use of org.opensaml.saml.saml2.core.AttributeStatement in project spring-security by spring-projects.
the class OpenSamlAuthenticationProvider method getAssertionAttributes.
private static Map<String, List<Object>> getAssertionAttributes(Assertion assertion) {
Map<String, List<Object>> attributeMap = new LinkedHashMap<>();
for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
List<Object> attributeValues = new ArrayList<>();
for (XMLObject xmlObject : attribute.getAttributeValues()) {
Object attributeValue = getXmlObjectValue(xmlObject);
if (attributeValue != null) {
attributeValues.add(attributeValue);
}
}
attributeMap.put(attribute.getName(), attributeValues);
}
}
return attributeMap;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method authenticateWhenAssertionContainsAttributesThenItSucceeds.
@Test
public void authenticateWhenAssertionContainsAttributesThenItSucceeds() {
Response response = response();
Assertion assertion = assertion();
List<AttributeStatement> attributes = attributeStatements();
assertion.getAttributeStatements().addAll(attributes);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
Authentication authentication = this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
Map<String, Object> expected = new LinkedHashMap<>();
expected.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com"));
expected.put("name", Collections.singletonList("John Doe"));
expected.put("age", Collections.singletonList(21));
expected.put("website", Collections.singletonList("https://johndoe.com/"));
expected.put("registered", Collections.singletonList(true));
Instant registeredDate = Instant.parse("1970-01-01T00:00:00Z");
expected.put("registeredDate", Collections.singletonList(registeredDate));
assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe");
assertThat(principal.getAttributes()).isEqualTo(expected);
assertThat(principal.getSessionIndexes()).contains("session-index");
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method attributeStatements.
private List<AttributeStatement> attributeStatements() {
List<AttributeStatement> attributeStatements = TestOpenSamlObjects.attributeStatements();
AttributeBuilder attributeBuilder = new AttributeBuilder();
Attribute registeredDateAttr = attributeBuilder.buildObject();
registeredDateAttr.setName("registeredDate");
XSDateTime registeredDate = new XSDateTimeBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSDateTime.TYPE_NAME);
registeredDate.setValue(Instant.parse("1970-01-01T00:00:00Z"));
registeredDateAttr.getAttributeValues().add(registeredDate);
attributeStatements.iterator().next().getAttributes().add(registeredDateAttr);
return attributeStatements;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project cas by apereo.
the class SamlProfileSamlAttributeStatementBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param context the context
* @param attributes the attributes
* @param builder the builder
* @return the attribute statement
* @throws Exception the exception
*/
public AttributeStatement newAttributeStatement(final SamlProfileBuilderContext context, final Map<String, Object> attributes, final Saml20AttributeBuilder builder) throws Exception {
val attrStatement = SamlUtils.newSamlObject(AttributeStatement.class);
val resp = samlIdPProperties.getResponse();
val nameFormats = new HashMap<>(resp.configureAttributeNameFormats());
nameFormats.putAll(context.getRegisteredService().getAttributeNameFormats());
val globalFriendlyNames = samlIdPProperties.getCore().getAttributeFriendlyNames();
val friendlyNames = new HashMap<>(CollectionUtils.convertDirectedListToMap(globalFriendlyNames));
val urns = new HashMap<String, String>();
attributeDefinitionStore.getAttributeDefinitions().stream().filter(defn -> defn instanceof SamlIdPAttributeDefinition).map(SamlIdPAttributeDefinition.class::cast).forEach(defn -> {
if (StringUtils.isNotBlank(defn.getFriendlyName())) {
friendlyNames.put(defn.getKey(), defn.getFriendlyName());
}
if (StringUtils.isNotBlank(defn.getUrn())) {
urns.put(defn.getKey(), defn.getUrn());
}
});
friendlyNames.putAll(context.getRegisteredService().getAttributeFriendlyNames());
SamlIdPAttributeDefinitionCatalog.load().filter(defn -> !friendlyNames.containsKey(defn.getKey())).forEach(defn -> {
friendlyNames.put(defn.getKey(), defn.getFriendlyName());
urns.put(defn.getKey(), defn.getUrn());
});
for (val entry : attributes.entrySet()) {
var attributeValue = entry.getValue();
if (attributeValue instanceof Collection<?> && ((Collection<?>) attributeValue).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", entry.getKey());
continue;
}
val friendlyName = friendlyNames.getOrDefault(entry.getKey(), null);
val attributeNames = urns.containsKey(entry.getKey()) ? List.of(urns.get(entry.getKey())) : getMappedAttributeNamesFromAttributeDefinitionStore(entry);
for (val name : attributeNames) {
LOGGER.trace("Processing SAML attribute [{}] with value [{}], friendlyName [{}]", name, attributeValue, friendlyName);
val valueType = context.getRegisteredService().getAttributeValueTypes().get(name);
if (NameIDType.class.getSimpleName().equalsIgnoreCase(valueType)) {
val nameIdObject = samlNameIdBuilder.build(context);
if (nameIdObject instanceof NameID) {
val nameID = newSamlObject(NameID.class);
val nameId = (NameID) nameIdObject;
nameID.setFormat(nameId.getFormat());
nameID.setNameQualifier(nameId.getNameQualifier());
nameID.setSPNameQualifier(nameId.getSPNameQualifier());
nameID.setValue(nameId.getValue());
attributeValue = nameID;
}
}
if (NameID.PERSISTENT.equalsIgnoreCase(valueType)) {
val nameID = newSamlObject(NameID.class);
nameID.setFormat(NameID.PERSISTENT);
nameID.setNameQualifier(SamlIdPUtils.determineNameIdNameQualifier(context.getRegisteredService(), samlIdPMetadataResolver));
FunctionUtils.doIf(StringUtils.isNotBlank(context.getRegisteredService().getServiceProviderNameIdQualifier()), value -> nameID.setSPNameQualifier(context.getRegisteredService().getServiceProviderNameIdQualifier()), value -> nameID.setSPNameQualifier(context.getAdaptor().getEntityId())).accept(context.getRegisteredService());
CollectionUtils.firstElement(attributeValue).ifPresent(value -> nameID.setValue(value.toString()));
attributeValue = nameID;
}
LOGGER.debug("Creating SAML attribute [{}] with value [{}], friendlyName [{}]", name, attributeValue, friendlyName);
val attribute = newAttribute(friendlyName, name, attributeValue, nameFormats, resp.getDefaultAttributeNameFormat(), context.getRegisteredService().getAttributeValueTypes());
LOGGER.trace("Created SAML attribute [{}] with NameID format [{}]", attribute.getName(), attribute.getNameFormat());
builder.build(attrStatement, attribute);
}
}
return attrStatement;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.
the class AttributeQueryClaimsHandler method createClaims.
/**
* Creates claims from the extracted attributes.
*
* @param claimsCollection The collection of claims.
* @param assertion Assertion from the response.
* @return The collection of claims.
* @throws URISyntaxException
*/
protected ClaimsCollection createClaims(ClaimsCollection claimsCollection, Assertion assertion) {
// Should only contain one Attribute Statement.
AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
List<Attribute> attributeList = attributeStatement.getAttributes();
// and create the claim, otherwise, create the claim using its original attribute value.
for (Attribute attribute : attributeList) {
for (String claimType : supportedClaims) {
if (claimType.equalsIgnoreCase(attribute.getName())) {
String claimValue = attribute.getDOM().getTextContent();
claimsCollection.add(createSingleValuedClaim(claimType, attributeMap.getOrDefault(claimValue, claimValue)));
break;
}
}
}
return claimsCollection;
}
Aggregations