use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cxf by apache.
the class AuthnRequestBuilderTest method testCreateAuthnRequest.
@org.junit.Test
public void testCreateAuthnRequest() throws Exception {
Document doc = DOMUtils.createDocument();
Issuer issuer = SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer");
AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
RequestedAuthnContext authnCtx = SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null);
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest("http://localhost:9001/sso", false, false, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20, issuer, nameIDPolicy, authnCtx);
Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
doc.appendChild(policyElement);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cxf by apache.
the class SamlpRequestComponentBuilder method createAuthnRequest.
@SuppressWarnings("unchecked")
public static // CHECKSTYLE:OFF
AuthnRequest createAuthnRequest(String serviceURL, boolean forceAuthn, boolean isPassive, String protocolBinding, SAMLVersion version, Issuer issuer, NameIDPolicy nameIDPolicy, RequestedAuthnContext requestedAuthnCtx) {
// CHECKSTYLE:ON
if (authnRequestBuilder == null) {
authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>) builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
}
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
authnRequest.setAssertionConsumerServiceURL(serviceURL);
authnRequest.setForceAuthn(forceAuthn);
authnRequest.setID("_" + UUID.randomUUID());
authnRequest.setIsPassive(isPassive);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setProtocolBinding(protocolBinding);
authnRequest.setVersion(version);
authnRequest.setIssuer(issuer);
authnRequest.setNameIDPolicy(nameIDPolicy);
authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
return authnRequest;
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldPropagateComparisonType.
@Test
public void shouldPropagateComparisonType() {
IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withComparisonType(AuthnContextComparisonTypeEnumeration.MINIMUM).buildFromHub();
AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
assertThat(requestedAuthnContext.getComparison()).isEqualTo(AuthnContextComparisonTypeEnumeration.MINIMUM);
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformer method supplementAuthnRequestWithDetails.
protected void supplementAuthnRequestWithDetails(IdaAuthnRequestFromHub originalRequestFromHub, AuthnRequest authnRequest) {
Conditions conditions = getSamlObjectFactory().createConditions();
conditions.setNotOnOrAfter(originalRequestFromHub.getSessionExpiryTimestamp());
authnRequest.setConditions(conditions);
Scoping scoping = getSamlObjectFactory().createScoping();
scoping.setProxyCount(0);
authnRequest.setScoping(scoping);
AuthnContextComparisonTypeEnumeration comparisonType = originalRequestFromHub.getComparisonType();
RequestedAuthnContext requestedAuthnContext = getSamlObjectFactory().createRequestedAuthnContext(comparisonType);
originalRequestFromHub.getLevelsOfAssurance().stream().map(AuthnContext::getUri).map(uri -> getSamlObjectFactory().createAuthnContextClassReference(uri)).forEach(ref -> requestedAuthnContext.getAuthnContextClassRefs().add(ref));
NameIDPolicy nameIdPolicy = getSamlObjectFactory().createNameIdPolicy();
nameIdPolicy.setFormat(NameIDType.PERSISTENT);
nameIdPolicy.setSPNameQualifier(HubConstants.SP_NAME_QUALIFIER);
nameIdPolicy.setAllowCreate(true);
authnRequest.setNameIDPolicy(nameIdPolicy);
authnRequest.setRequestedAuthnContext(requestedAuthnContext);
if (originalRequestFromHub.getForceAuthentication().isPresent()) {
authnRequest.setForceAuthn(originalRequestFromHub.getForceAuthentication().get());
}
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project ddf by codice.
the class IdpHandler method createAndSignAuthnRequest.
private String createAndSignAuthnRequest(boolean isPost, boolean wantSigned) throws AuthenticationFailureException {
String spIssuerId = getSpIssuerId();
String spAssertionConsumerServiceUrl = getSpAssertionConsumerServiceUrl(spIssuerId);
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(spIssuerId);
authnRequest.setIssuer(issuer);
authnRequest.setAssertionConsumerServiceURL(spAssertionConsumerServiceUrl);
authnRequest.setID("_" + UUID.randomUUID().toString());
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setDestination(idpMetadata.getSingleSignOnLocation());
authnRequest.setProtocolBinding(SamlProtocol.POST_BINDING);
authnRequest.setNameIDPolicy(SamlpRequestComponentBuilder.createNameIDPolicy(true, SAML2Constants.NAMEID_FORMAT_PERSISTENT, spIssuerId));
RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
for (String authContextClass : authContextClasses) {
if (StringUtils.isNotEmpty(authContextClass)) {
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(authContextClass);
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
}
}
authnRequest.setRequestedAuthnContext(requestedAuthnContext);
return serializeAndSign(isPost, wantSigned, authnRequest);
}
Aggregations