use of org.opensaml.saml.saml2.core.AttributeStatement in project cxf by apache.
the class SAMLClaimsTest method testSaml2StaticClaims.
/**
* Test the creation of a SAML2 Assertion with StaticClaimsHandler
*/
@org.junit.Test
public void testSaml2StaticClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
StaticClaimsHandler claimsHandler = new StaticClaimsHandler();
Map<String, String> staticClaimsMap = new HashMap<>();
staticClaimsMap.put(CLAIM_STATIC_COMPANY, CLAIM_STATIC_COMPANY_VALUE);
claimsHandler.setGlobalClaims(staticClaimsMap);
claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CLAIM_STATIC_COMPANY);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
assertEquals(attributes.size(), 1);
assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY);
XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE);
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project cxf by apache.
the class SAMLClaimsTest method testSaml2StaticEndpointClaims.
/**
* Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler
*/
@org.junit.Test
public void testSaml2StaticEndpointClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler();
// Create claims map for specific application
Map<String, String> endpointClaimsMap = new HashMap<>();
endpointClaimsMap.put(CLAIM_APPLICATION, CLAIM_APPLICATION_VALUE);
Map<String, Map<String, String>> staticClaims = new HashMap<>();
staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap);
claimsHandler.setEndpointClaims(staticClaims);
claimsHandler.setSupportedClaims(Collections.singletonList(CLAIM_APPLICATION));
claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CLAIM_APPLICATION);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
assertEquals(attributes.size(), 1);
assertEquals(attributes.get(0).getName(), CLAIM_APPLICATION);
XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
assertEquals(valueObj.getDOM().getTextContent(), CLAIM_APPLICATION_VALUE);
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project cxf by apache.
the class OnBehalfOfValidator method validate.
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Subject subject = saml2Assertion.getSubject();
NameID nameID = subject.getNameID();
String subjectName = nameID.getValue();
if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
return validatedCredential;
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project tesb-rt-se by Talend.
the class SAML2AuthorizingInterceptor method getRoleFromAssertion.
private String getRoleFromAssertion(SamlAssertionWrapper assertion) {
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
return null;
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
return null;
}
String nameFormat = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims";
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if ("role".equals(attribute.getName()) && nameFormat.equals(attribute.getNameFormat())) {
Element attributeValueElement = attribute.getAttributeValues().get(0).getDOM();
return attributeValueElement.getTextContent();
}
}
}
return null;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project cloudstack by apache.
the class SAML2LoginAPIAuthenticatorCmdTest method buildMockResponse.
private Response buildMockResponse() throws Exception {
Response samlMessage = new ResponseBuilder().buildObject();
samlMessage.setID("foo");
samlMessage.setVersion(SAMLVersion.VERSION_20);
samlMessage.setIssueInstant(new DateTime(0));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("MockedIssuer");
samlMessage.setIssuer(issuer);
Status status = new StatusBuilder().buildObject();
StatusCode statusCode = new StatusCodeBuilder().buildObject();
statusCode.setValue(StatusCode.SUCCESS_URI);
status.setStatusCode(statusCode);
samlMessage.setStatus(status);
Assertion assertion = new AssertionBuilder().buildObject();
Subject subject = new SubjectBuilder().buildObject();
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue("SOME-UNIQUE-ID");
nameID.setFormat(NameIDType.PERSISTENT);
subject.setNameID(nameID);
assertion.setSubject(subject);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setSessionIndex("Some Session String");
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
assertion.getAttributeStatements().add(attributeStatement);
samlMessage.getAssertions().add(assertion);
return samlMessage;
}
Aggregations