeStatement.getAttributes()) {
            if (attribute.getName().equals(IdaConstants.Attributes_1_1.IPAddress.NAME)) {
                IPAddress ipAddressAttributeValue = (IPAddress) attribute.getAttributeValues().get(0);
                String addressValue = ipAddressAttributeValue.getValue();
                if (!Strings.isNullOrEmpty(addressValue)) {
                    return;
                }
                SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyIPAddress(assertion.getID());
                throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
            }
        }
    }
    SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingIPAddress(assertion.getID());
    throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) IPAddress(uk.gov.ida.saml.core.extensions.IPAddress)

Example 57 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project carbon-apimgt by wso2.

the class SystemScopeUtils method getRolesFromAssertion.

/**
 * Get the role list from the SAML2 Assertion
 *
 * @param assertion SAML2 assertion
 * @return Role list from the assertion
 */
public static String[] getRolesFromAssertion(Assertion assertion) {
    List<String> roles = new ArrayList<String>();
    String roleClaim = getRoleClaim();
    List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
    if (attributeStatementList != null) {
        for (AttributeStatement statement : attributeStatementList) {
            List<Attribute> attributesList = statement.getAttributes();
            for (Attribute attribute : attributesList) {
                String attributeName = attribute.getName();
                if (attributeName != null && roleClaim.equals(attributeName)) {
                    List<XMLObject> attributeValues = attribute.getAttributeValues();
                    if (attributeValues != null && attributeValues.size() == 1) {
                        String attributeValueString = getAttributeValue(attributeValues.get(0));
                        String multiAttributeSeparator = getAttributeSeparator();
                        String[] attributeValuesArray = attributeValueString.split(multiAttributeSeparator);
                        if (log.isDebugEnabled()) {
                            log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + Arrays.toString(attributeValuesArray));
                        }
                        roles.addAll(Arrays.asList(attributeValuesArray));
                    } else if (attributeValues != null && attributeValues.size() > 1) {
                        for (XMLObject attributeValue : attributeValues) {
                            String attributeValueString = getAttributeValue(attributeValue);
                            if (log.isDebugEnabled()) {
                                log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attributeName + ", AttributeValue : " + attributeValue);
                            }
                            roles.add(attributeValueString);
                        }
                    }
                }
            }
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Role list found for assertion: " + assertion + ", roles: " + roles);
    }
    return roles.toArray(new String[roles.size()]);
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) XSString(org.opensaml.core.xml.schema.XSString)

Example 58 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project cxf by apache.

the class CustomSaml2Validator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    if (!"sts".equals(assertion.getIssuerString())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    return validatedCredential;
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 59 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project cxf by apache.

the class SAMLUtils method getSaml1Subject.

private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper assertionW) {
    for (Statement stmt : assertionW.getSaml1().getStatements()) {
        final org.opensaml.saml.saml1.core.Subject samlSubject;
        if (stmt instanceof AttributeStatement) {
            AttributeStatement attrStmt = (AttributeStatement) stmt;
            samlSubject = attrStmt.getSubject();
        } else if (stmt instanceof AuthenticationStatement) {
            AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
            samlSubject = authStmt.getSubject();
        } else {
            AuthorizationDecisionStatement authzStmt = (AuthorizationDecisionStatement) stmt;
            samlSubject = authzStmt.getSubject();
        }
        if (samlSubject != null) {
            return samlSubject;
        }
    }
    return null;
}
Also used : AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) Statement(org.opensaml.saml.saml1.core.Statement) AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement) AttributeStatement(org.opensaml.saml.saml1.core.AttributeStatement) AuthorizationDecisionStatement(org.opensaml.saml.saml1.core.AuthorizationDecisionStatement) AuthenticationStatement(org.opensaml.saml.saml1.core.AuthenticationStatement)

Example 60 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.

the class SamlAssertionValidatorImplTest method createAssertion.

private Assertion createAssertion(boolean sign, boolean validSignature, String issuerString, DateTime notOnOrAfter) throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(issuerString);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(notOnOrAfter);
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    if (sign) {
        Signature signature = OpenSAMLUtil.buildSignature();
        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signature.setSignatureAlgorithm(WSS4JConstants.RSA);
        BasicX509Credential signingCredential;
        if (validSignature) {
            signingCredential = new BasicX509Credential(certificate);
            signingCredential.setPrivateKey(privateKey);
            signature.setSigningCredential(signingCredential);
        } else {
            try (InputStream inputStream = getClass().getResourceAsStream("/localhost.crt")) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                signingCredential = new BasicX509Credential(cert);
                signature.setSigningCredential(signingCredential);
            }
        }
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
        assertion.setSignature(signature);
    }
    return assertion;
}
Also used : Issuer(org.opensaml.saml.saml2.core.Issuer) Attribute(org.opensaml.saml.saml2.core.Attribute) AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder) CertificateFactory(java.security.cert.CertificateFactory) DateTime(org.joda.time.DateTime) Conditions(org.opensaml.saml.saml2.core.Conditions) AuthnContext(org.opensaml.saml.saml2.core.AuthnContext) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder) SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory) AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder) AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) NameID(org.opensaml.saml.saml2.core.NameID) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) InputStream(java.io.InputStream) AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder) Assertion(org.opensaml.saml.saml2.core.Assertion) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder) Subject(org.opensaml.saml.saml2.core.Subject) X509Certificate(java.security.cert.X509Certificate) ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Signature(org.opensaml.xmlsec.signature.Signature) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)61 Attribute (org.opensaml.saml.saml2.core.Attribute)40 Assertion (org.opensaml.saml.saml2.core.Assertion)36 Test (org.junit.jupiter.api.Test)24 XMLObject (org.opensaml.core.xml.XMLObject)17 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)17 EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10 SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9 ArrayList (java.util.ArrayList)8 SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8 HashMap (java.util.HashMap)7 XSString (org.opensaml.core.xml.schema.XSString)7 NameID (org.opensaml.saml.saml2.core.NameID)7 Response (org.opensaml.saml.saml2.core.Response)7 Subject (org.opensaml.saml.saml2.core.Subject)7 Map (java.util.Map)6 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)6 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)6 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)6 List (java.util.List)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial