Examples with Issuer org.opensaml.saml.saml2.core.Issuer used on opensource projects

Example 56 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project ddf by codice.

the class SamlAssertionValidatorImplTest method createHolderOfKeyAssertion.

private Assertion createHolderOfKeyAssertion() throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(ISSUER);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    X509SubjectName x509SubjectName = new X509SubjectNameBuilder().buildObject();
    x509SubjectName.setValue("EMAILADDRESS=localhost@example.org, CN=localhost, OU=Dev, O=DDF, ST=AZ, C=US");
    org.opensaml.xmlsec.signature.X509Certificate x509Certificate = new X509CertificateBuilder().buildObject();
    byte[] certBytes = certificate.getEncoded();
    String certString = new String(Base64.encode(certBytes));
    x509Certificate.setValue(certString);
    X509Data x509Data = new X509DataBuilder().buildObject();
    x509Data.getX509SubjectNames().add(x509SubjectName);
    x509Data.getX509Certificates().add(x509Certificate);
    KeyInfo keyInfo = new KeyInfoBuilder().buildObject();
    keyInfo.getX509Datas().add(x509Data);
    KeyInfoConfirmationDataType keyInfoConfirmationDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
    keyInfoConfirmationDataType.getKeyInfos().add(keyInfo);
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
    subjectConfirmation.setSubjectConfirmationData(keyInfoConfirmationDataType);
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(new DateTime().plusDays(3));
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    Signature signature = OpenSAMLUtil.buildSignature();
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signature.setSignatureAlgorithm(WSS4JConstants.RSA);
    BasicX509Credential signingCredential;
    signingCredential = new BasicX509Credential(certificate);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    KeyInfo signatureKeyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
    signature.setKeyInfo(signatureKeyInfo);
    assertion.setSignature(signature);
    return assertion;
}

Example 57 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project ddf by codice.

the class SamlAssertionValidatorImpl method createSamlResponse.

/**
 * Creates the SAML response that we use for validation against the CXF code.
 *
 * @param inResponseTo
 * @param issuer
 * @param status
 * @return Response
 */
private static Response createSamlResponse(String inResponseTo, String issuer, Status status) {
    if (responseBuilder == null) {
        responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
    }
    Response response = responseBuilder.buildObject();
    response.setID(UUID.randomUUID().toString());
    response.setIssueInstant(new DateTime());
    response.setInResponseTo(inResponseTo);
    response.setIssuer(createIssuer(issuer));
    response.setStatus(status);
    response.setVersion(SAMLVersion.VERSION_20);
    return response;
}

Example 58 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project ddf by codice.

the class AttributeQueryClaimsHandler method getAttributes.

/**
 * Gets the attributes for the supplied user from the external attribute store. Returns null if
 * the AttributeQueryClient is null.
 *
 * @param nameId used for the request.
 * @return The collection of attributes retrieved from the external attribute store.
 * @throws URISyntaxException
 */
protected ClaimsCollection getAttributes(String nameId) throws URISyntaxException {
    ClaimsCollection claimCollection = new ClaimsCollectionImpl();
    LOGGER.debug("Sending AttributeQuery Request.");
    AttributeQueryClient attributeQueryClient;
    Assertion assertion;
    try {
        attributeQueryClient = createAttributeQueryClient(simpleSign, externalAttributeStoreUrl, issuer, destination);
        if (attributeQueryClient == null) {
            return null;
        }
        assertion = attributeQueryClient.query(nameId);
        if (assertion != null) {
            createClaims(claimCollection, assertion);
        }
    } catch (AttributeQueryException ex) {
        LOGGER.info("Error occurred in AttributeQueryClient, did not retrieve response. Set log level for \"org.codice.ddf.security.claims.attributequery.common\" to DEBUG for more information.");
        LOGGER.debug("Error occurred in AttributeQueryClient, did not retrieve response.", ex);
    }
    return claimCollection;
}

Example 59 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class SLOSamlIdPRedirectProfileHandlerControllerTests method executeTest.

private void executeTest(final MockHttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service) throws Exception {
    servicesManager.save(service);
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
    var logoutRequest = (LogoutRequest) builder.buildObject();
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    val issuer = (Issuer) builder.buildObject();
    issuer.setValue(service.getServiceId());
    logoutRequest.setIssuer(issuer);
    val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
    logoutRequest = samlIdPObjectSigner.encode(logoutRequest, service, adaptor, response, request, SAMLConstants.SAML2_REDIRECT_BINDING_URI, logoutRequest, new MessageContext());
    val encoder = new SamlIdPHttpRedirectDeflateEncoder("https://cas.example.org/logout", logoutRequest);
    encoder.doEncode();
    val queryStrings = StringUtils.remove(encoder.getRedirectUrl(), "https://cas.example.org/logout?");
    new URLBuilder(encoder.getRedirectUrl()).getQueryParams().forEach(param -> request.addParameter(param.getFirst(), param.getSecond()));
    request.setQueryString(queryStrings);
    controller.handleSaml2ProfileSLORedirectRequest(response, request);
}

Example 60 with Issuer

use of org.opensaml.saml.saml2.core.Issuer in project cas by apereo.

the class ECPSamlIdPProfileHandlerControllerTests method getAuthnRequest.

private AuthnRequest getAuthnRequest(final String entityId) {
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    var authnRequest = (AuthnRequest) builder.buildObject();
    authnRequest.setProtocolBinding(SAMLConstants.SAML2_PAOS_BINDING_URI);
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    val issuer = (Issuer) builder.buildObject();
    issuer.setValue(entityId);
    authnRequest.setIssuer(issuer);
    return authnRequest;
}