Example 31 with AttributeStatement
use of org.opensaml.saml.saml2.core.AttributeStatement in project OpenAttestation by OpenAttestation.
the class TrustAssertion method populateAssertionMap.
/**
* Sample assertion statements that may appear in the XML: Trusted (boolean)
* Trusted_BIOS (boolean) Trusted_VMM (boolean) BIOS_Name (string)
* BIOS_Version (string) BIOS_OEM (string) VMM_Name (string) VMM_Version
* (string) VMM_OSName (string) VMM_OSVersion (string) The BIOS_* entries
* will only appear if Trusted_BIOS is true The VMM_* entries will only
* appear if Trusted_VMM is true
*/
private void populateAssertionMap() {
for (Statement statement : assertion.getStatements()) {
if (statement instanceof AttributeStatement) {
HashMap<String, String> assertionMap = new HashMap<String, String>();
HostTrustAssertion hostTrustAssertion = new HostTrustAssertion(assertion, assertionMap);
log.debug("attributes.size: " + ((AttributeStatement) statement).getAttributes().size());
for (Attribute attribute : ((AttributeStatement) statement).getAttributes()) {
String attributeValue = null;
for (XMLObject value : attribute.getAttributeValues()) {
if (value instanceof XSAny) {
// boolean attributes are the text "true" or "false"
attributeValue = (((XSAny) value).getTextContent());
}
if (value instanceof XSString) {
attributeValue = (((XSString) value).getValue());
}
}
assertionMap.put(attribute.getName(), attributeValue);
}
hostAssertionMap.put(assertionMap.get("Host_Name"), hostTrustAssertion);
}
}
}
Also used :
HashMap(java.util.HashMap)
Attribute(org.opensaml.saml2.core.Attribute)
Statement(org.opensaml.saml2.core.Statement)
AttributeStatement(org.opensaml.saml2.core.AttributeStatement)
AttributeStatement(org.opensaml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.xml.XMLObject)
XSString(org.opensaml.xml.schema.XSString)
XSString(org.opensaml.xml.schema.XSString)
XSAny(org.opensaml.xml.schema.XSAny)
Example 32 with AttributeStatement
use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.
the class SubjectUtilsTest method getSubjectWithAttributes.
private Subject getSubjectWithAttributes(Map<String, List<String>> attributes) {
Subject subject = mock(Subject.class);
PrincipalCollection pc = mock(PrincipalCollection.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
AttributeStatement as = mock(AttributeStatement.class);
List<Attribute> attrs = attributes.entrySet().stream().map(this::getAttribute).collect(Collectors.toList());
doReturn(pc).when(subject).getPrincipals();
doReturn(assertion).when(pc).oneByType(SecurityAssertion.class);
doReturn(ImmutableList.of(assertion)).when(pc).byType(SecurityAssertion.class);
doReturn(Collections.singletonList(as)).when(assertion).getAttributeStatements();
doReturn(attrs).when(as).getAttributes();
return subject;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 33 with AttributeStatement
use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.
the class AttributeQueryClaimsHandler method createClaims.
/**
* Creates claims from the extracted attributes.
*
* @param claimsCollection The collection of claims.
* @param assertion Assertion from the response.
* @return The collection of claims.
* @throws URISyntaxException
*/
protected ProcessedClaimCollection createClaims(ProcessedClaimCollection claimsCollection, Assertion assertion) throws URISyntaxException {
// Should only contain one Attribute Statement.
AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
List<Attribute> attributeList = attributeStatement.getAttributes();
// and create the claim, otherwise, create the claim using its original attribute value.
for (Attribute attribute : attributeList) {
for (String claimType : supportedClaims) {
if (claimType.equalsIgnoreCase(attribute.getName())) {
String claimValue = attribute.getDOM().getTextContent();
if (attributeMap.containsKey(claimValue)) {
claimsCollection.add(createSingleValuedClaim(claimType, attributeMap.get(claimValue)));
} else {
claimsCollection.add(createSingleValuedClaim(claimType, claimValue));
}
break;
}
}
}
return claimsCollection;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Example 34 with AttributeStatement
use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.
the class SecurityAssertionImpl method getPrincipals.
@Override
public Set<Principal> getPrincipals() {
Set<Principal> principals = new HashSet<>();
Principal primary = getPrincipal();
principals.add(primary);
principals.add(new RolePrincipal(primary.getName()));
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
for (final XMLObject obj : attr.getAttributeValues()) {
principals.add(new RolePrincipal(((XSString) obj).getValue()));
}
}
}
}
return principals;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
HashSet(java.util.HashSet)
Example 35 with AttributeStatement
use of org.opensaml.saml.saml2.core.AttributeStatement in project cas by apereo.
the class SamlProfileSamlAssertionBuilder method build.
@Override
public Assertion build(final RequestAbstractType authnRequest, final HttpServletRequest request, final HttpServletResponse response, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
final List<Statement> statements = new ArrayList<>();
final AuthnStatement authnStatement = this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
statements.add(authnStatement);
final AttributeStatement attrStatement = this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding);
if (!attrStatement.getAttributes().isEmpty() || !attrStatement.getEncryptedAttributes().isEmpty()) {
statements.add(attrStatement);
}
final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, request, response, casAssertion, service, adaptor, binding));
signAssertion(assertion, request, response, service, adaptor, binding);
return assertion;
}
Also used :
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Statement(org.opensaml.saml.saml2.core.Statement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
ArrayList(java.util.ArrayList)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Aggregations
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)61
Attribute (org.opensaml.saml.saml2.core.Attribute)40
Assertion (org.opensaml.saml.saml2.core.Assertion)36
Test (org.junit.jupiter.api.Test)24
XMLObject (org.opensaml.core.xml.XMLObject)17
AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)17
EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10
SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9
ArrayList (java.util.ArrayList)8
SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8
HashMap (java.util.HashMap)7
XSString (org.opensaml.core.xml.schema.XSString)7
NameID (org.opensaml.saml.saml2.core.NameID)7
Response (org.opensaml.saml.saml2.core.Response)7
Subject (org.opensaml.saml.saml2.core.Subject)7
Map (java.util.Map)6
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)6
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)6
AttributeStatement (org.opensaml.saml2.core.AttributeStatement)6
List (java.util.List)5
