use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param attributes the attributes
* @param setFriendlyName the set friendly name
* @param configuredNameFormats the configured name formats
* @return the attribute statement
*/
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final boolean setFriendlyName, final Map<String, String> configuredNameFormats) {
final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
for (final Map.Entry<String, Object> e : attributes.entrySet()) {
if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
continue;
}
final Attribute attribute = newAttribute(setFriendlyName, e, configuredNameFormats);
attrStatement.getAttributes().add(attribute);
}
return attrStatement;
}
use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.
the class SamlProfileSamlAuthNStatementBuilder method buildAuthnStatement.
/**
* Creates an authentication statement for the current request.
*
* @param assertion the assertion
* @param authnRequest the authn request
* @param adaptor the adaptor
* @param service the service
* @param binding the binding
* @return constructed authentication statement
* @throws SamlException the saml exception
*/
private AuthnStatement buildAuthnStatement(final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final String binding) throws SamlException {
final Assertion assertion = Assertion.class.cast(casAssertion);
final String authenticationMethod = this.authnContextClassRefBuilder.build(assertion, authnRequest, adaptor, service);
final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
final AuthnStatement statement = newAuthnStatement(authenticationMethod, DateTimeUtils.zonedDateTimeOf(assertion.getAuthenticationDate()), id);
if (assertion.getValidUntilDate() != null) {
final ZonedDateTime dt = DateTimeUtils.zonedDateTimeOf(assertion.getValidUntilDate());
statement.setSessionNotOnOrAfter(DateTimeUtils.dateTimeOf(dt.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance())));
}
statement.setSubjectLocality(buildSubjectLocality(assertion, authnRequest, adaptor, binding));
return statement;
}
use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedAttributeThenDecrypts.
@Test
public void authenticateWhenEncryptedAttributeThenDecrypts() {
Response response = response();
Assertion assertion = assertion();
EncryptedAttribute attribute = TestOpenSamlObjects.encrypted("name", "value", TestSaml2X509Credentials.assertingPartyEncryptingCredential());
AttributeStatement statement = build(AttributeStatement.DEFAULT_ELEMENT_NAME);
statement.getEncryptedAttributes().add(attribute);
assertion.getAttributeStatements().add(statement);
response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
assertThat(principal.getAttribute("name")).containsExactly("value");
}
use of org.opensaml.saml.saml2.core.Statement in project spring-security by spring-projects.
the class TestOpenSamlObjects method assertion.
static Assertion assertion(String username, String issuerEntityId, String recipientEntityId, String recipientUri) {
Assertion assertion = build(Assertion.DEFAULT_ELEMENT_NAME);
assertion.setID("A" + UUID.randomUUID().toString());
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setIssuer(issuer(issuerEntityId));
assertion.setSubject(subject(username));
assertion.setConditions(conditions());
SubjectConfirmation subjectConfirmation = subjectConfirmation();
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
SubjectConfirmationData confirmationData = subjectConfirmationData(recipientEntityId);
confirmationData.setRecipient(recipientUri);
subjectConfirmation.setSubjectConfirmationData(confirmationData);
assertion.getSubject().getSubjectConfirmations().add(subjectConfirmation);
AuthnStatement statement = build(AuthnStatement.DEFAULT_ELEMENT_NAME);
statement.setSessionIndex("session-index");
assertion.getAuthnStatements().add(statement);
return assertion;
}
use of org.opensaml.saml.saml2.core.Statement in project cas by apereo.
the class SamlProfileSamlAttributeStatementBuilderTests method verifyFriendlyNamesForKnownAttributes.
@Test
public void verifyFriendlyNamesForKnownAttributes() throws Exception {
val service = getSamlRegisteredServiceForTestShib();
val adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId()).get();
val buildContext = SamlProfileBuilderContext.builder().samlRequest(getAuthnRequestFor(service)).httpRequest(new MockHttpServletRequest()).httpResponse(new MockHttpServletResponse()).authenticatedAssertion(getAssertion(Map.of("urn:oid:0.9.2342.19200300.100.1.1", "casuser", "urn:oid:2.5.4.20", "+13477465341", "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", "casuser-principal", "urn:oid:0.9.2342.19200300.100.1.3", "cas@example.org"))).registeredService(service).adaptor(adaptor).binding(SAMLConstants.SAML2_POST_BINDING_URI).build();
val statement = samlProfileSamlAttributeStatementBuilder.build(buildContext);
val attributes = statement.getAttributes();
assertFalse(attributes.isEmpty());
assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:0.9.2342.19200300.100.1.1") && a.getFriendlyName().equalsIgnoreCase("uid")));
assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:2.5.4.20") && a.getFriendlyName().equalsIgnoreCase("telephoneNumber")));
assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:1.3.6.1.4.1.5923.1.1.1.6") && a.getFriendlyName().equalsIgnoreCase("eduPersonPrincipalName")));
assertTrue(attributes.stream().anyMatch(a -> a.getName().equals("urn:oid:0.9.2342.19200300.100.1.3") && a.getFriendlyName().equalsIgnoreCase("email")));
}
Aggregations